Edit tour

Windows Analysis Report
140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg

Overview

General Information

Sample name:	140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
Analysis ID:	1501935
MD5:	0731171ed0d53d5d801520b2c006cec8
SHA1:	54ef81687635c8d28e13f2216d273535cf417af2
SHA256:	27d3b45a83d4c4c484877b1a4c30a0c46d92aaa9f0ebd4c9d6e94152b7543cf7
Infos:

Detection

AsyncRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected AsyncRAT

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Drops password protected ZIP file

Found direct / indirect Syscall (likely to bypass EDR)

Found hidden mapped module (file has been removed from disk)

Found many strings related to Crypto-Wallets (likely being stolen)

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to steal Mail credentials (via file registry)

Uses dynamic DNS services

Writes to foreign memory regions

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64_ra

msedge.exe (PID: 2844 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6976 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2004,i,1911348884404984880,14140193632857720476,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6880 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1104 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6492 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8132 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7360 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1508 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7772 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

rundll32.exe (PID: 5924 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

7zG.exe (PID: 7036 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\" -ad -an -ai#7zMap27937:184:7zEvent10880 MD5: 50F289DF0C19484E970849AAC4E6F977)

1 DEMANADA LABORAL.exe (PID: 5872 cmdline: "C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe" MD5: B841D408448F2A07F308CED1589E7673)

cmd.exe (PID: 3016 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSBuild.exe (PID: 3816 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Malware Configuration

Threatname: AsyncRAT

{"External_config_on_Pastebin": "null", "Server": "enviasept.duckdns.org", "Ports": "3030", "Version": "| CRACKED BY https://t.me/xworm_v2", "Autorun": "false", "Install_Folder": "S3RlN2NXRHI5dTFOUTFjcmxIcEN5dHZ1ZzBZUEJ0MjI=", "Install_File": "jlbDOiBVDKqvIoENinvBJKb/xTiE9tVgB7xumqwoxDSbWdxFuGdnX6JBvmgJf2+sapphOnwAVcPCCa2uxN9efJJNtm9jxM1aZ4vuMVN05gM=", "AES_key": "Kte7cWDr9u1NQ1crlHpCytvug0YPBt22", "Mutex": "TpjdGjQ6RGtnqjDE21eJ3bvbMDEq+bxszs9fy5t4EQslnoS3PLIIrOiwibNSvbtGMTBMp6/H1vcuvl3um9uQXem/bzEYCBPxaloM9HnmSm9FVwdtB5lbkD1Sk06w8qu+gQ0g05MAXOrrRMeX+RzkNC1nVLA2Cfzo4ZNyQjdHq3fh07R9mmh/djSQm5FrEiWTfgHfUf6Cr2Ufv1TTr1qPEpV6NBPGogs7Q3PuwkKUKYaO1BXgZbVkVbc4/s82G0pNXvCuxkW7HW/250wsRFPwNB8EYcPSzRNdULQRXwqRPL+dSRxlzgDzuiU3E1ViOBQRuilC+G7iG+mSCgzL7S4fWAyE5OvaGyZefRsXb0AneiziTCmt4h0rFDaIX8CM/YKK5QsH464Ik1VgH1RJv9U9O6EFBajm3a1P03o+C5kX4xcVHLXAlhuxKdUjr32oLhIWWXvM8c9tx0gZKzqX5RdsQT9S7ozkgrWKv80hdY2Bj3G6cUg/+BdjNl1/plbvi5cqI4JbsE3H/jnN1yjRlNuAPALYpZPPfr4gO6iM2CTYcaP4/MmIG/fl5PLbCViXX9AXmcRc0NNRT6is9QhW6BX2c+9Qr9RprFC1qi+PoP4HcqG7j8Qq2diZwzn97do6W8cH0DKyNIWXaP5YLKZyg2jyzLXCASesvxg6CL1ESEJUcNs=", "Certificate": "false", "ServerSignature": "false", "BDOS": "false", "Startup_Delay": "3", "Group": "null"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x14f9fbc:$x1: AsyncRAT 0x14f9ffa:$x1: AsyncRAT

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\vjjpgbbqs	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
C:\Users\user\AppData\Local\Temp\vjjpgbbqs	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Temp\vjjpgbbqs	Windows_Trojan_Asyncrat_11a11ba1	unknown	unknown	0xd118:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn " 0x10038:$a2: Stub.exe 0x100c8:$a2: Stub.exe 0x99b0:$a3: get_ActivatePong 0xd330:$a4: vmware 0xd1a8:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS 0xa8fd:$a6: get_SslClient
C:\Users\user\AppData\Local\Temp\vjjpgbbqs	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xd1aa:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\madHcNet32.dll	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\AppData\Roaming\rtw_Scan\madHcNet32.dll	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\mvrSettings32.dll	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\AppData\Roaming\rtw_Scan\mvrSettings32.dll	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 4 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x2b3b:$x1: AsyncRAT 0x2b79:$x1: AsyncRAT 0x873f:$x1: AsyncRAT 0x877d:$x1: AsyncRAT 0x8c43:$x1: AsyncRAT 0x8c81:$x1: AsyncRAT
0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Asyncrat_11a11ba1	unknown	unknown	0xd1e0:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn " 0x10100:$a2: Stub.exe 0x10190:$a2: Stub.exe 0x9a78:$a3: get_ActivatePong 0xd3f8:$a4: vmware 0xd270:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS 0xa9c5:$a6: get_SslClient
0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xd272:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0000001D.00000002.2425306055.0000000000944000.00000004.00000020.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x11581:$x1: AsyncRAT 0x15083:$x1: AsyncRAT 0x150c1:$x1: AsyncRAT 0x15d97:$x1: AsyncRAT 0x15dd5:$x1: AsyncRAT
0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp	Windows_Trojan_Asyncrat_11a11ba1	unknown	unknown	0xcf18:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn " 0x10238:$a2: Stub.exe 0x102c8:$a2: Stub.exe 0x97b0:$a3: get_ActivatePong 0xd130:$a4: vmware 0xcfa8:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS 0xa6fd:$a6: get_SslClient
0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xcfaa:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0000001D.00000002.2429415475.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x1e587:$x1: AsyncRAT 0x1e5c5:$x1: AsyncRAT
0000001A.00000000.2021155593.0000000000401000.00000020.00000001.01000000.00000008.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000001D.00000002.2425306055.00000000008FE000.00000004.00000020.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x38603:$x1: AsyncRAT 0x38641:$x1: AsyncRAT
0000001A.00000002.2085473047.000000004A601000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Process Memory Space: cmd.exe PID: 3016	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: cmd.exe PID: 3016	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x8f35:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Process Memory Space: MSBuild.exe PID: 3816	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: MSBuild.exe PID: 3816	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x44d21:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Process Memory Space: MSBuild.exe PID: 3816	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x3217:$x1: AsyncRAT 0x3249:$x1: AsyncRAT 0x3a11:$x1: AsyncRAT 0x3a24:$x1: AsyncRAT 0x17144:$x1: AsyncRAT 0x17176:$x1: AsyncRAT 0x26cb2:$x1: AsyncRAT 0x26ce4:$x1: AsyncRAT 0x3ac0c:$x1: AsyncRAT 0x3afba:$x1: AsyncRAT 0x44de7:$s6: VirtualBox 0x44d9a:$s8: Win32_ComputerSystem 0x4dd14:$s8: Win32_ComputerSystem 0x4ddca:$s8: Win32_ComputerSystem
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
29.2.MSBuild.exe.340000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
29.2.MSBuild.exe.340000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
29.2.MSBuild.exe.340000.0.unpack	Windows_Trojan_Asyncrat_11a11ba1	unknown	unknown	0xd118:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn " 0x10038:$a2: Stub.exe 0x100c8:$a2: Stub.exe 0x99b0:$a3: get_ActivatePong 0xd330:$a4: vmware 0xd1a8:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS 0xa8fd:$a6: get_SslClient
29.2.MSBuild.exe.340000.0.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xd1aa:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
27.2.cmd.exe.60c00c8.6.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
27.2.cmd.exe.60c00c8.6.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
27.2.cmd.exe.60c00c8.6.raw.unpack	Windows_Trojan_Asyncrat_11a11ba1	unknown	unknown	0xd118:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn " 0x10038:$a2: Stub.exe 0x100c8:$a2: Stub.exe 0x99b0:$a3: get_ActivatePong 0xd330:$a4: vmware 0xd1a8:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS 0xa8fd:$a6: get_SslClient
27.2.cmd.exe.60c00c8.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xd1aa:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
27.2.cmd.exe.60c00c8.6.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
27.2.cmd.exe.60c00c8.6.unpack	Windows_Trojan_Asyncrat_11a11ba1	unknown	unknown	0xb318:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn " 0xe238:$a2: Stub.exe 0xe2c8:$a2: Stub.exe 0x7bb0:$a3: get_ActivatePong 0xb530:$a4: vmware 0xb3a8:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS 0x8afd:$a6: get_SslClient
27.2.cmd.exe.60c00c8.6.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xb3aa:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
26.2.1 DEMANADA LABORAL.exe.4a600000.9.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
26.2.1 DEMANADA LABORAL.exe.d60000.1.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
26.0.1 DEMANADA LABORAL.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 9 entries

Suricata Signatures

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) - Source IP: 181.235.3.0 - Destination IP: 192.168.2.16

Timestamp:	2024-08-30T19:07:48.325635+0200
SID:	2842478
Severity:	1
Source Port:	3030
Destination Port:	49988
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) - Source IP: 181.235.3.0 - Destination IP: 192.168.2.16

Timestamp:	2024-08-30T19:07:48.325635+0200
SID:	2030673
Severity:	1
Source Port:	3030
Destination Port:	49988
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Generic AsyncRAT Style SSL Cert - Source IP: 181.235.3.0 - Destination IP: 192.168.2.16

Timestamp:	2024-08-30T19:07:48.325635+0200
SID:	2035595
Severity:	1
Source Port:	3030
Destination Port:	49988
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) - Source IP: 181.235.3.0 - Destination IP: 192.168.2.16

Timestamp:	2024-08-30T19:07:48.325635+0200
SID:	2035607
Severity:	1
Source Port:	3030
Destination Port:	49988
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: AsyncRAT {"External_config_on_Pastebin": "null", "Server": "enviasept.duckdns.org", "Ports": "3030", "Version": "| CRACKED BY https://t.me/xworm_v2", "Autorun": "false", "Install_Folder": "S3RlN2NXRHI5dTFOUTFjcmxIcEN5dHZ1ZzBZUEJ0MjI=", "Install_File": "jlbDOiBVDKqvIoENinvBJKb/xTiE9tVgB7xumqwoxDSbWdxFuGdnX6JBvmgJf2+sapphOnwAVcPCCa2uxN9efJJNtm9jxM1aZ4vuMVN05gM=", "AES_key": "Kte7cWDr9u1NQ1crlHpCytvug0YPBt22", "Mutex": "TpjdGjQ6RGtnqjDE21eJ3bvbMDEq+bxszs9fy5t4EQslnoS3PLIIrOiwibNSvbtGMTBMp6/H1vcuvl3um9uQXem/bzEYCBPxaloM9HnmSm9FVwdtB5lbkD1Sk06w8qu+gQ0g05MAXOrrRMeX+RzkNC1nVLA2Cfzo4ZNyQjdHq3fh07R9mmh/djSQm5FrEiWTfgHfUf6Cr2Ufv1TTr1qPEpV6NBPGogs7Q3PuwkKUKYaO1BXgZbVkVbc4/s82G0pNXvCuxkW7HW/250wsRFPwNB8EYcPSzRNdULQRXwqRPL+dSRxlzgDzuiU3E1ViOBQRuilC+G7iG+mSCgzL7S4fWAyE5OvaGyZefRsXb0AneiziTCmt4h0rFDaIX8CM/YKK5QsH464Ik1VgH1RJv9U9O6EFBajm3a1P03o+C5kX4xcVHLXAlhuxKdUjr32oLhIWWXvM8c9tx0gZKzqX5RdsQT9S7ozkgrWKv80hdY2Bj3G6cUg/+BdjNl1/plbvi5cqI4JbsE3H/jnN1yjRlNuAPALYpZPPfr4gO6iM2CTYcaP4/MmIG/fl5PLbCViXX9AXmcRc0NNRT6is9QhW6BX2c+9Qr9RprFC1qi+PoP4HcqG7j8Qq2diZwzn97do6W8cH0DKyNIWXaP5YLKZyg2jyzLXCASesvxg6CL1ESEJUcNs=", "Certificate": "false", "ServerSignature": "false", "BDOS": "false", "Startup_Delay": "3", "Group": "null"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs

ReversingLabs: Detection: 78%

Source:	Binary string: wntdll.pdbUGP source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2083756601.0000000003B50000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082809548.00000000037FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2083756601.0000000003B50000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082809548.00000000037FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Projects\WinRAR\rar\build\unrardll32\Release\UnRAR.pdb source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2086403361.0000000073D9E000.00000002.00000001.01000000.0000000A.sdmp, unrar.dll.26.dr

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D6A57C FindFirstFileW,FindClose,	26_2_00D6A57C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DE6618 GetVersion,GetUserNameW,GetUserNameA,GetVersion,GetVersion,GetModuleHandleW,GetWindowsDirectoryA,GetCurrentProcessId,GetVersion,GetCommandLineW,GetCommandLineA,GetModuleHandleW,GetVersion,FindFirstFileW,FindFirstFileA,FindClose,GetModuleHandleW,GetModuleHandleW,	26_2_00DE6618
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DB293C GetVersion,GetFileAttributesW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,GetFileAttributesA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	26_2_00DB293C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D74BE8 FindFirstFileA,FindClose,	26_2_00D74BE8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D8AB24 GetVersion,FindFirstFileA,FindFirstFileW,FindClose,	26_2_00D8AB24
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D8AC24 GetVersion,FindFirstFileA,FindFirstFileW,FindClose,	26_2_00D8AC24
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D88E9C GetVersion,FindFirstFileA,FindFirstFileW,FindClose,	26_2_00D88E9C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D74EA0 GetVersion,FindFirstFileW,FindClose,	26_2_00D74EA0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D751B4 FindFirstFileA,FindClose,	26_2_00D751B4
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DC32D0 GetVersion,FindFirstFileW,FindFirstFileA,FindClose,	26_2_00DC32D0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D75460 GetVersion,FindFirstFileW,FindClose,	26_2_00D75460
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D69FB0 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	26_2_00D69FB0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 181.235.3.0:3030 -> 192.168.2.16:49988
Source: Network traffic	Suricata IDS: 2030673 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 181.235.3.0:3030 -> 192.168.2.16:49988
Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 181.235.3.0:3030 -> 192.168.2.16:49988
Source: Network traffic	Suricata IDS: 2035607 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) : 181.235.3.0:3030 -> 192.168.2.16:49988

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: enviasept.duckdns.org

Uses dynamic DNS services

Source: unknown

DNS query: name: enviasept.duckdns.org

Yara detected Generic Downloader

Source: Yara match	File source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED

Source: global traffic

TCP traffic: 192.168.2.16:49988 -> 181.235.3.0:3030

Source: Joe Sandbox View	IP Address: 206.168.190.239 206.168.190.239
Source: Joe Sandbox View	IP Address: 13.107.246.64 13.107.246.64
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725642355&P2=404&P3=2&P4=CzW9%2f7XJJfdozRLr7mPNPKGHA2mKupVjHXqUY%2b9ldeUh4cR7DxQV3xYWv2HUu2%2fEnPqXCGckOty%2f18FhCFGiqA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: Rh74H+8DIzBRr3vjTwywZaSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2132659&form=MT004A&OCID=MT004A HTTP/1.1Host: go.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=MT00LJ HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2132659&form=MT004A&OCID=MT004A HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=MT00LJ HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ng HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en-gb/edge/welcome?ep=0&es=139&form=MT00LJ HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ngAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: NID=517=LtsArCytBiwAD9VVJEXlIlr_UQ0jYEIbEDUXZ4lWg_cVRWXCgtsjooyIoueHoMZ9bNf_13biGQn4-dEiSKCB1-xHZcj6nlg8x4b1mbY8_gpITjTdSaNv2qh4i8ssS3D32wiNgIPnRD1fT5cl1L4SlsPZgqJiVgPcc7WGjAtY7aEzv5KsSwjZ2Q
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 435X-UDSD-Features: udscomseaodp,Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 197Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/930c813.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/6905b6f.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/f0e85b6.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-%20JUZGADO%2002%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.zip HTTP/1.1Host: store9.gofile.ioConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/e850146.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/1cfb7d6.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/e71f445.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/63e3356.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/27610ae.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/1a34b6b.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1726Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiMmNVa1pyd29xVjkxTFhrRm8vNU9FQT09IiwgImhhc2giOiJQYlArNHZOeFJhZz0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1726Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiMmdhVFBSTUp4UVNmV3ZpMEVtaVp3dz09IiwgImhhc2giOiJORUJvUFlRcEJraz0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/download/3 HTTP/1.1Host: dl-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1741Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiY0pPNlFMVStBcnVUTGxnOE9VYWpsQT09IiwgImhhc2giOiJTWWhzbUNDVVZvOD0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/download/3 HTTP/1.1Host: dl-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1741Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSjVacEdUMkhYNzUxSk84M0FMQjJ4Zz09IiwgImhhc2giOiJJc08yeDc1eGEwYz0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/848e665.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/2097fe5.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/a0bd3a0.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/toptraffic/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1121Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiTkV1TTAyRlEyWVI5ZkZMNTgwUTVUUT09IiwgImhhc2giOiJORDZ0V253MGt3ST0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "170540185939602997400506234197983529371"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1121Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiTkV1TTAyRlEyWVI5ZkZMNTgwUTVUUT09IiwgImhhc2giOiJORDZ0V253MGt3ST0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "636976985063396749.rel.v2"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1121Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiTkV1TTAyRlEyWVI5ZkZMNTgwUTVUUT09IiwgImhhc2giOiJORDZ0V253MGt3ST0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/e3032ae.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/3b37526.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/a721aec.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/1790fce.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display.5c8aa5a.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/e850146.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-semibold.b7bb141.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/e850146.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-left.0af059d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-right.96b564d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-dropdown.8618950.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-qr.44414bd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-link.baf5bd6.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/a926dfb77e1c47b681a4bb8d5ea16ced.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /dmp/up/pixie.js HTTP/1.1Host: acdn.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-centered-play.83de069.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1579Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiQjdiaDNWNXh0UWk2MG93bzJ1UUNDQT09IiwgImhhc2giOiJ3cWZKdXFQbzlrTT0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1093Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiaHFTcElqbms3b2NGRUY5dVBwMllVUT09IiwgImhhc2giOiJTS3RQWXkyVVhUMD0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/edvmnysmkk HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1594Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSFVTemkxd1RqS3k2VU1vd3AvZDZwUT09IiwgImhhc2giOiJyOEhhclFPZ3BnMD0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre?hl=en-us&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1Host: snap.licdn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1156Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiNXVweTYzMVowdGVZTGR2ZlY0UGVvUT09IiwgImhhc2giOiI5bkF1MFZEcFhYOD0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/cea0e14e0ec44c1a9e8b92a6715ef1c1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-video-posters/afc91b8a64c1488bb548ab02e4d76908.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/166ba0e92d8b4ad0b18bdf3455bfce5c.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-ba29222d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/935d5e3b261649808ca8fbeb888a5d63.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d0ec2dcd.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2068e415cbe2442b82f2fba24ee0c202.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-b83114d1.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-ba29222d.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-timeOrigin: https://www.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-browser.b02edf1.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /louserzed-strings/en-gb/strings.json?v=6c6e9856f9 HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/settings/flags?gl=US&hl=en-us&sessionId= HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: db2c8457ef6ae807db500c0199cc06898be1b23d3cd9b3206a65b7c81f4185f0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/Products/ZeroStateSearch?gl=US&hl=en-us HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: ebe1c0636328a720580a52e74af985ddefbb0609f391016b633be0072e31e7fcsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /pixie?e=LandingPage&pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd&it=1725037594300&v=0.0.38&u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&st=1725037594300&et=1725037595842&if=0 HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 953sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037598555sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.18User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: use-collector-deltacontent-type: application/x-json-streamcache-control: no-cache, no-storeapikey: 6071a635faa9495f9a5e79641fcee35e-eecc90fc-dd86-4371-a263-8ec1ec7d9d06-6609Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-arrow.e9317cd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/38c8c879d3854390897db9c4b7f3a682.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/inyago70pn HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-web-9ad09b9c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d
Source: global traffic	HTTP traffic detected: GET /s/0.7.45/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /p/action/355008692.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 4474sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037600551sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.18User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: 2552content-type: application/x-json-streamcache-control: no-cache, no-storeapikey: 6071a635faa9495f9a5e79641fcee35e-eecc90fc-dd86-4371-a263-8ec1ec7d9d06-6609Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
Source: global traffic	HTTP traffic detected: GET /assets/js/InstrumentHooks-cd565348.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-core-js-9783d46c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-GB&sw=1280&sh=1024&sc=24&tl=Welcome%20to%20Microsoft%20Edge&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&r=&lt=12430&evt=pageLoad&sv=1&cdb=AQAA&rn=74803 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/Index-cbed7ffc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-ba29222d.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703
Source: global traffic	HTTP traffic detected: POST /collect HTTP/1.1Host: t.clarity.msConnection: keep-aliveContent-Length: 509sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/x-clarity-gzipsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Screenwidth-1280&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=839733 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/edgefre-60438f27.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Screenheight-1024&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=272368 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=1560A2A6E1256FE32E35B64DE00C6E2C; MR=0
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Pixelratio-1&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=813000 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MR=0; MUID=3A07D7FE513F607F01ECC3155058616C
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-82425338.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Action-Firstslide-AiIntro&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=56903 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MR=0; MUID=3A07D7FE513F607F01ECC3155058616C; MSPTC=n8AjF0IQd-VYxJJ_GtD_9s0wbPaEGWX4g0tqcDl9280
Source: global traffic	HTTP traffic detected: GET /assets/js/repeat-cd8983df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1725037596734%26li_adsId%3D078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fep%253D0%2526es%253D139%2526form%253DMT00LJ%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1Host: www.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
Source: global traffic	HTTP traffic detected: GET /tag/uet/355008692?insights=1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /tr/?id=1770559986549030&ev=PageView&dl=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&rl=&if=false&ts=1725037601867&sw=1280&sh=1024&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725037601863.431589390354711508&cs_est=true&ler=empty&it=1725037596688&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.5IDXW3BB-47ef1dc4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true&liSync=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
Source: global traffic	HTTP traffic detected: GET /assets/js/auto-complete-app-search-4c745443.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: POST /wa/ HTTP/1.1Host: px.ads.linkedin.comConnection: keep-aliveContent-Length: 387sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: *Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.W3CH77FZ-5cd86aed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/style-map-64223e1f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.5SKBN5CP-54fd1c52.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.DBG7W4GS-2e2eab4a.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: POST /collect HTTP/1.1Host: t.clarity.msConnection: keep-aliveContent-Length: 225sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/x-clarity-gzipsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS //v2/track HTTP/1.1Host: northcentralus-0.in.applicationinsights.azure.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeOrigin: https://apps.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/css-function-c51f2c96.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/image-helper-554340db.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: POST //v2/track HTTP/1.1Host: northcentralus-0.in.applicationinsights.azure.comConnection: keep-aliveContent-Length: 1479sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-type: application/jsonAccept: /Origin: https://apps.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/prefers-themes-observer-d1f54912.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/nav-bar-1456f65b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.LHI6QEL2-5a70397d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-types-62834e09.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /s/0.7.45/clarity-extended.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /image/apps.8453.13655054093851568.4a371b72-2ce8-4bdb-9d83-be49894d3fa0.7f3687b9-847d-4f86-bb5c-c73259e2b38e?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/icons/download-psi.svg HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"traceparent: 00-b3e13c429bf74708be9190328c1fd52b-dd2dc3aae25742db-01request-id: \|b3e13c429bf74708be9190328c1fd52b.dd2dc3aae25742dbsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read%20offline_access%20openid%20profile&redirect_uri=https%3A%2F%2Fapps.microsoft.com%2F&client-request-id=0191a440-ffb4-7fd7-8182-8d57de1cdfd3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.18.0&client_info=1&code_challenge=-orWUC_L9xsS7eYspw2pjVAM1rQW6ZMjMhHbe_4U_aM&code_challenge_method=S256&prompt=none&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.56161.9007199266246365.1d5a6a53-3c49-4f80-95d7-78d76b0e05d0.a3e87fea-e03e-4c0a-8f26-9ecef205fa7b?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.25776.14473651905739879.c2c2c20a-48ca-4b7a-a0c5-392cddcd557e.dbe766f0-50a3-4270-957c-d06415f86f39?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.10546.13571498826857201.6603a5e2-631f-4f29-9b08-f96589723808.dc893fe0-ecbc-4846-9ac6-b13886604095?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&prompt=none&code_challenge=7FOjGIcI9_3UpJr9PTrahlZhI82GCQQ26C8UG6mV_Lo&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=0191a440ffb47fd781828d57de1cdfd3&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAAApTwJmzXqdR4BN2miheQMYaUYLua5HApSJgOA3v203QMS5RWG0eDtIKt1wc826y737UuAYNMllZodKIirWf7EZnJYFoNm_OVPgN0e4DWBjspf4eb1X8COPF89sAe3U05vAeqYgXqiicodVGdgqt-76eH6XObx1JWCI0lbqBGTm6YQj20ovjggjunIhuslv4YBUtaqsue4bNz_40z7HuuCUdQ-wd8Yo6Iz3a0hPjkOoSiAA&jshs=0 HTTP/1.1Host: login.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: DIDC=ct%3D1725037610%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C538_BL2.0.D.CljBpfSA/pc2r4wNwU7ONRRLiFVuKQNpoiFdf/hDEmKBewo37GmSZ8l/JnKgULOS0aJpLF8eddzSBITEYej0/0Z3rrnLbNNm2IbTgDE5GPm/DfTtL2efF8P9ZKelg8RRfCj/FxqtWt7gMagFvQbAaxZXqW3LVURm/TQJgEw0mflZs7lcdEajgoAcaiBYgGH436gmntDAsgX4utEI/cj8zvkUhqi8syR5mPi14DTtJKPXSvtXymcdUQ98iiMjQCqBqNjLEBcpiHgHCk%252BZ%252BFJ7AuVPGHmURWeeDm2yk%252BKbVBmv9K3SsnLobEbIz/s4Dq/oOw7U6AJm/0ljQNewhz5DuwpVYMeGpFPwVWBm436XXKTIO1gUNN7re5QlA84nSlm2smeWS4Q/FfK1DnpJcwvBfzrYinJu3iyp39UWDKC/neQTMezR1j3bg9KPyzZSl5Y0tFPN%252BklBZzx9s4VY4sjoVXBDL7MS9Gk5FX30lfUbxExO5aNN2Hnf1kJ4GH7c6XQAnQ%253D%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DYs2dBFiZsCKxmW7lDKZMc4UVgDFvtlEe%26hash%3D6cGv7nMR66FXLhPReVyb2dXLKXdH9PBojcSmzQmsy8k%253D%26dd%3D1;DIDCL=ct%3D1725037610%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26
Source: global traffic	HTTP traffic detected: GET /image/apps.54470.14618985536919905.3e754390-a812-43d7-87fc-335159cd867b.ec54d0b7-04d6-4255-8ece-582db2dd0885?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-timeOrigin: https://apps.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.4211.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.462d07a1-732f-40d7-acd3-370f7b96ba1a?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /collect HTTP/1.1Host: t.clarity.msConnection: keep-aliveContent-Length: 512sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/x-clarity-gzipsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Origin: https://apps.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1951Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiajVwV2puM29mNlJZd2tWOGc2QkNVUT09IiwgImhhc2giOiI5OUMvVCtIZU50OD0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /image/apps.62962.14205055896346606.c235e3d6-fbce-45bb-9051-4be6c2ecba8f.28d7c3cb-0c64-40dc-9f24-53326f80a6dd?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 809sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037610541sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.14User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: use-collector-deltacontent-type: application/x-json-streamcache-control: no-cache, no-storeapikey: be61a02d4c674edfb65d61bd30fb65d5-ee4b86c1-d9a7-4f97-8d4b-124dd301b180-7729Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://apps.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source&w=75 HTTP/1.1Host: images-eds-ssl.xboxlive.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/navigate/3 HTTP/1.1Host: nav-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 1966Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiS0ZJSEYrdUZLZXZlZU1NNE92RFBxdz09IiwgImhhc2giOiJqbGpweG5nL2w0UT0ifQ==Content-Type: application/json; charset=utf-8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /?hl=en-gb&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /image/apps.54640.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c20ffb74-ff9e-4d63-863a-94619399973d?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.38688.14208673485779370.88f23073-7e41-4921-aef9-76103983bd31.b60041cf-415f-4dfd-9be3-5a192bb69677?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST //v2/track HTTP/1.1Host: northcentralus-0.in.applicationinsights.azure.comConnection: keep-aliveContent-Length: 3971sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-type: application/jsonAccept: /Origin: https://apps.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /welcome/static/favicon.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=ED41034D1DB44301A6900524774275E5&RedC=c.clarity.ms&MXFR=23FEE50BA26F6945042EF1E0A66F679D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=3A07D7FE513F607F01ECC3155058616C; MSPTC=kplYPmvJd3U0GW8AdtrLaBOsc2CphFp9Yx0KXb7YXyA
Source: global traffic	HTTP traffic detected: GET /assets/js/_commonjsHelpers-39b5b250.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=ED41034D1DB44301A6900524774275E5&MUID=3A07D7FE513F607F01ECC3155058616C HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: SM=T; MUID=23FEE50BA26F6945042EF1E0A66F679D
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 1131sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037615539sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.14User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: 2340content-type: application/x-json-streamcache-control: no-cache, no-storeapikey: be61a02d4c674edfb65d61bd30fb65d5-ee4b86c1-d9a7-4f97-8d4b-124dd301b180-7729Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://apps.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/about-49206f29.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D8066933817c14dd4b95ec0f14ae2f52e%26HASH%3D8066%26LV%3D202408%26V%3D4%26LU%3D1725037601107&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveAccept: /Access-Control-Request-Method: POSTAccess-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-timeOrigin: https://www.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 1026sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037616544sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.14User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: 2340content-type: application/x-json-streamcache-control: no-cache, no-storeapikey: be61a02d4c674edfb65d61bd30fb65d5-ee4b86c1-d9a7-4f97-8d4b-124dd301b180-7729Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://apps.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: POST /collect HTTP/1.1Host: t.clarity.msConnection: keep-aliveContent-Length: 323sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/x-clarity-gzipsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Origin: https://apps.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=3A07D7FE513F607F01ECC3155058616C
Source: global traffic	HTTP traffic detected: POST /collect HTTP/1.1Host: t.clarity.msConnection: keep-aliveContent-Length: 347sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/x-clarity-gzipsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=3A07D7FE513F607F01ECC3155058616C
Source: global traffic	HTTP traffic detected: GET /assets/js/additional-info-2762dddf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D8066933817c14dd4b95ec0f14ae2f52e%26HASH%3D8066%26LV%3D202408%26V%3D4%26LU%3D1725037601107&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 1312sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037616542sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.18User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: 2552content-type: application/x-json-streamcache-control: no-cache, no-storeapikey: 6071a635faa9495f9a5e79641fcee35e-eecc90fc-dd86-4371-a263-8ec1ec7d9d06-6609Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D8066933817c14dd4b95ec0f14ae2f52e%26HASH%3D8066%26LV%3D202408%26V%3D4%26LU%3D1725037601107&w=0 HTTP/1.1Host: browser.events.data.microsoft.comConnection: keep-aliveContent-Length: 1202sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"upload-time: 1725037617549sec-ch-ua-mobile: ?0client-version: 1DS-Web-JS-3.2.18User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47time-delta-to-apply-millis: 2552content-type: application/x-json-streamcache-control: no-cache, no-storeapikey: 6071a635faa9495f9a5e79641fcee35e-eecc90fc-dd86-4371-a263-8ec1ec7d9d06-6609Client-Id: NO_AUTHsec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/alert-service-4827c2c7.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/app-badge-838869cd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/apps-7839ff2a.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/auth-control-2a662980.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.BS5AOUMT-ae6fbe28.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.CFNN54QE-4914c023.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.F5JVBNK3-59205cd6.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.LXDTFLWU-e9d178e0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.Q7QMGYJL-ed7cffed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.WYDJ5QAQ-4914e406.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.YVAJSRTS-419ce8b3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-group-c7c6868b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-reel-group-60537717.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-browse-7499b333.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-ef9f4748.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-test-cd376c0c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/color-worker-bb651d13.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/component-telemetry-ids-1cd590aa.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.all.min-f4f61554.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.mss.min-9e6d10cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/editorial-85a6e968.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/error-1bd96987.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/filter-menu.styles-a46b4121.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-demo-92dc42ac.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-helper-712a32df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/footer-menu-8c8a802d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/gaming-83f7daa4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/header-693391b3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/home-c63a3e3a.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d961e0b8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/info-card-451bf192.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/info-panel-13764d50.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/language-selector-dialog-d6ff6e65.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/movies-1ab6b718.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/not-found-0d16d369.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/paged-list-9d05219d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-5ea683cf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-tester-9765524f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-renderer-391a73d9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/product-details-e585d43e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/product-review-b5e25830.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/promo-panel-7ed8d423.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-list-9e191603.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-summary-7b16a8f9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/related-products-3bf90db8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/report-dialog-dd665b1d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-ca417f66.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-publisher-87cc9aa8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/spacing.styles-c8db4407.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-control-d2911a7e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/system-requirements-76f59092.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/trending-collection-c47718a3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/video-player-6a061217.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/visual-info-panel-75343338.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/wide-info-card-b3c1ba4c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /baidu_verify_codeva-7XwzFsIV37.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /bing-bat.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /color-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DCAAE0 socket,bind,htons,sendto,select,recvfrom,closesocket,

26_2_00DCAAE0

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725642355&P2=404&P3=2&P4=CzW9%2f7XJJfdozRLr7mPNPKGHA2mKupVjHXqUY%2b9ldeUh4cR7DxQV3xYWv2HUu2%2fEnPqXCGckOty%2f18FhCFGiqA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: Rh74H+8DIzBRr3vjTwywZaSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2132659&form=MT004A&OCID=MT004A HTTP/1.1Host: go.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=MT00LJ HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2132659&form=MT004A&OCID=MT004A HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=MT00LJ HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ng HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en-gb/edge/welcome?ep=0&es=139&form=MT00LJ HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ngAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: NID=517=LtsArCytBiwAD9VVJEXlIlr_UQ0jYEIbEDUXZ4lWg_cVRWXCgtsjooyIoueHoMZ9bNf_13biGQn4-dEiSKCB1-xHZcj6nlg8x4b1mbY8_gpITjTdSaNv2qh4i8ssS3D32wiNgIPnRD1fT5cl1L4SlsPZgqJiVgPcc7WGjAtY7aEzv5KsSwjZ2Q
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/930c813.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/6905b6f.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/f0e85b6.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-%20JUZGADO%2002%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.zip HTTP/1.1Host: store9.gofile.ioConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/e850146.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/1cfb7d6.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/e71f445.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/63e3356.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/27610ae.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/1a34b6b.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/848e665.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/2097fe5.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/a0bd3a0.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/e3032ae.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/3b37526.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/a721aec.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/1790fce.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display.5c8aa5a.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/e850146.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-semibold.b7bb141.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/e850146.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-left.0af059d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-right.96b564d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-dropdown.8618950.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-qr.44414bd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-link.baf5bd6.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/a926dfb77e1c47b681a4bb8d5ea16ced.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /dmp/up/pixie.js HTTP/1.1Host: acdn.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-centered-play.83de069.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/edvmnysmkk HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre?hl=en-us&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1Host: snap.licdn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/cea0e14e0ec44c1a9e8b92a6715ef1c1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-video-posters/afc91b8a64c1488bb548ab02e4d76908.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/166ba0e92d8b4ad0b18bdf3455bfce5c.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-ba29222d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/935d5e3b261649808ca8fbeb888a5d63.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d0ec2dcd.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2068e415cbe2442b82f2fba24ee0c202.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-b83114d1.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-ba29222d.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-browser.b02edf1.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /louserzed-strings/en-gb/strings.json?v=6c6e9856f9 HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/settings/flags?gl=US&hl=en-us&sessionId= HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: db2c8457ef6ae807db500c0199cc06898be1b23d3cd9b3206a65b7c81f4185f0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/Products/ZeroStateSearch?gl=US&hl=en-us HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: ebe1c0636328a720580a52e74af985ddefbb0609f391016b633be0072e31e7fcsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /pixie?e=LandingPage&pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd&it=1725037594300&v=0.0.38&u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&st=1725037594300&et=1725037595842&if=0 HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-arrow.e9317cd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/38c8c879d3854390897db9c4b7f3a682.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/inyago70pn HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-web-9ad09b9c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d
Source: global traffic	HTTP traffic detected: GET /s/0.7.45/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /p/action/355008692.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/InstrumentHooks-cd565348.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-core-js-9783d46c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-GB&sw=1280&sh=1024&sc=24&tl=Welcome%20to%20Microsoft%20Edge&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&r=&lt=12430&evt=pageLoad&sv=1&cdb=AQAA&rn=74803 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/Index-cbed7ffc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-ba29222d.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Screenwidth-1280&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=839733 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/edgefre-60438f27.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Screenheight-1024&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=272368 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=1560A2A6E1256FE32E35B64DE00C6E2C; MR=0
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Pixelratio-1&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=813000 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MR=0; MUID=3A07D7FE513F607F01ECC3155058616C
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-82425338.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Action-Firstslide-AiIntro&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=56903 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MR=0; MUID=3A07D7FE513F607F01ECC3155058616C; MSPTC=n8AjF0IQd-VYxJJ_GtD_9s0wbPaEGWX4g0tqcDl9280
Source: global traffic	HTTP traffic detected: GET /assets/js/repeat-cd8983df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1725037596734%26li_adsId%3D078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fep%253D0%2526es%253D139%2526form%253DMT00LJ%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1Host: www.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
Source: global traffic	HTTP traffic detected: GET /tag/uet/355008692?insights=1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /tr/?id=1770559986549030&ev=PageView&dl=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&rl=&if=false&ts=1725037601867&sw=1280&sh=1024&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725037601863.431589390354711508&cs_est=true&ler=empty&it=1725037596688&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.5IDXW3BB-47ef1dc4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true&liSync=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
Source: global traffic	HTTP traffic detected: GET /assets/js/auto-complete-app-search-4c745443.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.W3CH77FZ-5cd86aed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/style-map-64223e1f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.5SKBN5CP-54fd1c52.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.DBG7W4GS-2e2eab4a.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/css-function-c51f2c96.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/image-helper-554340db.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/prefers-themes-observer-d1f54912.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/nav-bar-1456f65b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.LHI6QEL2-5a70397d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-types-62834e09.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /s/0.7.45/clarity-extended.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
Source: global traffic	HTTP traffic detected: GET /image/apps.8453.13655054093851568.4a371b72-2ce8-4bdb-9d83-be49894d3fa0.7f3687b9-847d-4f86-bb5c-c73259e2b38e?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/icons/download-psi.svg HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"traceparent: 00-b3e13c429bf74708be9190328c1fd52b-dd2dc3aae25742db-01request-id: \|b3e13c429bf74708be9190328c1fd52b.dd2dc3aae25742dbsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read%20offline_access%20openid%20profile&redirect_uri=https%3A%2F%2Fapps.microsoft.com%2F&client-request-id=0191a440-ffb4-7fd7-8182-8d57de1cdfd3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.18.0&client_info=1&code_challenge=-orWUC_L9xsS7eYspw2pjVAM1rQW6ZMjMhHbe_4U_aM&code_challenge_method=S256&prompt=none&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.56161.9007199266246365.1d5a6a53-3c49-4f80-95d7-78d76b0e05d0.a3e87fea-e03e-4c0a-8f26-9ecef205fa7b?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.25776.14473651905739879.c2c2c20a-48ca-4b7a-a0c5-392cddcd557e.dbe766f0-50a3-4270-957c-d06415f86f39?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.10546.13571498826857201.6603a5e2-631f-4f29-9b08-f96589723808.dc893fe0-ecbc-4846-9ac6-b13886604095?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&prompt=none&code_challenge=7FOjGIcI9_3UpJr9PTrahlZhI82GCQQ26C8UG6mV_Lo&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=0191a440ffb47fd781828d57de1cdfd3&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAAApTwJmzXqdR4BN2miheQMYaUYLua5HApSJgOA3v203QMS5RWG0eDtIKt1wc826y737UuAYNMllZodKIirWf7EZnJYFoNm_OVPgN0e4DWBjspf4eb1X8COPF89sAe3U05vAeqYgXqiicodVGdgqt-76eH6XObx1JWCI0lbqBGTm6YQj20ovjggjunIhuslv4YBUtaqsue4bNz_40z7HuuCUdQ-wd8Yo6Iz3a0hPjkOoSiAA&jshs=0 HTTP/1.1Host: login.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: DIDC=ct%3D1725037610%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C538_BL2.0.D.CljBpfSA/pc2r4wNwU7ONRRLiFVuKQNpoiFdf/hDEmKBewo37GmSZ8l/JnKgULOS0aJpLF8eddzSBITEYej0/0Z3rrnLbNNm2IbTgDE5GPm/DfTtL2efF8P9ZKelg8RRfCj/FxqtWt7gMagFvQbAaxZXqW3LVURm/TQJgEw0mflZs7lcdEajgoAcaiBYgGH436gmntDAsgX4utEI/cj8zvkUhqi8syR5mPi14DTtJKPXSvtXymcdUQ98iiMjQCqBqNjLEBcpiHgHCk%252BZ%252BFJ7AuVPGHmURWeeDm2yk%252BKbVBmv9K3SsnLobEbIz/s4Dq/oOw7U6AJm/0ljQNewhz5DuwpVYMeGpFPwVWBm436XXKTIO1gUNN7re5QlA84nSlm2smeWS4Q/FfK1DnpJcwvBfzrYinJu3iyp39UWDKC/neQTMezR1j3bg9KPyzZSl5Y0tFPN%252BklBZzx9s4VY4sjoVXBDL7MS9Gk5FX30lfUbxExO5aNN2Hnf1kJ4GH7c6XQAnQ%253D%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3DYs2dBFiZsCKxmW7lDKZMc4UVgDFvtlEe%26hash%3D6cGv7nMR66FXLhPReVyb2dXLKXdH9PBojcSmzQmsy8k%253D%26dd%3D1;DIDCL=ct%3D1725037610%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26
Source: global traffic	HTTP traffic detected: GET /image/apps.54470.14618985536919905.3e754390-a812-43d7-87fc-335159cd867b.ec54d0b7-04d6-4255-8ece-582db2dd0885?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.4211.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.462d07a1-732f-40d7-acd3-370f7b96ba1a?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /image/apps.62962.14205055896346606.c235e3d6-fbce-45bb-9051-4be6c2ecba8f.28d7c3cb-0c64-40dc-9f24-53326f80a6dd?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source&w=75 HTTP/1.1Host: images-eds-ssl.xboxlive.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /?hl=en-gb&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /image/apps.54640.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c20ffb74-ff9e-4d63-863a-94619399973d?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.38688.14208673485779370.88f23073-7e41-4921-aef9-76103983bd31.b60041cf-415f-4dfd-9be3-5a192bb69677?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /welcome/static/favicon.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=ED41034D1DB44301A6900524774275E5&RedC=c.clarity.ms&MXFR=23FEE50BA26F6945042EF1E0A66F679D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=3A07D7FE513F607F01ECC3155058616C; MSPTC=kplYPmvJd3U0GW8AdtrLaBOsc2CphFp9Yx0KXb7YXyA
Source: global traffic	HTTP traffic detected: GET /assets/js/_commonjsHelpers-39b5b250.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=ED41034D1DB44301A6900524774275E5&MUID=3A07D7FE513F607F01ECC3155058616C HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: SM=T; MUID=23FEE50BA26F6945042EF1E0A66F679D
Source: global traffic	HTTP traffic detected: GET /assets/js/about-49206f29.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/additional-info-2762dddf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/alert-service-4827c2c7.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/app-badge-838869cd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/apps-7839ff2a.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/auth-control-2a662980.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.BS5AOUMT-ae6fbe28.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.CFNN54QE-4914c023.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.F5JVBNK3-59205cd6.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.LXDTFLWU-e9d178e0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.Q7QMGYJL-ed7cffed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.WYDJ5QAQ-4914e406.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/chunk.YVAJSRTS-419ce8b3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-group-c7c6868b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-reel-group-60537717.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-browse-7499b333.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-ef9f4748.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-test-cd376c0c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/color-worker-bb651d13.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/component-telemetry-ids-1cd590aa.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.all.min-f4f61554.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.mss.min-9e6d10cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/editorial-85a6e968.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/error-1bd96987.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/filter-menu.styles-a46b4121.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-demo-92dc42ac.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-helper-712a32df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/footer-menu-8c8a802d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/gaming-83f7daa4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/header-693391b3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/home-c63a3e3a.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d961e0b8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/info-card-451bf192.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/info-panel-13764d50.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/language-selector-dialog-d6ff6e65.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/movies-1ab6b718.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/not-found-0d16d369.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/paged-list-9d05219d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-5ea683cf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-tester-9765524f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-renderer-391a73d9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/product-details-e585d43e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/product-review-b5e25830.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/promo-panel-7ed8d423.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-list-9e191603.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-summary-7b16a8f9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/related-products-3bf90db8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/report-dialog-dd665b1d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-ca417f66.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-publisher-87cc9aa8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/spacing.styles-c8db4407.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-control-d2911a7e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/system-requirements-76f59092.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/trending-collection-c47718a3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/video-player-6a061217.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/visual-info-panel-75343338.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /assets/js/wide-info-card-b3c1ba4c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /baidu_verify_codeva-7XwzFsIV37.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /bing-bat.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /color-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect

Source: Favicons.3.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.facebook.com/&origin=PinningWizard equals www.facebook.com (Facebook)
Source: Favicons.3.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log10.3.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log10.3.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log10.3.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: Cookies.4.dr	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: Cookies.4.dr	String found in binary or memory: .www.linkedin.combscookiev10$W] equals www.linkedin.com (Linkedin)
Source: Favicons.3.dr	String found in binary or memory: ?https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: coep_reporthttps://www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: coep_reporthttps://www.facebook.com/browser_reporting/coep/?minimize=0["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false] equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/coop/?minimize=0["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false] equals www.facebook.com (Facebook)
Source: Favicons.3.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: Favicons.3.dr	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: Reporting and NEL.4.dr	String found in binary or memory: permissions_policyhttps://www.facebook.com/ajax/browser_error_reports/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: permissions_policyhttps://www.facebook.com/ajax/browser_error_reports/["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false] equals www.facebook.com (Facebook)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: px.ads.linkedin.comwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: px.ads.linkedin.comwww.linkedin.com/ equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.linkedin.compx.ads.linkedin.com equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.linkedin.compx.ads.linkedin.com/ equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.microsoft.comconnect.facebook.net equals www.facebook.com (Facebook)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.microsoft.compx.ads.linkedin.com equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.microsoft.compx.ads.linkedin.com+ equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.microsoft.compx.ads.linkedin.comM equals www.linkedin.com (Linkedin)
Source: load_statistics.db-wal.3.dr	String found in binary or memory: www.microsoft.comwww.facebook.comL2 equals www.facebook.com (Facebook)
Source: f3c3ddf5-d02b-4844-aed7-655b5437102c.tmp.4.dr	String found in binary or memory: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103153021209","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103153986295","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103186671593","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABEAAABodHRwczovL2dvZmlsZS5pbwAAAA==",false],"server":"https://store9.gofile.io"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369604792382392","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369597598045976","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://cdn.jsdelivr.net"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369597601838680","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://connect.facebook.net"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369597604017370","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://www.facebook.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103183608389","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":136921},"server":"https://www.google.com"}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}} equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: enviasept.duckdns.org

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: AE5D832E16FA4546A15AEF64B10F2C6D Ref B: EWR311000106025 Ref C: 2024-08-30T17:06:24ZDate: Fri, 30 Aug 2024 17:06:24 GMTConnection: closeContent-Length: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 5C50BC5B15634B3CBEE8CA08377ED475 Ref B: EWR311000104025 Ref C: 2024-08-30T17:06:26ZDate: Fri, 30 Aug 2024 17:06:26 GMTConnection: closeContent-Length: 0

Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2081014094.0000000002614000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://c0rl.m%L
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://crl.globalsign.net/root.crl0O
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2081014094.0000000002614000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicer
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unrar.dll.26.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: MSBuild.exe, 0000001D.00000002.2425306055.00000000008FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: MSBuild.exe, 0000001D.00000002.2425306055.00000000008FE000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.29.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	String found in binary or memory: http://forum.doom9.org/showthread.php?p=1271417#post1271417
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	String found in binary or memory: http://forum.doom9.org/showthread.php?p=1271417#post1271417U
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000000.2022197257.0000000000648000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://forum.doom9.org/showthread.php?t=146228
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://ocsp.globalsign.com/ExtendedSSLSHA256CACross0
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesigng20
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: 1 DEMANADA LABORAL.exe, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.0000000000401000.00000020.00000001.01000000.00000008.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2085473047.000000004A601000.00000020.00000001.01000000.00000009.sdmp, madHcNet32.dll.21.dr, madHcNet32.dll.26.dr, mvrSettings32.dll.21.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: MSBuild.exe, 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt04
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, unrar.dll.26.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: http://www.globalsign.net/repository/03
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.000000000371E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.0000000005715000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.info-zip.org/
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0/
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	String found in binary or memory: http://yesgrey.com/madvr.x64.php
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	String found in binary or memory: http://yesgrey.com/madvr.x86.phpError...Downloading
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.3.dr, 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: Reporting and NEL.4.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: manifest.json0.3.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.3.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: f3c3ddf5-d02b-4844-aed7-655b5437102c.tmp.4.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.3.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: f3c3ddf5-d02b-4844-aed7-655b5437102c.tmp.4.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.4.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: Reporting and NEL.4.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Cache/delete#Parameters)
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Cache/match)
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters)
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp#grouping-bac
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://developers.google.com/web/tools/workbox/guides/using-plugins
Source: manifest.json.3.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive.google.com/
Source: 000003.log10.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log10.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log10.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log10.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log10.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: Favicons.3.dr	String found in binary or memory: https://edgestatic.azureedge.net/welcome/static/favicon.png
Source: Favicons.3.dr	String found in binary or memory: https://edgestatic.azureedge.net/welcome/static/favicon.png&
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://gaana.com/
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://github.com/GoogleChrome/workbox/issues/1796)
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://github.com/GoogleChrome/workbox/issues/2737
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: Reporting and NEL.4.dr	String found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://m.kugou.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://m.vk.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://music.amazon.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://music.apple.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://music.yandex.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://open.spotify.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: f3c3ddf5-d02b-4844-aed7-655b5437102c.tmp.4.dr	String found in binary or memory: https://store9.gofile.io
Source: History.3.dr, 000003.log0.3.dr	String found in binary or memory: https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-
Source: MSBuild.exe, 0000001D.00000002.2429415475.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/xworm_v2
Source: MSBuild.exe, 0000001D.00000002.2429415475.00000000027D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/xworm_v20
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://tidal.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://twitter.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://w3c.github.io/ServiceWorker/#dictdef-cachequeryoptions
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://w3c.github.io/ServiceWorker/#dictdef-cachequeryoptions)
Source: 2cc80dabc69f58b6_0.3.dr	String found in binary or memory: https://w3c.github.io/ServiceWorker/#extendableevent-extend-lifetime-promises
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://web.telegram.org/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://web.whatsapp.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Favicons.3.dr	String found in binary or memory: https://www.aliexpress.com/
Source: Favicons.3.dr	String found in binary or memory: https://www.amazon.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.deezer.com/
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: madHcNet32.dll.26.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: madHcNet32.dll.21.dr, madHcNet32.dll.26.dr	String found in binary or memory: https://www.globalsign.com/repository/03
Source: History.3.dr, 000003.log2.3.dr, 000003.log0.3.dr	String found in binary or memory: https://www.google.com/
Source: Favicons.3.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: 000003.log0.3.dr	String found in binary or memory: https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.instagram.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.last.fm/
Source: Favicons.3.dr	String found in binary or memory: https://www.live.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.messenger.com
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: Favicons.3.dr	String found in binary or memory: https://www.netflix.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.office.com
Source: Favicons.3.dr	String found in binary or memory: https://www.office.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: Favicons.3.dr	String found in binary or memory: https://www.reddit.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.tiktok.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://www.youtube.com
Source: Favicons.3.dr	String found in binary or memory: https://www.youtube.com/
Source: 42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 3016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DB5644 OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,

26_2_00DB5644

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DB5644 OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,

26_2_00DB5644

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DE2FBC GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetCurrentThreadId,IsDialogMessageW,TranslateMessage,DispatchMessageW,IsWindow,GetMessageW,

26_2_00DE2FBC

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
Source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
Source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0000001D.00000002.2425306055.0000000000944000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0000001D.00000002.2429415475.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001D.00000002.2425306055.00000000008FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: cmd.exe PID: 3016, type: MEMORYSTR	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen

Drops password protected ZIP file

Source: Unconfirmed 113337.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 113337.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 113337.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 113337.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 113337.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 113337.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 760756.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 760756.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 760756.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 760756.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 760756.crdownload.3.dr	Zip Entry: encrypted
Source: Unconfirmed 760756.crdownload.3.dr	Zip Entry: encrypted

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E14070	26_2_00E14070
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D98190	26_2_00D98190
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D82380	26_2_00D82380
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D7C344	26_2_00D7C344
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E22468	26_2_00E22468
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E045C4	26_2_00E045C4
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D805A4	26_2_00D805A4
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DE0A48	26_2_00DE0A48
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E38CF4	26_2_00E38CF4
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D68E64	26_2_00D68E64
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E376F8	26_2_00E376F8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D7D8D0	26_2_00D7D8D0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E09968	26_2_00E09968
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D79978	26_2_00D79978
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D83AB8	26_2_00D83AB8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DE3B00	26_2_00DE3B00
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E07D10	26_2_00E07D10
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DDBD20	26_2_00DDBD20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 29_2_00D8F0F8	29_2_00D8F0F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 29_2_00D8B450	29_2_00D8B450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 29_2_00D8A780	29_2_00D8A780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 29_2_00D8A438	29_2_00D8A438

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Roaming\rtw_Scan\unrar.dll 0891EDB0CC1C0208AF2E4BC65D6B5A7160642F89FD4B4DC321F79D2B5DFC2DCC

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: String function: 00D6D904 appears 34 times
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: String function: 00D6D92C appears 117 times
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: String function: 00DE6574 appears 34 times
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: String function: 00DD1980 appears 33 times
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: String function: 00D67EF8 appears 90 times
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: String function: 00D68620 appears 45 times

Source: 1 DEMANADA LABORAL.exe.21.dr

Static PE information: Number of sections : 11 > 10

Source: dump.pcap, type: PCAP	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
Source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
Source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0000001D.00000002.2425306055.0000000000944000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0000001D.00000002.2429415475.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001D.00000002.2425306055.00000000008FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: cmd.exe PID: 3016, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED	Matched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys

Source: vjjpgbbqs.27.dr, GHWxMfStNC.cs	Base64 encoded string: 'ZNpgeh68Q5Hr5RM4eBP3uTIZuW1VVNMhwK9C5oeL4fDpQ6qvTt+zVR1hmMiFQLVqhYJaOG9kInio7gT+nuHdtNOxhhdmzlonCRXWbjBXahk=', 'WpqhSwXrb6Ov5dhbRoftTgI9ZCWj6kEdJKQAo0yDYSRcReNj24xXF4QLJFP6G+QWzhZoBYchSaXA0Ha9wUZnUDlFOpYMl6unUMrdXVScZIX5LnqSE5/9N+auaiS56V9g', 'g0vscw0kCqE7AOzdAc1MCOwTvLEgvcGjnXwyWs4K03lE3sEciJ5SXTsAQPO+T66fo08KrqHXjO7kfU4g6L9q8w==', 'jlbDOiBVDKqvIoENinvBJKb/xTiE9tVgB7xumqwoxDSbWdxFuGdnX6JBvmgJf2+sapphOnwAVcPCCa2uxN9efJJNtm9jxM1aZ4vuMVN05gM=', 'PHVJodJzCp3m6Ko6zSUWxKiVsUE3pXCJg49pe8WKhw1bbfxHfuNu2UqQZXgCx0aDJDasWSCJY4smOTX1+o+CeZxNskVeOvvjQ1+kzZmJ66dIg3YZ4HZXua9mFlbUqns8vP2HgmvDst3+wf1KfY25u7Dk16jtkU8hs9kuJ8e3UFVdxgce9T6TyC+P1/YSXEyJrj9oVlm5nuLwR5tln2qPggJdjI9PrSdwktJhJM3NkpUyPVsIrSnl+NkvUqTs9/ICFgjZ3euxSV1+qv4qhmSnQyqBgaOTpqa/bcje/qIMaDNRdMyzTQ21RMxyvCPrvHBd+kv0LS0RxTvwPibKe3uWgVAf8QjIU15PnZ+LYhnGBPzyJq4rJ2L6+ykzhqIVbayJ7pAFm33mgvpR9Bp7e2OTiQieuXxn1MiiHlqaiI2v4MbZSnsoZsaLOM72u9Y4XprINwpuPykfw/otBIs9GazCDW0S4Mg9540Ckc6lXy2P4crgAyqjJGfJGyhkc18lu5ouCduALUqj0LXUeD0UmOY8hz320HlcDGMZjWPJt42nXMsv0/MCEGRo8KOFnS92gPigxYAMEK6vOOlxz+YvL2mA7h2+BezzMPFnxTeVdThMkalmm9MkDQ88I2DxQWKIzSOo84j6Sgec/Z9DPeQ5t3fisTnhmKIJo7mLmOzD08LGpkA6LRxhj69AA+eN9EcXnu65nVuyf9RNJ4KaAXySB/cm3Omq4ujtMSi4L7gMO/31/PMg3QhUSTggKDEi6C9eGBLPQr3HVSeg3jsf79OTZGd2fYor6HHehRr6j4iJNsGE4KQUxNodEN0l3Pw9h7v3HKG2O89RdFS2o2GGwkCrpsp5G1maFiNfNMUx2eCv8izdXL2EqzwQbAavcNXAG+0tmHp5BPJpZKGId6zZOrMzVpJsXGYYb2XOsQ+iztxhRUmamYu0PKvA1UwGfjBPRAO+k2jnQACLwZJir/B2UjifkEBitoMklP/GxGyVU5uXMWapGBjHS8ecz7tQHA+aZi13OQGGNBSutIpafFiGnckLqSyCYAsOp7n8ZKd78PvVC7w4s0PZfazqEElxKVrxZ8Y1L8dXKJPB3t/KSx2gXhf4P270BGLHwIcLcAWlszS0j3i9+uYDu76wvoOgWQbZio+Y0ATrharkEqguHBRmghDw58FgXm0PYU5B4u55bHN43LYd43wNA+nOcBbCcZKDDghwG7pCMpzB0igKiyzAJ+1DLYfMJVYKDmz/ggpJjbY2dnda9UT6v3T44OysP55/ncsWpMNcDIWEU7Sdtg7EtEKH/R0gKU/27BsXbV82mjrKkgcYcNX5zHjevLl4P0loHOd0RR0Pv8NJjnP51iXyq4gsWaOEHPGYRW7ik1ERt76gxuCMhB2dOt45wCVSPkoA5KVblWpLGG6tVAVCCQRHg+5od/WFyOo05l8P7CNTNk8QEY59dxNf0S58MhxqHDxXsbvwKIQAWantijx5nalJ1U8qsBQeV0wdoj0sNSuFL4u5LKj4apz7V+Z9aVz57CkvksiWA1+hC/OmoOaGiNyRM9/RaSL2ne55+YXPWudIKl6gptJrBXYKzdl3FZILVos02KKstpQKSxkfqN8YYzgPBXCKHAMvDBjq8sBlTFRGKXKsG9TnBlBkLwPLxZsmWDhQMOTs6Wp53Q+CWsUWzosGDD9xg67Qg6NvyKqnafJCjG+cJSzDq/sioK77hxMN5vWa0+WqfEap5WOeoqUpH1CrokGcILxWiJfPnphHobIsE0C9BxLkdgdMYVuRIy9XPCN06s/mzDgu4vzWx1BmDlmOZn9dEIYD4HxsyhrFbq5vWlPXnrisgHtAmAGJKKceHfMoO5PhDlbEQ+lwHnxQCaob91Qr0XLqc8DwkPZGkP+TaPGQ8hXZxTq/KkVu67LoY7MqjXRUIAz8MMGrmoCkZ//t8o+jcylIXn5C9vqguIyOECW2lpNDh9Dd+GSFsND3doLtQ8uLUjJgTA5kWbpQLTCsBuJ3+ggGv91OWe25GqU9ONwOi7uLPXPyB7Gr9tUIR81/JQNPN/l5bB/56DJhayZIrGgdTsTAbUpytZgZVO43v1zP2t8AM7GjnhoU/adA/L1+oN2WX0dUqcGH3rzB7/KW/D6a5iqTiBvpQnMw1Dou9AMpbz/p1hx9fsW4rWVolQDpOgb+fooEEqqspwLESFAseQDZf9IX5uUeF6V/ShNDMtzP9zQ7EF97v0rdWqPJSfla2jH1bRRyzwRmcPB1eOumQAepVTTRYXNY3iCgfQQK8ItxCOpbf6hU3mXu219Cb4EK7gHGK4nXiPARyHfaI0iild8hV0+Q119QZqpu1cVuXT8aYMCZU1s=', 'SBYpg8Jd7ZtQTcjcJbkZXQ17s9IjAI6ph6gD44aRb5y7s/tpOiOwXrE0hcvm9eWI0Xc4TPADMC4/8R28YnB0bA==', 'lmFxZHYA60SeaxoqhO4qLTkqfD7HqcL1C1NTlpAOsxKEkRNNlfNPJKuTnoZv6aQFCc+BXYXpY2BqQSImqMV3pA=='
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, GHWxMfStNC.cs	Base64 encoded string: 'ZNpgeh68Q5Hr5RM4eBP3uTIZuW1VVNMhwK9C5oeL4fDpQ6qvTt+zVR1hmMiFQLVqhYJaOG9kInio7gT+nuHdtNOxhhdmzlonCRXWbjBXahk=', 'WpqhSwXrb6Ov5dhbRoftTgI9ZCWj6kEdJKQAo0yDYSRcReNj24xXF4QLJFP6G+QWzhZoBYchSaXA0Ha9wUZnUDlFOpYMl6unUMrdXVScZIX5LnqSE5/9N+auaiS56V9g', 'g0vscw0kCqE7AOzdAc1MCOwTvLEgvcGjnXwyWs4K03lE3sEciJ5SXTsAQPO+T66fo08KrqHXjO7kfU4g6L9q8w==', 'jlbDOiBVDKqvIoENinvBJKb/xTiE9tVgB7xumqwoxDSbWdxFuGdnX6JBvmgJf2+sapphOnwAVcPCCa2uxN9efJJNtm9jxM1aZ4vuMVN05gM=', 'PHVJodJzCp3m6Ko6zSUWxKiVsUE3pXCJg49pe8WKhw1bbfxHfuNu2UqQZXgCx0aDJDasWSCJY4smOTX1+o+CeZxNskVeOvvjQ1+kzZmJ66dIg3YZ4HZXua9mFlbUqns8vP2HgmvDst3+wf1KfY25u7Dk16jtkU8hs9kuJ8e3UFVdxgce9T6TyC+P1/YSXEyJrj9oVlm5nuLwR5tln2qPggJdjI9PrSdwktJhJM3NkpUyPVsIrSnl+NkvUqTs9/ICFgjZ3euxSV1+qv4qhmSnQyqBgaOTpqa/bcje/qIMaDNRdMyzTQ21RMxyvCPrvHBd+kv0LS0RxTvwPibKe3uWgVAf8QjIU15PnZ+LYhnGBPzyJq4rJ2L6+ykzhqIVbayJ7pAFm33mgvpR9Bp7e2OTiQieuXxn1MiiHlqaiI2v4MbZSnsoZsaLOM72u9Y4XprINwpuPykfw/otBIs9GazCDW0S4Mg9540Ckc6lXy2P4crgAyqjJGfJGyhkc18lu5ouCduALUqj0LXUeD0UmOY8hz320HlcDGMZjWPJt42nXMsv0/MCEGRo8KOFnS92gPigxYAMEK6vOOlxz+YvL2mA7h2+BezzMPFnxTeVdThMkalmm9MkDQ88I2DxQWKIzSOo84j6Sgec/Z9DPeQ5t3fisTnhmKIJo7mLmOzD08LGpkA6LRxhj69AA+eN9EcXnu65nVuyf9RNJ4KaAXySB/cm3Omq4ujtMSi4L7gMO/31/PMg3QhUSTggKDEi6C9eGBLPQr3HVSeg3jsf79OTZGd2fYor6HHehRr6j4iJNsGE4KQUxNodEN0l3Pw9h7v3HKG2O89RdFS2o2GGwkCrpsp5G1maFiNfNMUx2eCv8izdXL2EqzwQbAavcNXAG+0tmHp5BPJpZKGId6zZOrMzVpJsXGYYb2XOsQ+iztxhRUmamYu0PKvA1UwGfjBPRAO+k2jnQACLwZJir/B2UjifkEBitoMklP/GxGyVU5uXMWapGBjHS8ecz7tQHA+aZi13OQGGNBSutIpafFiGnckLqSyCYAsOp7n8ZKd78PvVC7w4s0PZfazqEElxKVrxZ8Y1L8dXKJPB3t/KSx2gXhf4P270BGLHwIcLcAWlszS0j3i9+uYDu76wvoOgWQbZio+Y0ATrharkEqguHBRmghDw58FgXm0PYU5B4u55bHN43LYd43wNA+nOcBbCcZKDDghwG7pCMpzB0igKiyzAJ+1DLYfMJVYKDmz/ggpJjbY2dnda9UT6v3T44OysP55/ncsWpMNcDIWEU7Sdtg7EtEKH/R0gKU/27BsXbV82mjrKkgcYcNX5zHjevLl4P0loHOd0RR0Pv8NJjnP51iXyq4gsWaOEHPGYRW7ik1ERt76gxuCMhB2dOt45wCVSPkoA5KVblWpLGG6tVAVCCQRHg+5od/WFyOo05l8P7CNTNk8QEY59dxNf0S58MhxqHDxXsbvwKIQAWantijx5nalJ1U8qsBQeV0wdoj0sNSuFL4u5LKj4apz7V+Z9aVz57CkvksiWA1+hC/OmoOaGiNyRM9/RaSL2ne55+YXPWudIKl6gptJrBXYKzdl3FZILVos02KKstpQKSxkfqN8YYzgPBXCKHAMvDBjq8sBlTFRGKXKsG9TnBlBkLwPLxZsmWDhQMOTs6Wp53Q+CWsUWzosGDD9xg67Qg6NvyKqnafJCjG+cJSzDq/sioK77hxMN5vWa0+WqfEap5WOeoqUpH1CrokGcILxWiJfPnphHobIsE0C9BxLkdgdMYVuRIy9XPCN06s/mzDgu4vzWx1BmDlmOZn9dEIYD4HxsyhrFbq5vWlPXnrisgHtAmAGJKKceHfMoO5PhDlbEQ+lwHnxQCaob91Qr0XLqc8DwkPZGkP+TaPGQ8hXZxTq/KkVu67LoY7MqjXRUIAz8MMGrmoCkZ//t8o+jcylIXn5C9vqguIyOECW2lpNDh9Dd+GSFsND3doLtQ8uLUjJgTA5kWbpQLTCsBuJ3+ggGv91OWe25GqU9ONwOi7uLPXPyB7Gr9tUIR81/JQNPN/l5bB/56DJhayZIrGgdTsTAbUpytZgZVO43v1zP2t8AM7GjnhoU/adA/L1+oN2WX0dUqcGH3rzB7/KW/D6a5iqTiBvpQnMw1Dou9AMpbz/p1hx9fsW4rWVolQDpOgb+fooEEqqspwLESFAseQDZf9IX5uUeF6V/ShNDMtzP9zQ7EF97v0rdWqPJSfla2jH1bRRyzwRmcPB1eOumQAepVTTRYXNY3iCgfQQK8ItxCOpbf6hU3mXu219Cb4EK7gHGK4nXiPARyHfaI0iild8hV0+Q119QZqpu1cVuXT8aYMCZU1s=', 'SBYpg8Jd7ZtQTcjcJbkZXQ17s9IjAI6ph6gD44aRb5y7s/tpOiOwXrE0hcvm9eWI0Xc4TPADMC4/8R28YnB0bA==', 'lmFxZHYA60SeaxoqhO4qLTkqfD7HqcL1C1NTlpAOsxKEkRNNlfNPJKuTnoZv6aQFCc+BXYXpY2BqQSImqMV3pA=='

Source: vjjpgbbqs.27.dr, pJNPdflwNINsk.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: vjjpgbbqs.27.dr, pJNPdflwNINsk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, pJNPdflwNINsk.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, pJNPdflwNINsk.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winSVG@79/301@11/37

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DE63E0 GetDiskFreeSpaceA,

26_2_00DE63E0

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00E133A4 CoCreateInstance,

26_2_00E133A4

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00D9A438 GetVersion,FindResourceW,FindResourceA,

26_2_00D9A438

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D1FBED-B1C.pma

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: \Sessions\1\BaseNamedObjects\AsyncMutex_6SI8OkPnk

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\2cd39313-bf22-4847-a806-ffbf6964179f.tmp

Jump to behavior

Source: Yara match	File source: 26.2.1 DEMANADA LABORAL.exe.4a600000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.1 DEMANADA LABORAL.exe.d60000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.0.1 DEMANADA LABORAL.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000000.2021155593.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2085473047.000000004A601000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\madHcNet32.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\rtw_Scan\madHcNet32.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\mvrSettings32.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\rtw_Scan\mvrSettings32.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe, type: DROPPED

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: 1 DEMANADA LABORAL.exe	String found in binary or memory: 250-STARTTLS
Source: 1 DEMANADA LABORAL.exe	String found in binary or memory: 250-STARTTLS

Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2004,i,1911348884404984880,14140193632857720476,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6492 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7360 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\" -ad -an -ai#7zMap27937:184:7zEvent10880
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7772 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe "C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe"
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2004,i,1911348884404984880,14140193632857720476,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7772 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6492 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7360 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7360 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7772 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Jump to behavior

Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: madhcnet32.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: unrar.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: mvrsettings32.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior

Source: C:\Program Files\7-Zip\7zG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: mwnheff.27.dr

LNK file: ..\..\..\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\7-Zip\7zG.exe

Window detected: Number of UI elements: 15

Source:	Binary string: wntdll.pdbUGP source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2083756601.0000000003B50000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082809548.00000000037FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2083756601.0000000003B50000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2082809548.00000000037FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Projects\WinRAR\rar\build\unrardll32\Release\UnRAR.pdb source: 7zG.exe, 00000015.00000003.1972335700.000001EBB5A90000.00000004.00000800.00020000.00000000.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2086403361.0000000073D9E000.00000002.00000001.01000000.0000000A.sdmp, unrar.dll.26.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: vjjpgbbqs.27.dr, lWRcxRrLAxi.cs	.Net Code: qdzfoqJCqM System.AppDomain.Load(byte[])
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, lWRcxRrLAxi.cs	.Net Code: qdzfoqJCqM System.AppDomain.Load(byte[])

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00E0623C LoadLibraryA,GetProcAddress,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,FreeSid,FreeSid,

26_2_00E0623C

Source: mvrSettings32.dll.26.dr	Static PE information: real checksum: 0x1157fe should be: 0x108db8
Source: vjjpgbbqs.27.dr	Static PE information: real checksum: 0x0 should be: 0x160df
Source: mvrSettings32.dll.21.dr	Static PE information: real checksum: 0x1157fe should be: 0x108db8

Source: 1 DEMANADA LABORAL.exe.21.dr	Static PE information: section name: .didata
Source: madHcNet32.dll.21.dr	Static PE information: section name: .didata
Source: mvrSettings32.dll.21.dr	Static PE information: section name: .didata
Source: madHcNet32.dll.26.dr	Static PE information: section name: .didata
Source: mvrSettings32.dll.26.dr	Static PE information: section name: .didata

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D90160 push 00D901B8h; ret	26_2_00D901B0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D6C3DA push ecx; mov dword ptr [esp], eax	26_2_00D6C3DD
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D726FE push 00D7277Eh; ret	26_2_00D72776
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D72700 push 00D7277Eh; ret	26_2_00D72776
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DF2730 push 00DF28CFh; ret	26_2_00DF28C7
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DAC818 push 00DAC90Dh; ret	26_2_00DAC905
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DEE920 push 00DEE9BBh; ret	26_2_00DEE9B3
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D6CB90 push ecx; mov dword ptr [esp], edx	26_2_00D6CB91
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D98D94 push ecx; mov dword ptr [esp], ecx	26_2_00D98D99
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E0AD64 push 00E0B10Fh; ret	26_2_00E0B107
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DB0EF4 push 00DB0F4Bh; ret	26_2_00DB0F43
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D7EE24 push 00D7EE8Ah; ret	26_2_00D7EE82
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E430DC push 00E43109h; ret	26_2_00E43101
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DC71E0 push ecx; mov dword ptr [esp], ecx	26_2_00DC71E3
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E4315C push 00E43195h; ret	26_2_00E4318D
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E43114 push 00E43159h; ret	26_2_00E43151
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E0B2A8 push 00E0B2F7h; ret	26_2_00E0B2EF
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D8B3C8 push 00D8B40Bh; ret	26_2_00D8B403
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E053A8 push 00E05623h; ret	26_2_00E0561B
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DA9350 push 00DA93E9h; ret	26_2_00DA93E1
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E435D0 push 00E43686h; ret	26_2_00E4367E
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E4350C push 00E435A9h; ret	26_2_00E435A1
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E43688 push 00E4374Dh; ret	26_2_00E43745
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DA176C push ecx; mov dword ptr [esp], eax	26_2_00DA176E
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DB3814 push ecx; mov dword ptr [esp], ecx	26_2_00DB3819
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DA1834 push ecx; mov dword ptr [esp], eax	26_2_00DA1836
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E1598C push ecx; mov dword ptr [esp], edx	26_2_00E15990
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E1592C push ecx; mov dword ptr [esp], edx	26_2_00E15930
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00E43918 push 00E4394Ch; ret	26_2_00E43944
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D77B48 push 00D77B9Bh; ret	26_2_00D77B93
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DA1B28 push 00DA1B60h; ret	26_2_00DA1B58

Source: vjjpgbbqs.27.dr, fAIEkIWjcSkk.cs	High entropy of concatenated method names: 'SKRStBVSOl', 'piJbLRZBmUSgFmhLq', 'zNIOlwwPsMcsQsLYo', 'rWxYdgdMikG', 'uIUkaTFGVU', 'khvuiEAzRIFaop', 'YtMsQrxzKIpzzdBd', 'ebJwDDfNBKF', 'MunJPQFdEmyfII', 'HHzhaqxevpCOEP'
Source: vjjpgbbqs.27.dr, sXVuosQfvgh.cs	High entropy of concatenated method names: 'qTxPMNpUOHdQgk', 'sqUMQgQAaxM', 'QAZWKyPfdMzz', 'cuLHfIUyLRu', 'bdJpblOEbyTk', 'DFQXgsEvXhQ', 'ZqcsQoEOffov', 'HRXVAesxBeXq', 'edkNhKczoWv', 'EQVLoSjFEnEuj'
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, fAIEkIWjcSkk.cs	High entropy of concatenated method names: 'SKRStBVSOl', 'piJbLRZBmUSgFmhLq', 'zNIOlwwPsMcsQsLYo', 'rWxYdgdMikG', 'uIUkaTFGVU', 'khvuiEAzRIFaop', 'YtMsQrxzKIpzzdBd', 'ebJwDDfNBKF', 'MunJPQFdEmyfII', 'HHzhaqxevpCOEP'
Source: 27.2.cmd.exe.60c00c8.6.raw.unpack, sXVuosQfvgh.cs	High entropy of concatenated method names: 'qTxPMNpUOHdQgk', 'sqUMQgQAaxM', 'QAZWKyPfdMzz', 'cuLHfIUyLRu', 'bdJpblOEbyTk', 'DFQXgsEvXhQ', 'ZqcsQoEOffov', 'HRXVAesxBeXq', 'edkNhKczoWv', 'EQVLoSjFEnEuj'

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	File created: C:\Users\user\AppData\Roaming\rtw_Scan\madHcNet32.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\vjjpgbbqs	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\madHcNet32.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\mvrSettings32.dll	Jump to dropped file
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	File created: C:\Users\user\AppData\Roaming\rtw_Scan\mvrSettings32.dll	Jump to dropped file
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	File created: C:\Users\user\AppData\Roaming\rtw_Scan\unrar.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\unrar.dll	Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exe	File created: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\vjjpgbbqs

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 3016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Windows\SysWOW64\cmd.exe

Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\VJJPGBBQS

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DE0A48 ImageList_Create,LoadCursorW,GetVersion,RegisterClassW,RegisterClassA,GetVersion,GetVersion,GetSystemMenu,RemoveMenu,RemoveMenu,RemoveMenu,RemoveMenu,CreateFontW,CreateFontW,CreateFontW,CreateFontW,CreateCompatibleDC,SelectObject,SetBkMode,CreateDIBSection,SelectObject,FindResourceA,SetRect,GetVersion,DrawTextW,DrawTextA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnableWindow,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetVersion,GetClientRect,SendMessageW,GetWindowRect,SetWindowPos,GetWindowRect,SetWindowPos,GetSystemMetrics,GetSystemMetrics,SetWindowPos,GetClientRect,GetSystemMetrics,GetSystemMetrics,SetWindowPos,GetWindowRect,GetTickCount,SetTimer,MessageBeep,SetWindowPos,IsIconic,ShowWindow,BringWindowToTop,SetForegroundWindow,PostMessageA,	26_2_00DE0A48
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D92DD8 GetWindowThreadProcessId,GetCurrentProcessId,IsWindowVisible,IsIconic,GetWindowRect,OffsetRect,	26_2_00D92DD8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D92E8C IsWindowVisible,IsIconic,GetWindowRect,OffsetRect,CreateRectRgnIndirect,	26_2_00D92E8C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D736E8 EnableWindow,LoadCursorW,GetVersion,RegisterClassW,RegisterClassA,GetSystemMenu,RemoveMenu,RemoveMenu,RemoveMenu,RemoveMenu,CreateFontA,CreateFontA,CreateCompatibleDC,SelectObject,SetRect,GetVersion,DrawTextW,DrawTextA,GetVersion,FindResourceW,FindResourceA,GetVersion,SendMessageA,GetSystemMetrics,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,ShowWindow,GetSystemMetrics,GetSystemMetrics,SetWindowPos,ShowWindow,BringWindowToTop,SetForegroundWindow,SystemParametersInfoW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetLastError,CreateEventA,GetLastError,CloseHandle,SetWindowPos,ShowWindow,	26_2_00D736E8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D99744 IsWindowEnabled,EnableWindow,CreateCompatibleDC,SelectObject,DeleteDC,GetWindowRect,GetClientRect,GetSystemMetrics,GetSystemMetrics,SetWindowPos,ShowWindow,IsIconic,ShowWindow,BringWindowToTop,SetForegroundWindow,SetTimer,GetKeyState,IsDialogMessageW,TranslateMessage,DispatchMessageW,IsWindow,GetMessageW,VirtualFree,EnableWindow,SetActiveWindow,	26_2_00D99744

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match	File source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 3016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	API/Special instruction interceptor: Address: 6CA27C44
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	API/Special instruction interceptor: Address: 6CA27945
Source: C:\Windows\SysWOW64\cmd.exe	API/Special instruction interceptor: Address: 6CA23B54

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: cmd.exe, 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, MSBuild.exe, 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, vjjpgbbqs.27.dr

Binary or memory string: SBIEDLL.DLL

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: D40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 27D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2550000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Window / User API: threadDelayed 9845

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vjjpgbbqs

Jump to dropped file

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

API coverage: 0.8 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3604	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 724	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6004	Thread sleep count: 9845 > 30	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D6A57C FindFirstFileW,FindClose,	26_2_00D6A57C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DE6618 GetVersion,GetUserNameW,GetUserNameA,GetVersion,GetVersion,GetModuleHandleW,GetWindowsDirectoryA,GetCurrentProcessId,GetVersion,GetCommandLineW,GetCommandLineA,GetModuleHandleW,GetVersion,FindFirstFileW,FindFirstFileA,FindClose,GetModuleHandleW,GetModuleHandleW,	26_2_00DE6618
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DB293C GetVersion,GetFileAttributesW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,GetFileAttributesA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	26_2_00DB293C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D74BE8 FindFirstFileA,FindClose,	26_2_00D74BE8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D8AB24 GetVersion,FindFirstFileA,FindFirstFileW,FindClose,	26_2_00D8AB24
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D8AC24 GetVersion,FindFirstFileA,FindFirstFileW,FindClose,	26_2_00D8AC24
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D88E9C GetVersion,FindFirstFileA,FindFirstFileW,FindClose,	26_2_00D88E9C
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D74EA0 GetVersion,FindFirstFileW,FindClose,	26_2_00D74EA0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D751B4 FindFirstFileA,FindClose,	26_2_00D751B4
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DC32D0 GetVersion,FindFirstFileW,FindFirstFileA,FindClose,	26_2_00DC32D0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D75460 GetVersion,FindFirstFileW,FindClose,	26_2_00D75460
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D69FB0 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	26_2_00D69FB0

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00D6AF10 GetSystemInfo,

26_2_00D6AF10

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2081014094.0000000002614000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noreply@vmware.com0
Source: cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0
Source: vjjpgbbqs.27.dr	Binary or memory string: vmware
Source: cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1!0
Source: cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0/
Source: MSBuild.exe, 0000001D.00000002.2435821052.0000000004C7A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000001D.00000002.2435821052.0000000004C5E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000001D.00000002.2425306055.0000000000944000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1
Source: cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.0
Source: cmd.exe, 0000001B.00000002.2308473366.000000000321C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},.
Source: 1 DEMANADA LABORAL.exe, 0000001A.00000002.2081014094.0000000002614000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: mvmware

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

API call chain: ExitProcess graph end node

graph_26-50622

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00E0623C LoadLibraryA,GetProcAddress,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,FreeSid,FreeSid,

26_2_00E0623C

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00DB4254 mov ecx, dword ptr fs:[00000030h]		26_2_00DB4254
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: 26_2_00D64E11 mov eax, dword ptr fs:[00000030h]		26_2_00D64E11

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DEF5C0 SetUnhandledExceptionFilter,

26_2_00DEF5C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	NtSetSecurityObject: Direct from: 0x776D63E1			Jump to behavior
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	NtQueryInformationToken: Direct from: 0xD6535D			Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read write			Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6B7C1000			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 461008			Jump to behavior

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe			Jump to behavior

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00E0623C LoadLibraryA,GetProcAddress,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,FreeSid,FreeSid,

26_2_00E0623C

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00D6D4FC AllocateAndInitializeSid,

26_2_00D6D4FC

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00E060CC cpuid

26_2_00E060CC

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: GetUserDefaultUILanguage,GetLocaleInfoW,	26_2_00D6A6B4
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: GetLocaleInfoW,	26_2_00DA89FC
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: GetLocaleInfoW,	26_2_00DA8A48
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: GetVersion,GetLocaleInfoW,GetLocaleInfoA,	26_2_00DE52D0
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: GetThreadLocale,GetLocaleInfoW,	26_2_00D716F8
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	26_2_00D69B54
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: GetLocaleInfoW,	26_2_00DABB78
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: EnumSystemLocalesW,	26_2_00DABDB4

Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DB4D18 GetModuleHandleW,GetLocalTime,

26_2_00DB4D18

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DE6618 GetVersion,GetUserNameW,GetUserNameA,GetVersion,GetVersion,GetModuleHandleW,GetWindowsDirectoryA,GetCurrentProcessId,GetVersion,GetCommandLineW,GetCommandLineA,GetModuleHandleW,GetVersion,FindFirstFileW,FindFirstFileA,FindClose,GetModuleHandleW,GetModuleHandleW,

26_2_00DE6618

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00D720DC GetVersion,GetModuleHandleW,

26_2_00D720DC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 29.2.MSBuild.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.cmd.exe.60c00c8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 3016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 3816, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, type: DROPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: cmd.exe, 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: \Electrum
Source: 7zG.exe, 00000015.00000003.1971187010.000001EBB7CF0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: RIBvflp\VEyrUehFqwK\yD[LlCBWBQxbjaXXbRAGbPfHBRI
Source: cmd.exe, 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Exodus_Chrome
Source: MSBuild.exe, 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q%C:\Users\user\AppData\Roaming\Binance
Source: MSBuild.exe, 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q)C:\Users\user\AppData\Roaming\Ledger Live

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: SmtpPassword		26_2_00DB7D50
Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	Code function: SmtpPassword		26_2_00DB7D50

Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Code function: 26_2_00DCAAE0 socket,bind,htons,sendto,select,recvfrom,closesocket,

26_2_00DCAAE0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	11 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Input Capture	1 System Time Discovery	Remote Services	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	11 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	211 Process Injection	1 Abuse Elevation Control Mechanism	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Input Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	1 Scheduled Task/Job	121 Obfuscated Files or Information	NTDS	137 System Information Discovery	Distributed Component Object Model	2 Clipboard Data	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	311 Security Software Discovery	SSH	Keylogging	215 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 DLL Side-Loading	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	31 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	31 Virtualization/Sandbox Evasion	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	211 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Rundll32	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\vjjpgbbqs	79%	ReversingLabs	Win32.Backdoor.AsyncRat
C:\Users\user\AppData\Roaming\rtw_Scan\madHcNet32.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\rtw_Scan\mvrSettings32.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\rtw_Scan\unrar.dll	0%	ReversingLabs
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe	3%	ReversingLabs
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\madHcNet32.dll	0%	ReversingLabs
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\mvrSettings32.dll	0%	ReversingLabs
C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\unrar.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	0%	URL Reputation	safe
https://connect.facebook.net/en_US/fbevents.js	0%	URL Reputation	safe
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	0%	URL Reputation	safe
https://www.messenger.com	0%	URL Reputation	safe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	0%	URL Reputation	safe
https://www.reddit.com/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://drive-daily-2.corp.google.com/	0%	URL Reputation	safe
https://drive-daily-4.corp.google.com/	0%	URL Reputation	safe
http://www.symauth.com/cps0(	0%	URL Reputation	safe
https://drive-daily-1.corp.google.com/	0%	URL Reputation	safe
https://excel.new?from=EdgeM365Shoreline	0%	URL Reputation	safe
https://drive-daily-5.corp.google.com/	0%	URL Reputation	safe
https://bzib.nelreports.net/api/report?cat=bingbusiness	0%	URL Reputation	safe
https://www.tiktok.com/	0%	URL Reputation	safe
http://www.symauth.com/rpa00	0%	URL Reputation	safe
http://www.info-zip.org/	0%	URL Reputation	safe
https://chromewebstore.google.com/	0%	URL Reputation	safe
https://drive-preprod.corp.google.com/	0%	URL Reputation	safe
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	0%	URL Reputation	safe
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	0%	URL Reputation	safe
https://outlook.live.com/mail/0/	0%	URL Reputation	safe
https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/soap/envelope/	0%	URL Reputation	safe
https://powerpoint.new?from=EdgeM365Shoreline	0%	URL Reputation	safe
https://drive-staging.corp.google.com/	0%	URL Reputation	safe
https://www.last.fm/	0%	Avira URL Cloud	safe
https://store9.gofile.io	0%	Avira URL Cloud	safe
http://www.vmware.com/0	0%	Avira URL Cloud	safe
https://docs.google.com/	0%	Avira URL Cloud	safe
https://outlook.live.com/mail/compose?isExtension=true	0%	URL Reputation	safe
https://www.youtube.com	0%	Avira URL Cloud	safe
https://www.instagram.com	0%	Avira URL Cloud	safe
https://services.bingapis.com/undersideproactive/api/v1/trigger	0%	Avira URL Cloud	safe
https://web.skype.com/?browsername=edge_canary_shoreline	0%	Avira URL Cloud	safe
https://acdn.adnxs.com/dmp/up/pixie.js	0%	Avira URL Cloud	safe
https://word.new?from=EdgeM365Shoreline	0%	URL Reputation	safe
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	0%	URL Reputation	safe
https://outlook.office.com/mail/0/	0%	URL Reputation	safe
https://drive-autopush.corp.google.com/	0%	URL Reputation	safe
https://www.clarity.ms/tag/uet/355008692?insights=1	0%	Avira URL Cloud	safe
https://drive.google.com/	0%	Avira URL Cloud	safe
https://outlook.office.com/mail/compose?isExtension=true	0%	Avira URL Cloud	safe
https://www.netflix.com/	0%	Avira URL Cloud	safe
https://www.deezer.com/	0%	Avira URL Cloud	safe
https://i.y.qq.com/n2/m/index.html	0%	Avira URL Cloud	safe
https://developers.google.com/web/tools/workbox/guides/using-plugins	0%	Avira URL Cloud	safe
https://web.telegram.org/	0%	Avira URL Cloud	safe
https://www.office.com/	0%	Avira URL Cloud	safe
http://forum.doom9.org/showthread.php?p=1271417#post1271417	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters)	0%	Avira URL Cloud	safe
http://forum.doom9.org/showthread.php?p=1271417#post1271417U	0%	Avira URL Cloud	safe
https://www.amazon.com/	0%	Avira URL Cloud	safe
https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405	0%	Avira URL Cloud	safe
https://vibe.naver.com/today	0%	Avira URL Cloud	safe
https://www.youtube.com/	0%	Avira URL Cloud	safe
https://www.google.com/favicon.ico	0%	Avira URL Cloud	safe
http://forum.doom9.org/showthread.php?t=146228	0%	Avira URL Cloud	safe
https://github.com/GoogleChrome/workbox/issues/2737	0%	Avira URL Cloud	safe
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=ED41034D1DB44301A6900524774275E5&MUID=3A07D7FE513F607F01ECC3155058616C	0%	Avira URL Cloud	safe
https://github.com/GoogleChrome/workbox/issues/1796)	0%	Avira URL Cloud	safe
https://www.clarity.ms/s/0.7.45/clarity-extended.js	0%	Avira URL Cloud	safe
https://bard.google.com/	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore/	0%	Avira URL Cloud	safe
https://y.music.163.com/m/	0%	Avira URL Cloud	safe
https://w3c.github.io/ServiceWorker/#dictdef-cachequeryoptions	0%	Avira URL Cloud	safe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx	0%	Avira URL Cloud	safe
https://www.google.com/	0%	Avira URL Cloud	safe
https://px.ads.linkedin.com/wa/	0%	Avira URL Cloud	safe
https://web.whatsapp.com	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/static-on-bigtable	0%	Avira URL Cloud	safe
https://m.kugou.com/	0%	Avira URL Cloud	safe
https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-%20JUZGADO%2002%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.zip	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css	0%	Avira URL Cloud	safe
https://www.office.com	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters	0%	Avira URL Cloud	safe
https://images-eds-ssl.xboxlive.com/image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source&w=75	0%	Avira URL Cloud	safe
https://ib.adnxs.com/pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd	0%	Avira URL Cloud	safe
https://tidal.com/	0%	Avira URL Cloud	safe
https://northcentralus-0.in.applicationinsights.azure.com//v2/track	0%	Avira URL Cloud	safe
https://www.clarity.ms/s/0.7.45/clarity.js	0%	Avira URL Cloud	safe
https://gaana.com/	0%	Avira URL Cloud	safe
http://yesgrey.com/madvr.x64.php	0%	Avira URL Cloud	safe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	0%	Avira URL Cloud	safe
https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ng	0%	Avira URL Cloud	safe
https://www.clarity.ms/tag/edvmnysmkk	0%	Avira URL Cloud	safe
https://latest.web.skype.com/?browsername=edge_canary_shoreline	0%	Avira URL Cloud	safe
https://www.clarity.ms/tag/inyago70pn	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/API/Cache/match)	0%	Avira URL Cloud	safe
https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo	0%	Avira URL Cloud	safe
https://c.clarity.ms/c.gif	0%	Avira URL Cloud	safe
https://www.live.com/	0%	Avira URL Cloud	safe
https://t.clarity.ms/collect	0%	Avira URL Cloud	safe
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js	0%	Avira URL Cloud	safe
https://m.soundcloud.com/	0%	Avira URL Cloud	safe
http://crl3.digicer	0%	Avira URL Cloud	safe
https://mail.google.com/mail/mu/mp/266/#tl/Inbox	0%	Avira URL Cloud	safe
https://w3c.github.io/ServiceWorker/#dictdef-cachequeryoptions)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
enviasept.duckdns.org	181.235.3.0	true	true	unknown
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
s-part-0036.t-0009.t-msedge.net	13.107.246.64	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.184.225	true	false	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	true	unknown
bzib.nelreports.net	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://services.bingapis.com/undersideproactive/api/v1/trigger	false	Avira URL Cloud: safe	unknown
https://acdn.adnxs.com/dmp/up/pixie.js	false	Avira URL Cloud: safe	unknown
https://www.clarity.ms/tag/uet/355008692?insights=1	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/en_US/fbevents.js	false	URL Reputation: safe	unknown
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=ED41034D1DB44301A6900524774275E5&MUID=3A07D7FE513F607F01ECC3155058616C	false	Avira URL Cloud: safe	unknown
https://www.google.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.clarity.ms/s/0.7.45/clarity-extended.js	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx	false	Avira URL Cloud: safe	unknown
https://px.ads.linkedin.com/wa/	false	Avira URL Cloud: safe	unknown
https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-%20JUZGADO%2002%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.zip	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css	false	Avira URL Cloud: safe	unknown
https://images-eds-ssl.xboxlive.com/image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source&w=75	false	Avira URL Cloud: safe	unknown
https://ib.adnxs.com/pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd	false	Avira URL Cloud: safe	unknown
https://northcentralus-0.in.applicationinsights.azure.com//v2/track	false	Avira URL Cloud: safe	unknown
https://www.clarity.ms/s/0.7.45/clarity.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ng	false	Avira URL Cloud: safe	unknown
https://www.clarity.ms/tag/edvmnysmkk	false	Avira URL Cloud: safe	unknown
https://www.clarity.ms/tag/inyago70pn	false	Avira URL Cloud: safe	unknown
https://c.clarity.ms/c.gif	false	Avira URL Cloud: safe	unknown
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js	false	Avira URL Cloud: safe	unknown
https://t.clarity.ms/collect	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac	000003.log0.3.dr	false	Avira URL Cloud: safe	unknown
http://www.vmware.com/0	1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://store9.gofile.io	f3c3ddf5-d02b-4844-aed7-655b5437102c.tmp.4.dr	false	Avira URL Cloud: safe	unknown
https://www.last.fm/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.4.dr	false	URL Reputation: safe	unknown
https://docs.google.com/	manifest.json.3.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.instagram.com	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://web.skype.com/?browsername=edge_canary_shoreline	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	manifest.json.3.dr	false	Avira URL Cloud: safe	unknown
https://www.netflix.com/	Favicons.3.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://www.messenger.com	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/mail/compose?isExtension=true	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.reddit.com/	Favicons.3.dr	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	MSBuild.exe, 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://i.y.qq.com/n2/m/index.html	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.deezer.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.office.com/	Favicons.3.dr	false	Avira URL Cloud: safe	unknown
https://web.telegram.org/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/web/tools/workbox/guides/using-plugins	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
http://forum.doom9.org/showthread.php?p=1271417#post1271417	1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters)	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
https://drive-daily-2.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown
https://www.amazon.com/	Favicons.3.dr	false	Avira URL Cloud: safe	unknown
http://forum.doom9.org/showthread.php?p=1271417#post1271417U	1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-daily-4.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown
https://vibe.naver.com/today	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://github.com/GoogleChrome/workbox/issues/2737	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
http://forum.doom9.org/showthread.php?t=146228	1 DEMANADA LABORAL.exe, 0000001A.00000000.2022197257.0000000000648000.00000002.00000001.01000000.00000008.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drive-daily-1.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown
https://excel.new?from=EdgeM365Shoreline	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://www.youtube.com/	Favicons.3.dr	false	Avira URL Cloud: safe	unknown
https://drive-daily-5.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.4.dr	false	URL Reputation: safe	unknown
https://www.tiktok.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
http://www.symauth.com/rpa00	1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.0000000003774000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.000000000575D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.info-zip.org/	1 DEMANADA LABORAL.exe, 0000001A.00000002.2082334456.000000000371E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001B.00000002.2309155702.0000000005715000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://chromewebstore.google.com/	manifest.json0.3.dr	false	URL Reputation: safe	unknown
https://github.com/GoogleChrome/workbox/issues/1796)	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
https://drive-preprod.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://chrome.google.com/webstore/	manifest.json0.3.dr	false	Avira URL Cloud: safe	unknown
https://y.music.163.com/m/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://bard.google.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/	History.3.dr, 000003.log2.3.dr, 000003.log0.3.dr	false	Avira URL Cloud: safe	unknown
https://w3c.github.io/ServiceWorker/#dictdef-cachequeryoptions	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
https://web.whatsapp.com	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://csp.withgoogle.com/csp/report-to/static-on-bigtable	Reporting and NEL.4.dr	false	Avira URL Cloud: safe	unknown
https://m.kugou.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.office.com	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://outlook.live.com/mail/0/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	1 DEMANADA LABORAL.exe, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.0000000000401000.00000020.00000001.01000000.00000008.sdmp, 1 DEMANADA LABORAL.exe, 0000001A.00000002.2085473047.000000004A601000.00000020.00000001.01000000.00000009.sdmp, madHcNet32.dll.21.dr, madHcNet32.dll.26.dr, mvrSettings32.dll.21.dr	false	URL Reputation: safe	unknown
https://powerpoint.new?from=EdgeM365Shoreline	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://tidal.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://gaana.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://drive-staging.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/mail/compose?isExtension=true	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
http://yesgrey.com/madvr.x64.php	1 DEMANADA LABORAL.exe, 0000001A.00000000.2021155593.000000000048E000.00000020.00000001.01000000.00000008.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://word.new?from=EdgeM365Shoreline	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/mail/0/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	URL Reputation: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/Cache/match)	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://m.soundcloud.com/	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
https://www.live.com/	Favicons.3.dr	false	Avira URL Cloud: safe	unknown
https://mail.google.com/mail/mu/mp/266/#tl/Inbox	42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp.3.dr	false	Avira URL Cloud: safe	unknown
http://crl3.digicer	1 DEMANADA LABORAL.exe, 0000001A.00000002.2081014094.0000000002614000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://w3c.github.io/ServiceWorker/#dictdef-cachequeryoptions)	2cc80dabc69f58b6_0.3.dr	false	Avira URL Cloud: safe	unknown
https://drive-autopush.corp.google.com/	manifest.json.3.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
206.168.190.239	unknown	United States	21777	MASSIVE-NETWORKSUS	false
13.107.246.64	s-part-0036.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.52.162.42	unknown	United States	16625	AKAMAI-ASUS	false
52.240.245.67	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.118.171.167	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.193.108	unknown	United States	54113	FASTLYUS	false
151.101.193.229	unknown	United States	54113	FASTLYUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
23.52.161.218	unknown	United States	16625	AKAMAI-ASUS	false
23.52.162.6	unknown	United States	16625	AKAMAI-ASUS	false
23.52.160.9	unknown	United States	16625	AKAMAI-ASUS	false
72.21.81.200	unknown	United States	15133	EDGECASTUS	false
157.240.241.35	unknown	United States	32934	FACEBOOKUS	false
20.114.189.70	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
52.159.108.190	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
150.171.28.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.184.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
40.126.24.84	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.241.1	unknown	United States	32934	FACEBOOKUS	false
20.42.73.24	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
4.152.133.8	unknown	United States	3356	LEVEL3US	false
40.126.24.82	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.43.85.136	unknown	United States	3257	GTT-BACKBONEGTTDE	false
23.200.3.23	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
181.235.3.0	enviasept.duckdns.org	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.33.238.58	unknown	United States	20940	AKAMAI-ASN1EU	false
68.67.179.87	unknown	United States	29990	ASN-APPNEXUS	false
142.251.35.164	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501935
Start date and time:	2024-08-30 19:05:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winSVG@79/301@11/37
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 282
Cookbook Comments:	Found application associated with file extension: .svg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.186.78, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.130, 2.23.209.140, 2.23.209.133, 2.23.209.135, 2.23.209.160, 2.23.209.149, 2.23.209.158, 2.23.209.156, 2.23.209.150, 184.28.90.27, 40.68.123.157, 4.231.128.59, 13.95.31.18, 20.190.159.4, 20.190.159.71, 20.190.159.75, 20.190.159.23, 20.190.159.68, 40.126.31.67, 20.190.159.73, 40.126.31.73, 20.73.194.208, 20.3.187.198, 20.114.59.183, 2.19.126.155, 2.19.126.157, 13.85.23.86, 2.16.100.152, 2.16.100.168, 142.251.32.99, 142.251.35.163, 142.250.65.227
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, a416.dscd.akamai.net, slscr.update.microsoft.com, edgeassetservice.afd.azureedge.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, atm-settingsfe-prod-geo2.trafficmanager.net, config-edge-skype.l-0007.l-msedge.net, login.live.com, e16604.g.akamaiedge.net, settings-prod-weu-2.westeurope.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, fs.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgeassetservice.azureedge.net, clients.l.google.com, settings-prod-neu-3.northeurope.cloudapp.azure.com, a1847.dscd.akamai.net, www.tm.lg.prod.aadmsa.trafficmanager.net, config.edge.skype.com.traff
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg

Simulations

Behavior and APIs

Time	Type	Description
13:07:48	API Interceptor	2x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
206.168.190.239	https://millagarden.com/7jjo	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.AutoIt.1410.29083.29061.exe	Get hash	malicious	Stealerium	Browse
	boost.exe	Get hash	malicious	NovaSentinel	Browse
	TS-240518-Creal5.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse
	TeaiGames.exe	Get hash	malicious	NovaSentinel	Browse
	Mauqes.exe	Get hash	malicious	Unknown	Browse
	e.exe	Get hash	malicious	Unknown	Browse
	e.exe	Get hash	malicious	Unknown	Browse
	e.exe	Get hash	malicious	Unknown	Browse
	e.exe	Get hash	malicious	Unknown	Browse
13.107.246.64	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	https://pub-ca67445aaabc47d0bd9966953d9e2b17.r2.dev/traffic.html?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Tara.LaClair%40Steptoe-Johnson.com&senderemailaddress=sszwarc%40MercBank.com&senderorganization=AwGAAAAAAnwAAAADAQAAAAB4L2sP04tHoRgQy9kdN5NPVT1tZXJjYmFuazAub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjE1QTAwMixEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NiRJZGS9IYEeji1osys3BpUNOPUNvbmZpZ3VyYXRpb24sQ049bWVyY2JhbmswLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxNUEwMDIsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cSA1PR15MB5013A9396562F78FDD94A844D7812%40SA1PR15MB5013.namprd15.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7b6C0A1EFA-EC06-4AF8-8120-E8DF728D24A6%7d%40mercbank0.onmicrosoft.com&consumerEncryption=false&senderorgid=eda5640b-de2a-4a70-8a6e-b9b732c16c38&urldecoded=1&e4e_sdata=EpAebyUyhbp5qjBRCejClul%2bO0wRydv1eJUK4qhZNRr0%2bzDWWfXCtf65jmdkNdBUWfXHNGyyHkWBVsCBCGfBpV5cdtKksOzfyu%2fmYa0Ftd3xTjHmXXenRXgUA0PR3gh5sR2ve%2bXE8dZCafVion%2bI0xm7xM0WcwXEUpGBGC8um4aIRyLVcAtc7h%2bCF%2fGZB16AaYsprv6yVHs7DZ5VNxYzLxaXnrSeE5gRbw0Z1wjaZ%2fLsBubfjF6gF%2fTa7wyY1NzrCFy0ptnoii1J%2f8CwlNK1zNO7c1e1wINfHPNA0%2f3Sy7hhDnvOn0PqTNFKAsZ49Up0Css4iDSm2eE2BPpARvHUGQ%3d%3d	Get hash	malicious	Unknown	Browse
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0036.t-0009.t-msedge.net	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	13.107.246.64
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	https://pub-ca67445aaabc47d0bd9966953d9e2b17.r2.dev/traffic.html?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML	Get hash	malicious	HTMLPhisher	Browse	13.107.246.64
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Tara.LaClair%40Steptoe-Johnson.com&senderemailaddress=sszwarc%40MercBank.com&senderorganization=AwGAAAAAAnwAAAADAQAAAAB4L2sP04tHoRgQy9kdN5NPVT1tZXJjYmFuazAub25taWNyb3NvZnQuY29tLE9VPU1pY3Jvc29mdCBFeGNoYW5nZSBIb3N0ZWQgT3JnYW5pemF0aW9ucyxEQz1OQU1QUjE1QTAwMixEQz1QUk9ELERDPU9VVExPT0ssREM9Q09NiRJZGS9IYEeji1osys3BpUNOPUNvbmZpZ3VyYXRpb24sQ049bWVyY2JhbmswLm9ubWljcm9zb2Z0LmNvbSxDTj1Db25maWd1cmF0aW9uVW5pdHMsREM9TkFNUFIxNUEwMDIsREM9UFJPRCxEQz1PVVRMT09LLERDPUNPTQE%3d&messageid=%3cSA1PR15MB5013A9396562F78FDD94A844D7812%40SA1PR15MB5013.namprd15.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7b6C0A1EFA-EC06-4AF8-8120-E8DF728D24A6%7d%40mercbank0.onmicrosoft.com&consumerEncryption=false&senderorgid=eda5640b-de2a-4a70-8a6e-b9b732c16c38&urldecoded=1&e4e_sdata=EpAebyUyhbp5qjBRCejClul%2bO0wRydv1eJUK4qhZNRr0%2bzDWWfXCtf65jmdkNdBUWfXHNGyyHkWBVsCBCGfBpV5cdtKksOzfyu%2fmYa0Ftd3xTjHmXXenRXgUA0PR3gh5sR2ve%2bXE8dZCafVion%2bI0xm7xM0WcwXEUpGBGC8um4aIRyLVcAtc7h%2bCF%2fGZB16AaYsprv6yVHs7DZ5VNxYzLxaXnrSeE5gRbw0Z1wjaZ%2fLsBubfjF6gF%2fTa7wyY1NzrCFy0ptnoii1J%2f8CwlNK1zNO7c1e1wINfHPNA0%2f3Sy7hhDnvOn0PqTNFKAsZ49Up0Css4iDSm2eE2BPpARvHUGQ%3d%3d	Get hash	malicious	Unknown	Browse	13.107.246.64
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://www.pgregdoc.com/?lngSubscriptionID=1590&lngSubscriptionCountryID=333&lngCountryID=13&lngLanguageID=13&lngCategoryID=861&lngProductID=9939	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
enviasept.duckdns.org	17247087656292f1fee39f411973c3f3722ee5485ed0d6445a4852bc2661fe5272ea752502946.dat-decoded.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	173.249.196.110
enviasept.duckdns.org	Mi_Documento.js	Get hash	malicious	AsyncRAT, DcRat	Browse	173.249.196.110
sni1gl.wpc.nucdn.net	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.199.21.175

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	459733930_447582045387.pdf	Get hash	malicious	Unknown	Browse	23.56.162.185
	https://nexgenodisha.in/	Get hash	malicious	HTMLPhisher	Browse	2.19.126.136
	2.pdf	Get hash	malicious	Unknown	Browse	23.52.160.183
	YCBcZ3Qo1D.msi	Get hash	malicious	Unknown	Browse	96.17.64.189
	UP6zzl3dMd.msi	Get hash	malicious	Unknown	Browse	23.47.168.24
	Gide#Invoice.pdf	Get hash	malicious	Unknown	Browse	104.126.112.182
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	23.9.137.166
	sora.spc.elf	Get hash	malicious	Mirai	Browse	184.86.141.77
	kqS23MOytx.exe	Get hash	malicious	Socks5Systemz, Stealc, Vidar, XWorm, Xmrig	Browse	23.210.122.61
	maliciouspdf.pdf	Get hash	malicious	Unknown	Browse	23.56.162.185
MASSIVE-NETWORKSUS	https://millagarden.com/7jjo	Get hash	malicious	Unknown	Browse	206.168.190.239
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	206.168.236.147
	PZFcJr14mw.elf	Get hash	malicious	Mirai	Browse	192.124.39.76
	arm7-20240707-0306.elf	Get hash	malicious	Mirai	Browse	207.174.78.107
	SecuriteInfo.com.Trojan.AutoIt.1410.29083.29061.exe	Get hash	malicious	Stealerium	Browse	206.168.190.239
	Evo Resou_nls..scr.exe	Get hash	malicious	AsyncRAT	Browse	206.168.191.31
	TS-240617-UF1.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	206.168.191.31
	TS-240609-CStealer1.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	206.168.191.31
	o77HTF1NHp.elf	Get hash	malicious	Unknown	Browse	204.188.116.24
	boost.exe	Get hash	malicious	NovaSentinel	Browse	206.168.190.239
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://thevetspets-my.sharepoint.com/:f:/g/personal/personstreet_oakheartvet_com/ErfxB4NKcu9BtaXM9b3uJ4QBgHu5vyRIpI1fIUmDhAHibw?e=bLfo6F	Get hash	malicious	Unknown	Browse	52.98.175.18
	https://buscenopath.z5.web.core.windows.net/bt95mlL4	Get hash	malicious	HTMLPhisher	Browse	20.209.154.137
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	https://indd.adobe.com/view/30080812-36e9-4257-a76c-64b9db55c4c1	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	https://4271c5088749124ef40631cb8.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	40.126.32.76
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT1lNDkwZjQyMi03YTgzLTQxZGUtOTA0My00NzMwNDhhZDBiOTUmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l	Get hash	malicious	Unknown	Browse	13.107.246.57
	https://security-us.m.mimecastprotect.com/ttpwp/?tkn=3.0JfxfH8ssmm4IH6cwCFt-D9qW8OfbSAI3GS_btQfQlhldgcwCnCLHOyJ29U3WB7DtC_DhQgg-MQmn_Q3nA6YAOMW_gWm7KyNL-ia48d-H6d4D5ATg5kL5M3JPWyG3CkSJb5TEl4olwCIO6QZGRmDfJp48aiZoORuXZ_tdiGfAoM.wnVN2YKcNuAslAQ06pDpdg#/enrollment?key=7aeab67f-ce32-30f5-9feb-9cd16579fa82	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	Bee2Pay Executed Docs#273291(Revised).pdf	Get hash	malicious	HTMLPhisher	Browse	40.99.217.130
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://thevetspets-my.sharepoint.com/:f:/g/personal/personstreet_oakheartvet_com/ErfxB4NKcu9BtaXM9b3uJ4QBgHu5vyRIpI1fIUmDhAHibw?e=bLfo6F	Get hash	malicious	Unknown	Browse	52.98.175.18
	https://buscenopath.z5.web.core.windows.net/bt95mlL4	Get hash	malicious	HTMLPhisher	Browse	20.209.154.137
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.57
	https://indd.adobe.com/view/30080812-36e9-4257-a76c-64b9db55c4c1	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	https://4271c5088749124ef40631cb8.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	40.126.32.76
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.64
	https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fadmin.microsoft.com%2Fadminportal%2Fhome%3F%23%2Fsubscriptions&p=bT1lNDkwZjQyMi03YTgzLTQxZGUtOTA0My00NzMwNDhhZDBiOTUmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1ob21l	Get hash	malicious	Unknown	Browse	13.107.246.57
	https://security-us.m.mimecastprotect.com/ttpwp/?tkn=3.0JfxfH8ssmm4IH6cwCFt-D9qW8OfbSAI3GS_btQfQlhldgcwCnCLHOyJ29U3WB7DtC_DhQgg-MQmn_Q3nA6YAOMW_gWm7KyNL-ia48d-H6d4D5ATg5kL5M3JPWyG3CkSJb5TEl4olwCIO6QZGRmDfJp48aiZoORuXZ_tdiGfAoM.wnVN2YKcNuAslAQ06pDpdg#/enrollment?key=7aeab67f-ce32-30f5-9feb-9cd16579fa82	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	Bee2Pay Executed Docs#273291(Revised).pdf	Get hash	malicious	HTMLPhisher	Browse	40.99.217.130

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Roaming\rtw_Scan\unrar.dll	RzDiagnostic.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.1379890379152853
Encrypted:	false
SSDEEP:	6:kK1ti9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:NTDnLNkPlE99SNxAhUe/3
MD5:	2186A3F9415BC7C5490E39973833A4C6
SHA1:	2181BBA8CACF767A4896A6D75132B1D6A11EFBA0
SHA-256:	C587335590E72B69FDA73CFF89C4C94AA945290BF7AD9C2A6F091DC4D485ECDD
SHA-512:	8312DB0E42DC1FADE02A49ABE6EDE84F47C09F1BC99E0B15D82100AB654304DEA1DD39FD379E30F1AEC356CE5D1C87BAE3AF2B1DA9E0E4271EFBFDA0BCDC9B64
Malicious:	false
Preview:	p...... ...........#....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\078acd2f-4ca0-44f6-9306-ef681b6a8c38.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	48489
Entropy (8bit):	6.094121295371655
Encrypted:	false
SSDEEP:	768:MMGQ7FCYXGIgtDAWtJ4nKun7hfgMb2IYEeTT5oFAqMCoijMYxhJyXW2eh02tdzCj:MMGQ5XMBGK4i5EeTTvqrvE6raoi
MD5:	8BC456B3979067373E3EEFD08583E869
SHA1:	289A5E975F1C000FE29C254E99FA874B1EF03254
SHA-256:	C7BE52E0C676F132D0055B0683353F76182C526C123C0447738113D6985B7313
SHA-512:	9CEF2F257A06270782E62B245DF75435A9A406EA6C24941CE4E0151C84AC80CBB7279D3AE890EEEC88803B4588F83FC79270A39485DF1166C17F1CEF6112FE4B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725037554"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b42c71a-673c-4ca7-b99e-b7d2e18f1538.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	48645
Entropy (8bit):	6.093568476424159
Encrypted:	false
SSDEEP:	768:iMGQ7FCYXGIgtDAWtJ4h9LL7hfgMb2IdEeTT5oFAqMCoijMYxhJyXW2eh02tdzCj:iMGQ5XMBm9nioEeTTvqrvE6raoi
MD5:	FEAE110A748FF3A2FB460BF33B8D7D29
SHA1:	C80FE2C69398A575A57681B8DC85C715C19F7086
SHA-256:	B976014F84C0AAB122251033541723525B518099188422FFCE0AB2BB2496A0DF
SHA-512:	541131DE099AD929724786178B11213DD0DF6DA634F617A8B1DA03AB42E44393A5823009644B34270D9B4C3169ED35A90E7D91C50137204FBF2B8751E4BAE37F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725037596"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3e861bf2-932e-4afe-b02d-9f259f75f4ae.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58113
Entropy (8bit):	6.105824098630139
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7yOzi5EeTTvqrvEtoYKBuSZ+aoo:k/0+zI7yOe5EGTivWKBuWNP
MD5:	0BEF7DD971BE4F26879AD0790A0EEF6B
SHA1:	4CC3A57A9F810C3CBA1FF0BE170712FE083A6FEA
SHA-256:	1CC6FD88EDAFA3888064FABE769076B5650314D4F54C7BB8343ABE4111DB0750
SHA-512:	3CF272779FC111FAFF75D8BF0E2A21C5D00ACF7BDC372A0DD3877ACE8237AB1B415EC0AE70037FD97792A9F00CDB0E710390992855036AE9F791B0FE70FB3966
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\479d5865-8b75-4e4a-bdc2-40d2ee113bc3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7a96f0ca-d19b-48ca-9235-0707ae93d779.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	48568
Entropy (8bit):	6.093609683911224
Encrypted:	false
SSDEEP:	768:iMGQ7FCYXGIgtDAWtJ4nKLL7hfgMb2IYEeTT5oFAqMCoijMYxhJyXW2eh02tdzCj:iMGQ5XMBGKni5EeTTvqrvE6raoi
MD5:	553A4A6F7C5AA974746185150BB9F0AF
SHA1:	F5E297F6BE8B5930E971839D720C79FAA5DE9327
SHA-256:	1FDF97E2FECF5E216C73B6F353C3CE54EA65F4F6E601459F24CCB22D184054A0
SHA-512:	BCF1113AFFD449690DAD875B1923F96B21185949A37995085ADB6BF954238A3EA11F4F8ACECB90E5FFAA430009D8EE5BF9A501B3824F11963FCFCFDB53E808E4
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725037596"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\84e290c0-7a4a-4c1e-b3c9-e86704366835.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640149995732079
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
MD5:	AD9FA3B6C5E14C97CFD9D9A6994CC84A
SHA1:	EF063B4A4988723E0794662EC9D9831DB6566E83
SHA-256:	DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
SHA-512:	81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\ca1c38ef-f2b8-434f-b532-40ebf606e0ae.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640149995732079
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
MD5:	AD9FA3B6C5E14C97CFD9D9A6994CC84A
SHA1:	EF063B4A4988723E0794662EC9D9831DB6566E83
SHA-256:	DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
SHA-512:	81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D1FBED-B1C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.03986161975901308
Encrypted:	false
SSDEEP:	192:k1N0o3tmP6rcKnJXltWaLdLTTnSGXPKgqgezYhHBNE8n7ORQ8+BnHHn8y08Tcm2D:U0sthV5usdhhTaknn08T2RGOD
MD5:	A0089801023399C88576C2C04A2ABC7E
SHA1:	C76DE5EFE63E4AA2D28E6D841ED05A3167A16ED5
SHA-256:	1ABBD4FE2FA92FF20491E483BFD95F82FF3C4BB388B646D9A51033711D30CFC4
SHA-512:	0128BFFE7A03BD0AF446FED5199391F0637B57D7A1791ED45E6438C55C2D7D8F4742EB8ABB1C1698DB0BA75F1FF153682AE24B6D5594EC62A53CE146DA81668A
Malicious:	false
Preview:	...@..@...@.....C.].....@................^..xN..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".drmneg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............2......................w..U.>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....+....W@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D1FBEE-1AE0.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.5274918382414562
Encrypted:	false
SSDEEP:	6144:0zroqrg+I/Kriq/GI5lEXaHkNaHyS64QbjOxevE47Te:sI/sbl3s/bj
MD5:	C2DDD164A6260403E4795DCA1082E72C
SHA1:	C91B280BAE146C13898B2E70D6E9CC56914DAD07
SHA-256:	2325DF5B29EEF035193BCE1BF624C1BF3F8521DF6C4D6B6AFD0DF055C4ED0EA8
SHA-512:	50F1189A456162BD6D74DEEC85184AC2D452CE3CACB46B754FEB6D869D6150211F80490DAC207352CD6BB3C8D0337BF9E8FA0A0A447B8E1C0E1F9299AF35E821
Malicious:	false
Preview:	...@..@...@.....C.].....@................>...>..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....u.........117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".drmneg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............2......................w..U?:K..>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....+....W@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggere

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.175487325473111
Encrypted:	false
SSDEEP:	3:FiWWltlUEuWZW4HSRqOFhJXI2EyBl+BVP/Sh/JzvKo8sBXwlD1:o1UuyRqsx+BVsJDKo89
MD5:	A7CCECF522C54F332C20F87364541D21
SHA1:	9BC0158838376771524775C6A21B2C288B85DF29
SHA-256:	C0DFA7F2AC753029B585282D72FA7FFB637B25EEEABCFABD34F5AFAEF6B52414
SHA-512:	97384C313176F334940858D10F81EB8863FB373FA3698F7BDCEA125F9DF234FFB7255DCADA1A6A1311F47F1262CDDC0AB58D866F575176A0D8E300BE12CDD874
Malicious:	false
Preview:	sdPC......................z....K..s...x."1SCRpGKHAwpF5kOwXUUSc/ojBrTkNG2SgkvqW1WE7kI="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7dc5f755-0f90-4102-bc8e-37d02917bdc7............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0d43cff4-cf3e-485e-8a77-5197087b8638.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13423
Entropy (8bit):	5.2504692053053486
Encrypted:	false
SSDEEP:	192:st/J9pQTryZioojaba4uyYs3uO2hh2kHw3uF8QbV+FiAaesQP6BFJ:st/LAo/ujs3u3X9f9bGiOs/
MD5:	6736D9F674153C36F06716FE80E2E82F
SHA1:	B873F2274DEEA13FEAEF124F5BA087284C690170
SHA-256:	53910BF45799D5635D33AC8353BC49BA41E0328B0E052604AB71B282A348AD5D
SHA-512:	FBD04E26E02F6BA7D32646BC3224290723D6B267139D809AC13A173E04E2F11FD7AD81E242FF0645175C519F13B9865D50D744880A5C3A6BBACEA3FE0E74EE45
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\237f8db5-fa93-44e9-8ab9-7cde6b54eb91.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11905
Entropy (8bit):	5.183140988791892
Encrypted:	false
SSDEEP:	192:st/J9pQTryZigaba4uyUs3uO2hjkNw3uF88bV+FiATesQP6YJ:st/LA3u7s3u3gfpbGiNs+
MD5:	12060948B2BD4C5C1B6FBAC6AAAA6FFD
SHA1:	3DEF70520E62F9ACE357615B483101CA79316F62
SHA-256:	FC7459FE155C394BBE76EE73867A3382BA0247E1178CA83EFB787C40E695594F
SHA-512:	A9C2FA6A98818457D02CE2CC6CFF989AEE80B3FE75B7F22E2B8C57C6EC5F897132711E9ADCAF3F13EEFFEF18BD94E46B511838CC1817008D3018AC06D3D1BB87
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2b16487d-c5c3-429d-9a96-d2780684cc15.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14100
Entropy (8bit):	5.249446267535632
Encrypted:	false
SSDEEP:	192:st/J9pQTryZioojaba4uyNs3uO2hh2kHw3uF8QbV+FAGQfyyEsQP6BFJ:st/LAo/uMs3u3X9f9bG5QjEs/
MD5:	26A7E6002CDCDEFB895E934D6591759B
SHA1:	21D33101B4A440E1393B203E69FFB38450DB9A7F
SHA-256:	C370EB7581CF450463AB555F1DF1B93304727D86878EC8F274C3AE5948FB3FFF
SHA-512:	1C8D2D724F30B450DED205AFD72CA83D50C7D10172CD3E272EBE37BF61DAF548D73F90A411D63D3521872E60454C5280E6F382DD3D886E7DAE4F1BE69D8364AC
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\42e49224-df75-435b-a4f9-eee48bfd7d1e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4ca2c3db-0dd1-4cb3-a920-bb31092b3191.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	39660
Entropy (8bit):	5.562013807499398
Encrypted:	false
SSDEEP:	768:Itc/jc7pLGLvmMWPF9fUU8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3oudN7KrwWc53p:Itc/jAcvmMWPF9fUUu1jaCouD7vWcz+0
MD5:	0686D68D77FF484656BAEFB936EA671F
SHA1:	42E964F853371CF087A6D62DFA82241CAA9060A9
SHA-256:	F0D59E7AA303865BCFE896F5B4B9DBECDEFDA4C2AF4863611DAEF27012845371
SHA-512:	A1E9E6D2633931D04A388B150E0264525680C570C14E2FBBD415E92CC310BF4077B467B77337CC89600174A382D732883116CA1E103571A2CD64090C9E2FF445
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369511150432236","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369511150432236","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56eb5bb1-4ac1-4cb8-9a8e-d7bec83e7a11.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14570
Entropy (8bit):	5.258811659183555
Encrypted:	false
SSDEEP:	192:st/J9pQTryZioojaba4uyNs3uO2hh2kHyuF8QbV+FAGQdagEsQP6BFJ:st/LAo/uMs3u3X9L9bG5QpEs/
MD5:	CDDF4D6C25659EA9243A382A4A1EA778
SHA1:	069EC6AA30F2B40AD86FE2A7D23DB69450C186EA
SHA-256:	CDCF0CCF93DF354CC9D44355036EB29592B66051EC6A7F587ECB72A97169E941
SHA-512:	F133AA421411605CAD26F42D61D7F55BD392D9BAE91F90372E8BD081A5D732D0DCBB6C6E2874B9E772EF2342CFECA99653DE3454A5DA07D24EC89DB5D5D04371
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5ba069d0-5577-4065-9800-9b675f577ed7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37816
Entropy (8bit):	5.555654088299773
Encrypted:	false
SSDEEP:	768:Itc/jc7pLGLvmMWPF9fbU8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2dN7KrwWc43Ddr:Itc/jAcvmMWPF9fbUu1jazD7vWcG+t+
MD5:	1A58ECB0A4FFF6D43BB1A4C40510A845
SHA1:	41A6ABBB21C7A127FB1394F67E4E11EBE7D1CB0B
SHA-256:	83965C4FC221D61D1869AA61F22ECD01599A25D802435AC40002F88F5939F064
SHA-512:	C604533B72415D3C2A5D0A265F8048B8298CE6FE11984579D42F76348E68FB4DAD6507B2E0C6307101325C87476E3A33D0575B7DADF8A92AA445D78614769EB1
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369511150432236","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369511150432236","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222886569703983
Encrypted:	false
SSDEEP:	24576:F0PkZpV0fI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:F0MZpV0fx2mjF
MD5:	B136C6941D8B7E525C3356BCDE267AB8
SHA1:	796F9C78FF9D9FC16FB99EF90BBC5A3C2EB7B323
SHA-256:	82A2F8AAB5476FE31798364BA94727195D1FA5987D6B6110A1D796C3D3CA112C
SHA-512:	53A9D5274B24BF2CB6A5DA99D51D42622B40DB55F44A419C6D682C40C14918472C9EFA08159ACB0D9D82F44E74BC01669B00F4E43B762F7F8134FC1999DA8F43
Malicious:	false
Preview:	...m.................DB_VERSION.1...8.................QUERY_TIMESTAMP:arbitration_priority_list4...13341056840624329.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.144832167357144
Encrypted:	false
SSDEEP:	6:FybAON+q2PRN23oH+Tcwt9Eh1tIFUt8oy5ZZmw+oyVbVkwORN23oH+Tcwt9Eh15d:obAOIvaYeb9Eh16FUt8X5Z/+XVB5JYe8
MD5:	7F5318B6113E59715DA93FA95E594628
SHA1:	D3C44884897AF49FBE9AB593D1745070956F4E1F
SHA-256:	35577FD058DA30FD426E895BC5F1FEAC78A938654AD0118F61421B1F4C749EDE
SHA-512:	79A57CC15AF20134BEDDD43FC26AA36CABC89B218D37F2B4279E61CACD316A2625A466EA38336BA4209A39DB085DD8EEED49948479A2672FA76302DA2BE199BC
Malicious:	false
Preview:	2024/08/30-13:05:53.964 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/30-13:05:53.966 1e38 Recovering log #3.2024/08/30-13:05:54.185 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.144832167357144
Encrypted:	false
SSDEEP:	6:FybAON+q2PRN23oH+Tcwt9Eh1tIFUt8oy5ZZmw+oyVbVkwORN23oH+Tcwt9Eh15d:obAOIvaYeb9Eh16FUt8X5Z/+XVB5JYe8
MD5:	7F5318B6113E59715DA93FA95E594628
SHA1:	D3C44884897AF49FBE9AB593D1745070956F4E1F
SHA-256:	35577FD058DA30FD426E895BC5F1FEAC78A938654AD0118F61421B1F4C749EDE
SHA-512:	79A57CC15AF20134BEDDD43FC26AA36CABC89B218D37F2B4279E61CACD316A2625A466EA38336BA4209A39DB085DD8EEED49948479A2672FA76302DA2BE199BC
Malicious:	false
Preview:	2024/08/30-13:05:53.964 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/30-13:05:53.966 1e38 Recovering log #3.2024/08/30-13:05:54.185 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 34, database pages 18, cookie 0x19, schema 4, UTF-8, version-valid-for 34
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.4947385728088827
Encrypted:	false
SSDEEP:	96:xR94jweGq2L4H7pgNPdQyoDbel9myJrDVb4:f94ZBS4FgNPdPl9myRDVb4
MD5:	29C9AF42D59BA452C914D337F83778D8
SHA1:	0D4075E73B0189BD28D6968499DCFDE5975116CB
SHA-256:	DFDAE22D17235546DAF4200A5920C46B10E0885D9A0BE747D3DE14F432817613
SHA-512:	DB03C53D1CC2AE5E1E7882437730454AC27842FE5211A6DBDBBB5131EB0D607DB5D2F26EADB08CD9BAD90FD93D6E04A2C27361FE5BD1B510467D2E9BAEF90FBE
Malicious:	false
Preview:	SQLite format 3......@ ..."..................................................................."..j....................0...{...h.6.~.%...U........................................................................................................................................................................................................................................................................................................................................................................G...##..Utablecollectionscollections.CREATE TABLE collections ( id LONGVARCHAR PRIMARY KEY, date_created REAL NOT NULL, date_modified REAL NOT NULL, title LONGVARCHAR NOT NULL, position INTEGER NOT NULL, is_syncable INTEGER DEFAULT 1, suggestion_url LONGVARCHAR, suggestion_dismissed INTEGER, suggestion_type INTEGER, thumbnail BLOB, is_custom_thumbnail INTEGER NOT NULL DEFAULT 0, tag LONGVARCHAR, thumbnail_url LONGVARCHAR, is_marked_for_deletion INTEGER)..........tableitemsitems.CREATE TABLE items

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4872668315758326
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBMf6qBG:TouQq3qh7z3bY2LNW9WMcUvBi6q4
MD5:	A4314B275C6AFC496A0C6862D7F72DF5
SHA1:	1F69EE07D91C636361D7FE06071432D0C25B8FCA
SHA-256:	30CEBB6ED678FE09742679F5AD0E8E0F26C3E67AEEBA86B88A5D34243C7C66EE
SHA-512:	D60DD5E7AABA538F984D00C79DDF6E6DAA2C8EA1F8C2498A53A9B3B2053AE942BA8D3AD85F92CF8A47757D0F0D86BB1D1D29B04ED9D20C471F05CA8D3BFC0868
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.47693366977411E-4
Encrypted:	false
SSDEEP:	3:LsNlJN+l:Ls3na
MD5:	0034D9C2E97516D8B916FB7E10E99FB7
SHA1:	E7067C4A6B73C8112AF8FA36CA999A4EED858B06
SHA-256:	8CC9C533D5628B813F01FB1E763EAC9C3BDA48DE1B1467515E98F4B8AFCDB7B1
SHA-512:	13B205B2CE6B3B7E1A49FE2ED6C893BB997FE9CC1046B993A6DF230F40ADFCF1D1123E2EC2BB315C9558CFC1CEFBC020280B98D84A0B00D81DDE936EF4EEE2C0
Malicious:	false
Preview:	.........................................3..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.994010050744163
Encrypted:	false
SSDEEP:	3:iWstvhYNrkU1cleqjXHVFUw3CAlrLuOZf9:iptAwleqjX1HSaLZf9
MD5:	A105E51FE00336B6E15773C6527E666B
SHA1:	2DB0F6E166BDB55F73C77B649542B9810041B35C
SHA-256:	4D04DCB4BEE7F0510E10B56602A004B99C94E7C8184058CD1AF09B27E16D2AAB
SHA-512:	723027F9076E2370CD04EFF88613CBEFF1BCBD721168E7BF53F2EE68E0E6EAF04205FC5D7B177D3BCF37E39A4890711068D3FEB106215FE5695E1ABC6AD2FB7D
Malicious:	false
Preview:	...m.................DB_VERSION.1g.YL................FLYOUT_STORAGE:.{"personalization_data_consent_enabled":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.1804222620627725
Encrypted:	false
SSDEEP:	6:Fyni7+q2PRN23oH+TcwtnG2tMsIFUt8oynWF8Zmw+oynWF8VkwORN23oH+TcwtnB:o7vaYebn9GFUt8XWu/+XWC5JYebn95J
MD5:	DC2ECDE18594994AF9333597307CCE6D
SHA1:	ABBE7E045B7F9361383B2D46E06544D2C3EB5785
SHA-256:	6074276DE24FBDC175D763F1C14CC98F5D16EE22737EEFD0B40DAE923B7BF83C
SHA-512:	169A960B8DED5CE144967678EDA4003446E1A3D46C7E10602DB90A165A65A542D7D7D6AF10C41DA3DF9B98E4FBC5F74BE5F05D598BC9B84C5F32DC53F268D92D
Malicious:	false
Preview:	2024/08/30-13:05:50.452 1848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/30-13:05:50.453 1848 Recovering log #3.2024/08/30-13:05:50.453 1848 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.1804222620627725
Encrypted:	false
SSDEEP:	6:Fyni7+q2PRN23oH+TcwtnG2tMsIFUt8oynWF8Zmw+oynWF8VkwORN23oH+TcwtnB:o7vaYebn9GFUt8XWu/+XWC5JYebn95J
MD5:	DC2ECDE18594994AF9333597307CCE6D
SHA1:	ABBE7E045B7F9361383B2D46E06544D2C3EB5785
SHA-256:	6074276DE24FBDC175D763F1C14CC98F5D16EE22737EEFD0B40DAE923B7BF83C
SHA-512:	169A960B8DED5CE144967678EDA4003446E1A3D46C7E10602DB90A165A65A542D7D7D6AF10C41DA3DF9B98E4FBC5F74BE5F05D598BC9B84C5F32DC53F268D92D
Malicious:	false
Preview:	2024/08/30-13:05:50.452 1848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/30-13:05:50.453 1848 Recovering log #3.2024/08/30-13:05:50.453 1848 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6133650995672522
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+jW9WnOBpA9BWmL:TO8D4jJ/6Up+S03H
MD5:	A09018E62F7460D51BDEF2EE9B5834B0
SHA1:	6E448BFCE6C7090AB409DD19F76CF000286D0A37
SHA-256:	041FE6AF0244FAE6717DD672ED7904D8B5E520AB6E9543C32DF20E0D807710AA
SHA-512:	9C654140F2A289981F74B7B1770E9A310195257A28F6D6B51BB6B759E2AB7D24BB86F152FC7ACD261FC76E83497C104A20BD786AB0CBD26017128438AD660C88
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354089472668346
Encrypted:	false
SSDEEP:	6144:rA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:rFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	F0B4BB432F97C97B7A660DE34D52C2C6
SHA1:	F7007F82EDF2F5A6F1633ADCBE53B7DB3A1EB2E3
SHA-256:	A011AFF43FB05B99EB202E9880C9319CB76E3B286887215D1B512B5560097841
SHA-512:	EB6CF722F7542B9BF28689EC319D40B83920FA710A588AA324D79831953E845C179E44EF184D34DA2C8398E0049DB8EBAEEE898ED4A9F6CC3AE1A1B892E45C6D
Malicious:	false
Preview:	...m.................DB_VERSION.1.m.6q...............&QUERY_TIMESTAMP:domains_config_gz2...13369511154810537..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.164058553837365
Encrypted:	false
SSDEEP:	6:FyLUfD1RN23oH+Tcwtk2WwnvB2KLlPyUylyq2PRN23oH+Tcwtk2WwnvIFUv:ogMYebkxwnvFLgUeyvaYebkxwnQFUv
MD5:	BD492FEB6A00C6A5DA8D950F8BAED418
SHA1:	47A37D31F57779BA065AA81D324A5D3BCB051C5E
SHA-256:	73AB63BEEBB2E8B20464F5CC8200454C6660FF1A7135424DAF14E3C4640EEC2D
SHA-512:	61F23F57B49E8CC06E26272CD9B100B908A1C31AAF74273BDE2B4CAB92FB5BDD9F1BCB7E38A291803D32854536834764D0A78E53FA4F059B1DB7C7D508B27662
Malicious:	false
Preview:	2024/08/30-13:05:54.021 1e70 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/08/30-13:05:54.093 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.32462414371598
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R2:C1gAg1zfvO
MD5:	94BA384132F42A7FFBAFEFE99E954CC0
SHA1:	16718E8C305F21912725450BE9D66A51A31F8C14
SHA-256:	D85C319948578CC9DC632C2EB1691FA9414CC3DEF1A0DD9E3556085BAC55C781
SHA-512:	B60A1C09F364CD79BB98FDC31FF6CC318D39A86225F4ECD11AA2BA595A2625A52EF69B2D1A284619FF0CF7CE67A6350FA72CFAE3544DD6CD81EB44ACDF00A1EE
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.122392111974422
Encrypted:	false
SSDEEP:	6:Fyns/N4q2PRN23oH+Tcwt8aPrqIFUt8oynWF4JZmw+oynWF4DkwORN23oH+Tcwtc:osmvaYebL3FUt8XWI/+XWQ5JYebQJ
MD5:	84F1F56AD4D2CFC097A4AAA5EC7C9031
SHA1:	98F86F59092F07791F53B824C5A2C518BAB1898C
SHA-256:	DFAB0AA9627BEC6BCF6A6775D958E0F6599BDE96F7643F6C9B2F2BF926044A55
SHA-512:	CA3E4362A8ECE7E939AEEDC65698ED199C72A14CA675E2E15257FCFA2BC403E64836D1FCE6137DC053FAAF092B4E993FF271137062E11EE7C57C2F1669A80908
Malicious:	false
Preview:	2024/08/30-13:05:50.452 1600 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/30-13:05:50.453 1600 Recovering log #3.2024/08/30-13:05:50.453 1600 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.122392111974422
Encrypted:	false
SSDEEP:	6:Fyns/N4q2PRN23oH+Tcwt8aPrqIFUt8oynWF4JZmw+oynWF4DkwORN23oH+Tcwtc:osmvaYebL3FUt8XWI/+XWQ5JYebQJ
MD5:	84F1F56AD4D2CFC097A4AAA5EC7C9031
SHA1:	98F86F59092F07791F53B824C5A2C518BAB1898C
SHA-256:	DFAB0AA9627BEC6BCF6A6775D958E0F6599BDE96F7643F6C9B2F2BF926044A55
SHA-512:	CA3E4362A8ECE7E939AEEDC65698ED199C72A14CA675E2E15257FCFA2BC403E64836D1FCE6137DC053FAAF092B4E993FF271137062E11EE7C57C2F1669A80908
Malicious:	false
Preview:	2024/08/30-13:05:50.452 1600 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/30-13:05:50.453 1600 Recovering log #3.2024/08/30-13:05:50.453 1600 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.157832313128227
Encrypted:	false
SSDEEP:	6:FyncF44q2PRN23oH+Tcwt865IFUt8oyncF4JZmw+oyncF4DkwORN23oH+Tcwt86L:o0nvaYeb/WFUt8X0K/+X025JYeb/+SJ
MD5:	75651ABF4D698A094DCF95DC30433488
SHA1:	7AD23A17D34C75DA653C02E53295A51EA0593B77
SHA-256:	385876B57F76D70E78FFAFF2971771B86B2AB3D37120B648394DEDDB2CC41FBB
SHA-512:	EDCC30AE6B6D9B4E9FB69B561658BA8A3CF83BF17E902287474A26D8115CFC0232999C01839FBCDFB57E617540FC54907128713CD9224A090B87D572835A8DAE
Malicious:	false
Preview:	2024/08/30-13:05:50.459 1600 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/30-13:05:50.459 1600 Recovering log #3.2024/08/30-13:05:50.459 1600 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.157832313128227
Encrypted:	false
SSDEEP:	6:FyncF44q2PRN23oH+Tcwt865IFUt8oyncF4JZmw+oyncF4DkwORN23oH+Tcwt86L:o0nvaYeb/WFUt8X0K/+X025JYeb/+SJ
MD5:	75651ABF4D698A094DCF95DC30433488
SHA1:	7AD23A17D34C75DA653C02E53295A51EA0593B77
SHA-256:	385876B57F76D70E78FFAFF2971771B86B2AB3D37120B648394DEDDB2CC41FBB
SHA-512:	EDCC30AE6B6D9B4E9FB69B561658BA8A3CF83BF17E902287474A26D8115CFC0232999C01839FBCDFB57E617540FC54907128713CD9224A090B87D572835A8DAE
Malicious:	false
Preview:	2024/08/30-13:05:50.459 1600 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/30-13:05:50.459 1600 Recovering log #3.2024/08/30-13:05:50.459 1600 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.139161490319645
Encrypted:	false
SSDEEP:	6:Fys+q2PRN23oH+Tcwt8NIFUt8oyh7XZmw+oyh73VkwORN23oH+Tcwt8+eLJ:oxvaYebpFUt8Xh7X/+Xh7F5JYebqJ
MD5:	6E0494DFEC425F2EBC3E214E3BFFCC1C
SHA1:	539EA2B0D527B94886EEF746BCFC605C9A609A68
SHA-256:	CF880AAC83A8D2F427411FB0505AA232D4638B2FBAFBF8E25C4DFB5193E99C41
SHA-512:	FF28993EF339C72AB0F28666D888E65F33C25502F40C821F1F3FDB5E5C39F6D8D31F6A987EC1227F68DB54059EEEC9CB7A6427CB1EE2328F34377DA3CCFCA98E
Malicious:	false
Preview:	2024/08/30-13:05:51.037 1848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/30-13:05:51.038 1848 Recovering log #3.2024/08/30-13:05:51.038 1848 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.139161490319645
Encrypted:	false
SSDEEP:	6:Fys+q2PRN23oH+Tcwt8NIFUt8oyh7XZmw+oyh73VkwORN23oH+Tcwt8+eLJ:oxvaYebpFUt8Xh7X/+Xh7F5JYebqJ
MD5:	6E0494DFEC425F2EBC3E214E3BFFCC1C
SHA1:	539EA2B0D527B94886EEF746BCFC605C9A609A68
SHA-256:	CF880AAC83A8D2F427411FB0505AA232D4638B2FBAFBF8E25C4DFB5193E99C41
SHA-512:	FF28993EF339C72AB0F28666D888E65F33C25502F40C821F1F3FDB5E5C39F6D8D31F6A987EC1227F68DB54059EEEC9CB7A6427CB1EE2328F34377DA3CCFCA98E
Malicious:	false
Preview:	2024/08/30-13:05:51.037 1848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/30-13:05:51.038 1848 Recovering log #3.2024/08/30-13:05:51.038 1848 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 21, cookie 0x8, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	5.181567008566188
Encrypted:	false
SSDEEP:	768:si7FNPG3lAf3flFTnmJfxfT2CgbooEh2Hyxqu3f7Mnu0:si7FNPG3lAf3flFTnmJfxfmDEaycOf7e
MD5:	EFAC198A5A49D1B63AFA2CEC4E4E4080
SHA1:	ACCE6A3D657C320915585574CDB061FDD3CA341B
SHA-256:	8792A6A5897826E2B044D5A5ACE6CA6FFD92C7F4ADD78241A8BB5A2DDB53B0FF
SHA-512:	0843544FF088B75FC75CD2FCD4B2DEC9DF9E0DA7D82B50B520995D0E9C11E67B7208467AC891E9448F11F397AA43D428E1A4A3006C856D4ABC8431AE22ED9926
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.47693366977411E-4
Encrypted:	false
SSDEEP:	3:LsNlp:Ls3
MD5:	53453B4B762B07A46C8BCD36181152EF
SHA1:	1000E443279A5F26C6F8AF38D88E5D2E4D71BC38
SHA-256:	8EA17FE97584FD30E34F5F700CCA04453C3FB26ABC10718470ECA28C99709374
SHA-512:	7EFA056D7E8A72792D0A0AF884D6BC01B471E7FDD30DCC9EE920ED4D09FD0F0BBC4DF09E7538D66AAF508503BF64B292DB17A6F9EC5938DA3B201BFE05BB11FC
Malicious:	false
Preview:	............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.8384088684390638
Encrypted:	false
SSDEEP:	384:OjmJS2JjpI07jtu6hIU3iGzIBBE3qIwIj6:OCS2JVI07Ru6+oiDBBqe
MD5:	09ED1348EE9F1747EF2BDC3A058D3E2F
SHA1:	B79065CFA730E3BFB81919D49117D39647D7C286
SHA-256:	4618F46A889AABCB2F742F0F82548EAFA9F3B562C98B7AB98EEC22B15A8E117D
SHA-512:	CCFA3F53ED525A161C3A8E6BB534FFE9469DF9C9058E236326D6C01796AA9B8170B3CC734DC71295963209CB54B78DAFA00CA7E454A5170889C7E5D02EE44147
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	3.5489657781837107
Encrypted:	false
SSDEEP:	384:jj9P0mYCcSQkQerkP/KbtZ773pLjgam6IHhRRKToaAu:jdhYFSe2kP/w7wX/RKcC
MD5:	870A43593BADF624F3AABC4A769377B7
SHA1:	CE0AB684526BD73D5EAAC06902AF5FC6FB45F5EB
SHA-256:	C89E1191096DDF1412C1A91EE7327FE038027610CEA3F8C6CB0BB7B344367DD4
SHA-512:	BB0D969F2FF3F5DF51098107A0B29FD1272B2B6495D2255359E442629758B12F1296EF4CE952B8FCB4B34F364EDF39550F811D178DA7A6BC5C19D05FBBE74488
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	404
Entropy (8bit):	5.243912911441907
Encrypted:	false
SSDEEP:	12:oxfjyvaYeb8rcHEZrELFUt8XxW/+XxOR5JYeb8rcHEZrEZSJ:MfMaYeb8nZrExg8B50JYeb8nZrEZe
MD5:	C0B73970B75725B56B4354F7432DE734
SHA1:	6D2D8B239718273ABC96A386E229553533DABA1B
SHA-256:	1382F78E250DF92A69EECE5377C946846750BD9FCCE36F9AAEBEC512A8360C47
SHA-512:	1793A09252A566B7A0CB369DB760C406678A552D51979F3700BE52C4D32CDF98B8FC5C4679E2F9BE1E687CD3BADD713A57C7767C5AA6BF3BFE5D41B8DD9078A8
Malicious:	false
Preview:	2024/08/30-13:05:52.133 1850 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/30-13:05:52.134 1850 Recovering log #3.2024/08/30-13:05:52.134 1850 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	404
Entropy (8bit):	5.243912911441907
Encrypted:	false
SSDEEP:	12:oxfjyvaYeb8rcHEZrELFUt8XxW/+XxOR5JYeb8rcHEZrEZSJ:MfMaYeb8nZrExg8B50JYeb8nZrEZe
MD5:	C0B73970B75725B56B4354F7432DE734
SHA1:	6D2D8B239718273ABC96A386E229553533DABA1B
SHA-256:	1382F78E250DF92A69EECE5377C946846750BD9FCCE36F9AAEBEC512A8360C47
SHA-512:	1793A09252A566B7A0CB369DB760C406678A552D51979F3700BE52C4D32CDF98B8FC5C4679E2F9BE1E687CD3BADD713A57C7767C5AA6BF3BFE5D41B8DD9078A8
Malicious:	false
Preview:	2024/08/30-13:05:52.133 1850 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/30-13:05:52.134 1850 Recovering log #3.2024/08/30-13:05:52.134 1850 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1462
Entropy (8bit):	5.759337313020754
Encrypted:	false
SSDEEP:	24:arWEMhF5Nm9KsUD1TDFnpJ+Tpm399nbFjW0uf0OuBqkucJfWum3b9ncum3O9nkPm:arjMhTA4sUpHlpJ0o9tFj9ucOuwkuCfE
MD5:	AE98DDAB665F4FB7AF42EF94E7D2EB3D
SHA1:	40EF0E21645D93DE8F974BFF0350BCD4095BC9EF
SHA-256:	890414EBCA5EFF6A7A31455121E22D733BDF9E1D9AECDD63573A61B829761F1A
SHA-512:	92E9C7F77B6028F76B9BD5EA4A803596B0F88AD30FF64E30DC0E8F3BC3C79AD985523A3E3F1ABE619C40CD2D6564298AC19A3D29315FC8B4508206968FBB235F
Malicious:	false
Preview:	.#...................VERSION.1..META:https://www.microsoft.com.............#_https://www.microsoft.com.._uetsid!.38f5b80066f211ef8e42955f49cff437.'_https://www.microsoft.com.._uetsid_exp..Sat, 31 Aug 2024 17:06:39 GMT.#_https://www.microsoft.com.._uetvid!.38f5f62066f211efbd70c5325bd23ed0.'_https://www.microsoft.com.._uetvid_exp..Wed, 24 Sep 2025 17:06:39 GMT.$_https://www.microsoft.com..li_adsId%.078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44.U_https://www.microsoft.com..Fri Aug 30 2024 13:06:36 GMT-0400 (Eastern Daylight Time)M.r..................META:https://apps.microsoft.com..........f.0_https://apps.microsoft.com..exp-session-expires..Fri, 13 Sep 2024 17:06:39 GMT.+_https://apps.microsoft.com..exp-session-id%.5c50c2be-2280-4894-8b9d-08769d5f6b5d.V_https://apps.microsoft.com..Fri Aug 30 2024 13:06:41 GMT-0400 (Eastern Daylight Time).V_https://apps.microsoft.com..Fri Aug 30 2024 13:06:42 GMT-0400 (Eastern Daylight Time)....................META:https://www.microsoft.com.............0_https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.144027660099353
Encrypted:	false
SSDEEP:	6:Fy0q2PRN23oH+Tcwt8a2jMGIFUt8oyXZmw+oy7AzkwORN23oH+Tcwt8a2jMmLJ:o0vaYeb8EFUt8XX/+X7Az5JYeb8bJ
MD5:	7099BD244030BC0966F5E2B8B336EE50
SHA1:	A1910EAE2026F53789C906DFA50239E644964ED8
SHA-256:	6FB9D641381436AB1F323B8876F04356910D98D23DBEDE89277929B0E0E63639
SHA-512:	5F470148069B9B8D660DD3E698C0F9A0B39D94124A4D3FA6075AA857ED2AD915134987302684E35A4FE9AE56CE8E88DB60B4192FC9897DD78F5FD28D29D19781
Malicious:	false
Preview:	2024/08/30-13:05:50.555 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/30-13:05:50.557 19d0 Recovering log #3.2024/08/30-13:05:50.563 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.144027660099353
Encrypted:	false
SSDEEP:	6:Fy0q2PRN23oH+Tcwt8a2jMGIFUt8oyXZmw+oy7AzkwORN23oH+Tcwt8a2jMmLJ:o0vaYeb8EFUt8XX/+X7Az5JYeb8bJ
MD5:	7099BD244030BC0966F5E2B8B336EE50
SHA1:	A1910EAE2026F53789C906DFA50239E644964ED8
SHA-256:	6FB9D641381436AB1F323B8876F04356910D98D23DBEDE89277929B0E0E63639
SHA-512:	5F470148069B9B8D660DD3E698C0F9A0B39D94124A4D3FA6075AA857ED2AD915134987302684E35A4FE9AE56CE8E88DB60B4192FC9897DD78F5FD28D29D19781
Malicious:	false
Preview:	2024/08/30-13:05:50.555 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/30-13:05:50.557 19d0 Recovering log #3.2024/08/30-13:05:50.563 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.48142010337272345
Encrypted:	false
SSDEEP:	96:b9n+8d3qAuhjspnWOvLT+dmUOsT9Xq92:E86
MD5:	BD17ACD28488D3588A255EAC12FB0DF1
SHA1:	FE0FF311BB4D2CEA407CBB9C232F940DAD392CE4
SHA-256:	2CD64A7E4749297E24C874DE976487F437A1997FD21A7510FB6C699F111A7CC0
SHA-512:	DA1F91EEDC4054F1313EEA22AD0F8ED2C5BE380CE77E929E1364C9D31848E5AA22384A566F329F14B2FD1C5E258359391B425DAB468DDAD28041D501543C7F17
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0e0d74c9-38f5-43f8-874e-e1522eeb75db.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1d13359e-d8c5-4084-8b1c-59d013a94d4a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.412733368651298
Encrypted:	false
SSDEEP:	3:YWRAWNjuUfmbHV2uxtrwWokZ8KB2SKcukqJx8HQXwlm9yJUA6XcIR6RX77XMqZWQ:YWyWNR8HVBrdLAvD8wXwlmUUAnIMp5B/
MD5:	1B0E9F6FA2B73AF09ED1BAA14134B9EE
SHA1:	19E26823EC30D0F485E1BBF96BDC3CD2A9EFED9C
SHA-256:	F73F9AA7F99D7F906DA81887F308E1F825CD9444D285D7139B0D2EB3D9D095DF
SHA-512:	72DB4047612D09203843866B0EB7B52DFABBF449ACDA38739C63DF460A9B467D8D276038CFD27B6CBD24A5D9C36CFC976451E599DA8A396C1B3160ED8E7E9E56
Malicious:	false
Preview:	{"sts":[{"expiry":1756573601.839228,"host":"+loO+DGmT6DTr59JZFAnGSlBAwPkO5M/R9ec1Sw/9KA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725037601.839233}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\547e93f8-a026-49f5-93ab-1c59ffa7cc51.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\61adf042-4ca1-4894-bac5-2f8482a30f6a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	3.2620807568240946
Encrypted:	false
SSDEEP:	192:ie9pqnDgICx3ldiPgPFmo5BrCVsFgsFQNEIecLoEy33QDGhKeHw:i0pwDgFAJo5pCVG/IecLoEy33QDGhw
MD5:	5790585A9A27117D3B5EAFC564F153AD
SHA1:	E480698671C92DC99B5600487C8C010A93B45D30
SHA-256:	CB63F6A3F8FC2276F062FF3C09610283E4C3F49FE54BBE937025B98BC6441914
SHA-512:	C9E593895604392D02077EE7D247FDE9642B03FB5A589BA4E54167AB1A6264D73D9967BED39A738670B76776D7A587FD1AE0297B633EF4C0218F07861A5184A0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF26d85.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2eb7f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.8282655411798971
Encrypted:	false
SSDEEP:	96:JkIEumQv8m1ccnvS6OsMWuAsXkjsT+pQSkstIPXAQEVNsp1wisMR53u1a:+IEumQv8m1ccnvS6WhlH
MD5:	CFE15F3762B95E54C05BAC82542CC513
SHA1:	EB1BA7BB61FE13D92F9952681FFED7051C79C6F1
SHA-256:	4F051401750049B387EE35759ACDE9178CA735A6BC03CA1617B26579762FD65A
SHA-512:	9073B474CF032BDDD0B01ACC0F11000E1C70FDFE1B88C74C9D6DB414CEA90BCC64E8D6E3FE9225653A4C2D4D02176AD448F1A5150B0FDA34169B742E006DD65B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF1d6f2.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF1e4fc.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Token Bindings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.4716248163409303
Encrypted:	false
SSDEEP:	24:TLYcfCNWbgZFORkq6cMfPmh0E6UwccI5fB:TeWbgZFORKPXU1cEB
MD5:	72E9D82D6C1742197EEA43EC203C6825
SHA1:	275AE552E437747FD707962111675AA2C8DEEB0F
SHA-256:	0DB0BA239E0421208146C4FBB809F2DBD960019FE4F4EC4CBC894C29627DD759
SHA-512:	C62C7C0C9BBE1CFAE2FEF39FBDF70BB5316713D87453096676BD854A19FDD8BC62F1608F8BE3602AD8770B94C13FFE5A9516F05A95548615CB78ED9CEADC7EA9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......q..g...q.0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.412733368651298
Encrypted:	false
SSDEEP:	3:YWRAWNjuUfmbHV2uxtrwWokZ8KB2SKcukqJx8HQXwlm9yJUA6XcIR6RX77XMqZWQ:YWyWNR8HVBrdLAvD8wXwlmUUAnIMp5B/
MD5:	1B0E9F6FA2B73AF09ED1BAA14134B9EE
SHA1:	19E26823EC30D0F485E1BBF96BDC3CD2A9EFED9C
SHA-256:	F73F9AA7F99D7F906DA81887F308E1F825CD9444D285D7139B0D2EB3D9D095DF
SHA-512:	72DB4047612D09203843866B0EB7B52DFABBF449ACDA38739C63DF460A9B467D8D276038CFD27B6CBD24A5D9C36CFC976451E599DA8A396C1B3160ED8E7E9E56
Malicious:	false
Preview:	{"sts":[{"expiry":1756573601.839228,"host":"+loO+DGmT6DTr59JZFAnGSlBAwPkO5M/R9ec1Sw/9KA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725037601.839233}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a93bfd59-44e4-42db-a5bc-1d60b1cb57ce.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ef70d208-c29c-4ea1-b425-241c88ff64a5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f3c3ddf5-d02b-4844-aed7-655b5437102c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2021
Entropy (8bit):	5.282343174300516
Encrypted:	false
SSDEEP:	48:YXsD8sofcds8xM6sfC5sCgusPZsl6sc5+H/b+:7MQxMVKg16c4/i
MD5:	F2E1987600FED069A95ACA5EC228104D
SHA1:	D7EF1DCF29037045E1990547E2D71A8C76E60E80
SHA-256:	D94D9AAD6755F465C5F1BC0E4E837C31257BEF25CD1B890452FB98DE10C1EB3C
SHA-512:	457C7EC00019AB4F9608C19A97F90529A8ECF85BD9C95457883102EB554F352D16F157297C4E350EFEA84304C034C29D0EA2BA7DF079EFD167C752AAB6F14AF8
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103153021209","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103153986295","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372103186671593","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABEAAABodHRwczovL2dvZmlsZS5pbwAAAA==",false],"server":"https://store9.gofile.io"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369604792382392","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f61fff43-49f3-4b63-b363-c44629e1db96.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11905
Entropy (8bit):	5.183140988791892
Encrypted:	false
SSDEEP:	192:st/J9pQTryZigaba4uyUs3uO2hjkNw3uF88bV+FiATesQP6YJ:st/LA3u7s3u3gfpbGiNs+
MD5:	12060948B2BD4C5C1B6FBAC6AAAA6FFD
SHA1:	3DEF70520E62F9ACE357615B483101CA79316F62
SHA-256:	FC7459FE155C394BBE76EE73867A3382BA0247E1178CA83EFB787C40E695594F
SHA-512:	A9C2FA6A98818457D02CE2CC6CFF989AEE80B3FE75B7F22E2B8C57C6EC5F897132711E9ADCAF3F13EEFFEF18BD94E46B511838CC1817008D3018AC06D3D1BB87
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2522d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11905
Entropy (8bit):	5.183140988791892
Encrypted:	false
SSDEEP:	192:st/J9pQTryZigaba4uyUs3uO2hjkNw3uF88bV+FiATesQP6YJ:st/LA3u7s3u3gfpbGiNs+
MD5:	12060948B2BD4C5C1B6FBAC6AAAA6FFD
SHA1:	3DEF70520E62F9ACE357615B483101CA79316F62
SHA-256:	FC7459FE155C394BBE76EE73867A3382BA0247E1178CA83EFB787C40E695594F
SHA-512:	A9C2FA6A98818457D02CE2CC6CFF989AEE80B3FE75B7F22E2B8C57C6EC5F897132711E9ADCAF3F13EEFFEF18BD94E46B511838CC1817008D3018AC06D3D1BB87
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF27d54.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11905
Entropy (8bit):	5.183140988791892
Encrypted:	false
SSDEEP:	192:st/J9pQTryZigaba4uyUs3uO2hjkNw3uF88bV+FiATesQP6YJ:st/LA3u7s3u3gfpbGiNs+
MD5:	12060948B2BD4C5C1B6FBAC6AAAA6FFD
SHA1:	3DEF70520E62F9ACE357615B483101CA79316F62
SHA-256:	FC7459FE155C394BBE76EE73867A3382BA0247E1178CA83EFB787C40E695594F
SHA-512:	A9C2FA6A98818457D02CE2CC6CFF989AEE80B3FE75B7F22E2B8C57C6EC5F897132711E9ADCAF3F13EEFFEF18BD94E46B511838CC1817008D3018AC06D3D1BB87
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2a781.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11905
Entropy (8bit):	5.183140988791892
Encrypted:	false
SSDEEP:	192:st/J9pQTryZigaba4uyUs3uO2hjkNw3uF88bV+FiATesQP6YJ:st/LA3u7s3u3gfpbGiNs+
MD5:	12060948B2BD4C5C1B6FBAC6AAAA6FFD
SHA1:	3DEF70520E62F9ACE357615B483101CA79316F62
SHA-256:	FC7459FE155C394BBE76EE73867A3382BA0247E1178CA83EFB787C40E695594F
SHA-512:	A9C2FA6A98818457D02CE2CC6CFF989AEE80B3FE75B7F22E2B8C57C6EC5F897132711E9ADCAF3F13EEFFEF18BD94E46B511838CC1817008D3018AC06D3D1BB87
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e14e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11905
Entropy (8bit):	5.183140988791892
Encrypted:	false
SSDEEP:	192:st/J9pQTryZigaba4uyUs3uO2hjkNw3uF88bV+FiATesQP6YJ:st/LA3u7s3u3gfpbGiNs+
MD5:	12060948B2BD4C5C1B6FBAC6AAAA6FFD
SHA1:	3DEF70520E62F9ACE357615B483101CA79316F62
SHA-256:	FC7459FE155C394BBE76EE73867A3382BA0247E1178CA83EFB787C40E695594F
SHA-512:	A9C2FA6A98818457D02CE2CC6CFF989AEE80B3FE75B7F22E2B8C57C6EC5F897132711E9ADCAF3F13EEFFEF18BD94E46B511838CC1817008D3018AC06D3D1BB87
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37816
Entropy (8bit):	5.555654088299773
Encrypted:	false
SSDEEP:	768:Itc/jc7pLGLvmMWPF9fbU8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2dN7KrwWc43Ddr:Itc/jAcvmMWPF9fbUu1jazD7vWcG+t+
MD5:	1A58ECB0A4FFF6D43BB1A4C40510A845
SHA1:	41A6ABBB21C7A127FB1394F67E4E11EBE7D1CB0B
SHA-256:	83965C4FC221D61D1869AA61F22ECD01599A25D802435AC40002F88F5939F064
SHA-512:	C604533B72415D3C2A5D0A265F8048B8298CE6FE11984579D42F76348E68FB4DAD6507B2E0C6307101325C87476E3A33D0575B7DADF8A92AA445D78614769EB1
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369511150432236","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369511150432236","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2381d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37816
Entropy (8bit):	5.555654088299773
Encrypted:	false
SSDEEP:	768:Itc/jc7pLGLvmMWPF9fbU8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2dN7KrwWc43Ddr:Itc/jAcvmMWPF9fbUu1jazD7vWcG+t+
MD5:	1A58ECB0A4FFF6D43BB1A4C40510A845
SHA1:	41A6ABBB21C7A127FB1394F67E4E11EBE7D1CB0B
SHA-256:	83965C4FC221D61D1869AA61F22ECD01599A25D802435AC40002F88F5939F064
SHA-512:	C604533B72415D3C2A5D0A265F8048B8298CE6FE11984579D42F76348E68FB4DAD6507B2E0C6307101325C87476E3A33D0575B7DADF8A92AA445D78614769EB1
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369511150432236","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369511150432236","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.323098996850684
Encrypted:	false
SSDEEP:	3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
MD5:	8DA62954B0B14642CF287A260418E39B
SHA1:	E82BF98669AE1D73BBD9294D9F454044D5C2622E
SHA-256:	B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
SHA-512:	E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.1768671738673495
Encrypted:	false
SSDEEP:	6:FZzQF4AAB1RN23oH+TcwtE/a252KLlPZ13+q2PRN23oH+TcwtE/a2ZIFUv:LzGYeb8xLj1OvaYeb8J2FUv
MD5:	332E5712FB77A30D09005F3BC49CB687
SHA1:	D0FF59EE666F1CB6949FA95C5A89AB4E1F96C791
SHA-256:	51F82F16EA4BC8142204B82F8648B7CDF82A3459DEEF33A8FCA3EB35A281F70B
SHA-512:	EFA7B09D74835609368B4459E389BE179FB82B9E4304277840A708DF9696331EE80A2360F33C915B3914A45E05DE8A824BEEA2136185E39F5C2E5E0BC9F0BDEB
Malicious:	false
Preview:	2024/08/30-13:06:53.535 1848 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/08/30-13:06:53.546 1848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	76090
Entropy (8bit):	5.230026646432808
Encrypted:	false
SSDEEP:	1536:dCABcSTJBVVxXe+hNygnyF5Tw8/2QOxAAEKliq1AXYLc:cABRJBVVxXe+hNygy7Tw8/ZOeafuXYLc
MD5:	130EAAFB7F3430982191F8EFFA49E153
SHA1:	96E01D955411C4C92DF5DEC594330C41C50CBEC7
SHA-256:	F0C0AFF9019611B8D85FBE82E7429544943E71450BA5342CBF2EB35E7CFE8316
SHA-512:	F907B2C428AB2942077D7E3AB8B6E431E0D07924DA8A4AE7A9DAABEF670512157F28AE49380B082100BAA524E5D26BEA5D9A09501D3EBD44F2F79EE2E89D8C5A
Malicious:	false
Preview:	0\r..m..........rSG.....0try {. self["workbox:core:6.6.0"] && _();.} catch {.}.const ee = (s, ...e) => {. let t = s;. return e.length > 0 && (t += ` :: ${JSON.stringify(e)}`), t;.}, te = ee;.class h extends Error {. /*. . * @param {string} errorCode The error code that. * identifies this particular error.. * @param {Object=} details Any relevant arguments. * that will help developers identify issues should. * be added as a key on the context object.. /. constructor(e, t) {. const a = te(e, t);. super(a), this.name = e, this.details = t;. }.}.try {. self["workbox:routing:6.6.0"] && _();.} catch {.}.const $ = "GET", L = (s) => s && typeof s == "object" ? s : { handle: s };.class C {. /. Constructor for Route class.. . @param {workbox-routing~matchCallback} match. * A callback function that determines whether the route matches a given. * `fetch` event by returning a non-falsy value.. * @param {workbox-routing~handlerCallback} handler A cal

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	82001
Entropy (8bit):	6.1470225902352436
Encrypted:	false
SSDEEP:	1536:cs4tB09Dz01NhbxXjmyJNesVXgqPlgacYi+831cfiUbW1:c3no43bJjmyJwsKqPpm+GmfiUbW1
MD5:	F12AAE79A18752FD2886C4EDD4F78F99
SHA1:	E710A8A31555CC1E86CEE6BD46113A74C4E2548C
SHA-256:	638C6C0CB0E60266B56ED2DFDE55514A233B02A2910E5AF4E12A4784CAD18DA0
SHA-512:	D8F1CDCB20E23C3DCE5E4B13F4EF54B7129912C9C8865A30AC02B9AD247CDC253DC73D70E1975B21F5ADF25BC692E0749F3D50D908C8B01424CD1AE6939C0124
Malicious:	false
Preview:	0\r..m..........rSG.....0....Lp.................;I.......?.......,T.....`(......L`.....1.L`.....,T..`.....<L`......Sb...............`.......Sb.`......n.....Rb........ee....RbZ.......te................q...Rb..7.....se....Rb...h....ae....Rb.......ne..........Rb.[.w....re...........Rb.......ie........Rb..!....oe....q...Rb...I....ue....q.......RbJc......de....Rb. .f....fe....1...Rb...a....me....1...1.................q...q.......Rb..].....ke....Rb..~....Le.......Rb2.......De....1.......Rb..v.....Ue....Rb"Y3Y....Pe....q...Rb.3^.....Ne....Rb.......Se....Rb........Ke....1.......Rb.n.]....We.......1...Rb..*/....qe....Rbj.......Qe....Rb........Ge....Rb..).....ze...............................................................................................................................................................................................................................Ib.........0....b....A...r...,T.8.`......L`......RbF[h.....url...r........Dh............-....-......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.499372319564014
Encrypted:	false
SSDEEP:	3:FrU0E0Xl/lP/lxErlllnsjN+:hA2p+
MD5:	68EAF53F920D903E168C449A62D6F09C
SHA1:	3AE7ADDB636F9276AAA1A7BF5259A9F74C974E70
SHA-256:	8E766E3D67EE1DFA3D9902A3247C3E11BD8A21627B02EF0F6C922787E7547E05
SHA-512:	9ABCE7D2F8CD6901979E3B4278856657BB3960E54A04735926C4C4FC1F63996C853F8D74E3FCCA176039DB3ED62BF3CEAF720FF31D4D43667F6DA2AA2F9D2FB6
Malicious:	false
Preview:	@...pN..oy retne.............j...........X....,.........j.........../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.499372319564014
Encrypted:	false
SSDEEP:	3:FrU0E0Xl/lP/lxErlllnsjN+:hA2p+
MD5:	68EAF53F920D903E168C449A62D6F09C
SHA1:	3AE7ADDB636F9276AAA1A7BF5259A9F74C974E70
SHA-256:	8E766E3D67EE1DFA3D9902A3247C3E11BD8A21627B02EF0F6C922787E7547E05
SHA-512:	9ABCE7D2F8CD6901979E3B4278856657BB3960E54A04735926C4C4FC1F63996C853F8D74E3FCCA176039DB3ED62BF3CEAF720FF31D4D43667F6DA2AA2F9D2FB6
Malicious:	false
Preview:	@...pN..oy retne.............j...........X....,.........j.........../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF31936.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.499372319564014
Encrypted:	false
SSDEEP:	3:FrU0E0Xl/lP/lxErlllnsjN+:hA2p+
MD5:	68EAF53F920D903E168C449A62D6F09C
SHA1:	3AE7ADDB636F9276AAA1A7BF5259A9F74C974E70
SHA-256:	8E766E3D67EE1DFA3D9902A3247C3E11BD8A21627B02EF0F6C922787E7547E05
SHA-512:	9ABCE7D2F8CD6901979E3B4278856657BB3960E54A04735926C4C4FC1F63996C853F8D74E3FCCA176039DB3ED62BF3CEAF720FF31D4D43667F6DA2AA2F9D2FB6
Malicious:	false
Preview:	@...pN..oy retne.............j...........X....,.........j.........../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24099
Entropy (8bit):	3.834897195577189
Encrypted:	false
SSDEEP:	384:4jWp16rPOVipCt25tIFpDd/Vxdea302R9yf8hfe078TQNf8:4Kp8rPOVipCU5tIDDd/Vxdt397q4fe0I
MD5:	E27CE9CE32D1DA023C47748D2C375469
SHA1:	9E0D3D15E3073AD8561C562EEB3D387B51EB8E71
SHA-256:	9D9D0C3CEB4FBBCFAD5625658E1BA68E1F74401E22189987007EC040E20E16C3
SHA-512:	D74676671FA4AC34F1B44532E9085F844B3795F50DE39BE85254D61771C5001FFAB6B6AC09B23CF885FD6D62ACEFC0D804625F261834771D6E79E0883EBDE2C3
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f..................e................next-map-id.1.Fnamespace-89bef225_f359_4579_a0f9_9843cd9229cf-https://www.google.com/.0..:ih................next-map-id.2.Inamespace-f19250a8_f3e2_4dd4_a916_ba3acc3df8e7-https://www.microsoft.com/.1..Lfi................next-map-id.3.Jnamespace-f19250a8_f3e2_4dd4_a916_ba3acc3df8e7-https://apps.microsoft.com/.2.)..g................map-1-_cltk.y.0.x.o.m.1..?map-1-Fri Aug 30 2024 13:06:36 GMT-0400 (Eastern Daylight Time).."..Y...............map-2-AI_buffer..[.".{.\.".t.i.m.e.\.".:.\.".2.0.2.4.-.0.8.-.3.0.T.1.7.:.0.6.:.4.1...7.9.7.Z.\.".,.\.".i.K.e.y.\.".:.\.".5.e.4.3.a.5.f.6.-.a.9.2.a.-.4.0.d.a.-.b.6.b.c.-.5.9.f.0.2.a.7.2.7.2.a.5.\.".,.\.".n.a.m.e.\.".:.\.".M.i.c.r.o.s.o.f.t...A.p.p.l.i.c.a.t.i.o.n.I.n.s.i.g.h.t.s...5.e.4.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.157286271298273
Encrypted:	false
SSDEEP:	6:FygAIq2PRN23oH+TcwtrQMxIFUt8oyaZmw+oy2MkwORN23oH+TcwtrQMFLJ:ogAIvaYebCFUt8Xa/+X2M5JYebtJ
MD5:	95ADF4E170BD2FD0C29676C3855E8DE8
SHA1:	D750059CA17C2360FBBE224A389D0FD9C73154E0
SHA-256:	A647FD971DCD49CE017B9646E1A09AC49910A7ED874C028E40B38DA1434DE519
SHA-512:	D64E03D01D32DCEDF228A6CD730A0FE3CF2A95E6D7FDAD851BA58F3CC9D9515EC4D0A9F1E472BE3DAF6819D79C7A16E7AB36751CFAEDBC207172C7D4A0F7011E
Malicious:	false
Preview:	2024/08/30-13:05:50.861 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/30-13:05:50.864 19d0 Recovering log #3.2024/08/30-13:05:50.867 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.157286271298273
Encrypted:	false
SSDEEP:	6:FygAIq2PRN23oH+TcwtrQMxIFUt8oyaZmw+oy2MkwORN23oH+TcwtrQMFLJ:ogAIvaYebCFUt8Xa/+X2M5JYebtJ
MD5:	95ADF4E170BD2FD0C29676C3855E8DE8
SHA1:	D750059CA17C2360FBBE224A389D0FD9C73154E0
SHA-256:	A647FD971DCD49CE017B9646E1A09AC49910A7ED874C028E40B38DA1434DE519
SHA-512:	D64E03D01D32DCEDF228A6CD730A0FE3CF2A95E6D7FDAD851BA58F3CC9D9515EC4D0A9F1E472BE3DAF6819D79C7A16E7AB36751CFAEDBC207172C7D4A0F7011E
Malicious:	false
Preview:	2024/08/30-13:05:50.861 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/30-13:05:50.864 19d0 Recovering log #3.2024/08/30-13:05:50.867 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369511152927614

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	21577
Entropy (8bit):	3.7322413452811114
Encrypted:	false
SSDEEP:	96:3X/WZATHn8Y7dmtQmudmtQmudmtQm69dmtQm38+MKPW8L5QX8+MKPf2vtmO2ib5e:3X/WeTHnDphhFojPW8WXzjPmD3H+/
MD5:	7B6851A139B915E1077778832CFF9BD1
SHA1:	0C88D5952CBCBE4116C08312135BDCE3C8B838E8
SHA-256:	34F01E403D0C41918F1C3AF52636680363C7923E449A8CF13A4ED9CB49472CAE
SHA-512:	E2E767E2990E9E83745E1964CA57302748298F2A4DA4DF21FF14A5377A3EDFE2C1F02A48BD67FDF3796D7F46037F3B2D1140CC8F498B00E057CF12A2D8867CA8
Malicious:	false
Preview:	SNSS.......+.#C...........+.#C......"+.#C...........+.#C.......+.#C.......,.#C.......,.#C....!..,.#C...............................+.#C,.#C1..,...,.#C$...8c312162_e03a_4296_ab70_f19079a9b69a...+.#C.......,.#C...............+.#C...+.#C.......................+.#C....................5..0...+.#C&...{544A81F3-86CF-4601-B565-C8CB2CA3983A}.....+.#C.......+.#C.......................,.#C....q..l...,.#C....r...file:///C:/Users/user/Desktop/140-DEMNADA%20LABORAL-%20JUZGADO%2003%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.svg..............!...............................................................x...............................x......._,... ..`,... .................................. ...................................................r...f.i.l.e.:./././.C.:./.U.s.e.r.s./.c.a.l.i./.D.e.s.k.t.o.p./.1.4.0.-.D.E.M.N.A.D.A.%.2.0.L.A.B.O.R.A.L.-.%.2.0.J.U.Z.G.A.D.O.%.2.0.0.3.%.2.0.C.I.V.I.L.%.2.0.D.E.L.%.2.0.C.I.R.C.U.I.T.O.%.2.0.R.A.M.A.%.2.0.J.U.D.I.C.I.A.L...s.v.g.................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.099963220465023
Encrypted:	false
SSDEEP:	6:Fytq2PRN23oH+Tcwt7Uh2ghZIFUt8oyjW8Zmw+oyjW8kwORN23oH+Tcwt7Uh2gnd:otvaYebIhHh2FUt8Xq8/+Xq85JYebIh9
MD5:	7C38A369533EA91AAC61DB29BEF3BBFF
SHA1:	B8DD5E54EAEFABB0782A2FA470009F40666B2055
SHA-256:	C78535CB7725345F4A1432AFBF9757C288AF46ABA20E4841F2B2CFDE955B320F
SHA-512:	170D24B09C179B6CF339846DC6ED8CCCF6687C1A03F20E6E75977482AC6FEABE42A219BD17DD2DAE3B64EFE7DB9BECFF3CBC1A5D034485890101294EA6695743
Malicious:	false
Preview:	2024/08/30-13:05:50.423 920 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/30-13:05:50.413 920 Recovering log #3.2024/08/30-13:05:50.413 920 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.099963220465023
Encrypted:	false
SSDEEP:	6:Fytq2PRN23oH+Tcwt7Uh2ghZIFUt8oyjW8Zmw+oyjW8kwORN23oH+Tcwt7Uh2gnd:otvaYebIhHh2FUt8Xq8/+Xq85JYebIh9
MD5:	7C38A369533EA91AAC61DB29BEF3BBFF
SHA1:	B8DD5E54EAEFABB0782A2FA470009F40666B2055
SHA-256:	C78535CB7725345F4A1432AFBF9757C288AF46ABA20E4841F2B2CFDE955B320F
SHA-512:	170D24B09C179B6CF339846DC6ED8CCCF6687C1A03F20E6E75977482AC6FEABE42A219BD17DD2DAE3B64EFE7DB9BECFF3CBC1A5D034485890101294EA6695743
Malicious:	false
Preview:	2024/08/30-13:05:50.423 920 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/30-13:05:50.413 920 Recovering log #3.2024/08/30-13:05:50.413 920 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.223477165411549
Encrypted:	false
SSDEEP:	12:onIvaYebvqBQFUt8XT4/+XMP5JYebvqBvJ:7aYebvZg8jWJYebvk
MD5:	F733A98951EDFBF0E9C7CCD481A778F4
SHA1:	2FD1DDE5A244F836C7AFF77AB4DFEA4DFB061723
SHA-256:	F45D457A8A2885FB792660D19A204DC2BCE79BA711ABB295DF32619874B7716D
SHA-512:	6AE72815434FD758C96990088EC826C01EF9DF9D038A80EF8E4A0D7D9F36252D2C4579D4C47288D0B3DF0F95835ED43497680FBC74204085C73F13218CDE5DF1
Malicious:	false
Preview:	2024/08/30-13:05:51.121 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/30-13:05:51.247 19d0 Recovering log #3.2024/08/30-13:05:51.252 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.223477165411549
Encrypted:	false
SSDEEP:	12:onIvaYebvqBQFUt8XT4/+XMP5JYebvqBvJ:7aYebvZg8jWJYebvk
MD5:	F733A98951EDFBF0E9C7CCD481A778F4
SHA1:	2FD1DDE5A244F836C7AFF77AB4DFEA4DFB061723
SHA-256:	F45D457A8A2885FB792660D19A204DC2BCE79BA711ABB295DF32619874B7716D
SHA-512:	6AE72815434FD758C96990088EC826C01EF9DF9D038A80EF8E4A0D7D9F36252D2C4579D4C47288D0B3DF0F95835ED43497680FBC74204085C73F13218CDE5DF1
Malicious:	false
Preview:	2024/08/30-13:05:51.121 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/30-13:05:51.247 19d0 Recovering log #3.2024/08/30-13:05:51.252 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\78479436-1b63-4dad-8305-bfe0d4e435a9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8b67a161-a305-4fc6-9d87-d1fa83a44c30.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\97fe52ae-3baf-4f54-a60d-ec40ea23d912.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF1e4fc.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e6287756-f554-4b99-8900-4e331ba5f981.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.2294979706973
Encrypted:	false
SSDEEP:	6:FZVHIq2PRN23oH+TcwtzjqEKj0QMxIFUt8oZVgZmw+oZVfkwORN23oH+Tcwtzjqg:LdIvaYebvqBZFUt8Ga/+GR5JYebvqBaJ
MD5:	A672C0543AE47D7E99900072EBC35FFF
SHA1:	78666CC611FB22C6996907542444E2CD1E0DA09C
SHA-256:	C4A0F577B46EBC7E3B9FA3D3329883AE04FB8FE19E4636E4E1701DA357A6B196
SHA-512:	77BE3CE7A1CC9B87F933809DC37F210D4C03226F63FA772D19279A8204586A01B3D5CD3B051908AF3F72D26DE59E503E2846BBF4FEB8AEB6464C20E6FD7951C8
Malicious:	false
Preview:	2024/08/30-13:06:07.131 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/30-13:06:07.132 19d0 Recovering log #3.2024/08/30-13:06:07.135 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.2294979706973
Encrypted:	false
SSDEEP:	6:FZVHIq2PRN23oH+TcwtzjqEKj0QMxIFUt8oZVgZmw+oZVfkwORN23oH+Tcwtzjqg:LdIvaYebvqBZFUt8Ga/+GR5JYebvqBaJ
MD5:	A672C0543AE47D7E99900072EBC35FFF
SHA1:	78666CC611FB22C6996907542444E2CD1E0DA09C
SHA-256:	C4A0F577B46EBC7E3B9FA3D3329883AE04FB8FE19E4636E4E1701DA357A6B196
SHA-512:	77BE3CE7A1CC9B87F933809DC37F210D4C03226F63FA772D19279A8204586A01B3D5CD3B051908AF3F72D26DE59E503E2846BBF4FEB8AEB6464C20E6FD7951C8
Malicious:	false
Preview:	2024/08/30-13:06:07.131 19d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/30-13:06:07.132 19d0 Recovering log #3.2024/08/30-13:06:07.135 19d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1842778064019805
Encrypted:	false
SSDEEP:	6:FylQFN+q2PRN23oH+TcwtpIFUt8oylUTWZmw+oyl+NVkwORN23oH+Tcwta/WLJ:olQN+vaYebmFUt8XlUTW/+Xl+NV5JYev
MD5:	7C2026EE59488EE69F92BBFC07161698
SHA1:	4A73E24675759D81BC5A198F960ABF1E0B74C677
SHA-256:	1CF9A65151A9B848D6DBA5AB27A41BD682D9877336655B010825074A008C93BB
SHA-512:	03400CF9833E4C36A5F005888DC21E2762B48E00B1BFA4969F5749D33362E44325E4C31A503FCA21B113BD96F8909EC9F883E2BC7A2DE0364118C2B03EB0EB0D
Malicious:	false
Preview:	2024/08/30-13:05:50.470 185c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/30-13:05:50.471 185c Recovering log #3.2024/08/30-13:05:50.472 185c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1842778064019805
Encrypted:	false
SSDEEP:	6:FylQFN+q2PRN23oH+TcwtpIFUt8oylUTWZmw+oyl+NVkwORN23oH+Tcwta/WLJ:olQN+vaYebmFUt8XlUTW/+Xl+NV5JYev
MD5:	7C2026EE59488EE69F92BBFC07161698
SHA1:	4A73E24675759D81BC5A198F960ABF1E0B74C677
SHA-256:	1CF9A65151A9B848D6DBA5AB27A41BD682D9877336655B010825074A008C93BB
SHA-512:	03400CF9833E4C36A5F005888DC21E2762B48E00B1BFA4969F5749D33362E44325E4C31A503FCA21B113BD96F8909EC9F883E2BC7A2DE0364118C2B03EB0EB0D
Malicious:	false
Preview:	2024/08/30-13:05:50.470 185c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/30-13:05:50.471 185c Recovering log #3.2024/08/30-13:05:50.472 185c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.007818402565218801
Encrypted:	false
SSDEEP:	3:ImtV+oj/x/tVg4B/l7eYWl/GvsIclaK5llXT23:IiV++/XB/r0IcZllS
MD5:	9FD0B92AE9E04B316194D44508FDEB40
SHA1:	C7D8DC8F5FF29BBCD52EEF0819CD50C34CE1BEAA
SHA-256:	204F645D7A3C8C566748941B51651078DFF36919559F31CB2236E26340DCC317
SHA-512:	2CFEAE836202C6AA6F6F6102762993C5A66068F0B41B678DC01B06A3ED307FA82EEF912C963CF3D763E673E0E2EE4188695DF76DEA423A724B59C03E02D2BB65
Malicious:	false
Preview:	VLnk.....?.......v\|..lON................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2657261681990521
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMbSAELyKOMq+8mKQ0MPVumJ:Bq+n0Jb9ELyKOMq+8m5hN
MD5:	6212E93D13DF8775441E00C9F8CED725
SHA1:	F2E8E330E9CC8B9122520615C40201ABD1026B63
SHA-256:	C411FAEF18E16CA51CE26F27543FBDB4C76C04D2002061376ABE1D80923897DD
SHA-512:	466EB1A7EC452B06F7C1703C4B0960C79E7BECD9748EF7CB08FD4EF9F211E3A615D84AF6168FBDF3E886AFACE705996916A5C37F95C910A2F788D366CD7F84C9
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2568
Entropy (8bit):	0.06569804787746028
Encrypted:	false
SSDEEP:	3:cyV/l1l3/PleG:cy3/kG
MD5:	85CF86304A35D4243EE3F5B2CDB1B7EC
SHA1:	B4910E11B57AFF68FC27D9F0EDDB77E16025CB8C
SHA-256:	8F6EA3A7BCBE50033F8DCD6429EC70D3E1D33840E52B7C93C8169C7E44433DED
SHA-512:	F346750E0291798461221CDE49244E7FA08D451EA4A7A105F18F22F3B3FC0876BE3AC7C3B52472EEA76C680138B4E84B09F4DDCE92E92F450F7D61A5426AA6E8
Malicious:	false
Preview:	..................`.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................../....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4736078727545696
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBsu6uT/uJun9:v7doKsKuKZKlZNmu46yjxsu6ubuJun9
MD5:	695BC6FDF75E2D6BA80C0034EE9F7561
SHA1:	B8386C47EBE58821FE76B428AFE1CB40340A0E3E
SHA-256:	08D554F07FEF0A2222BCE6DB07A4D478F3B7E377B28FD1B901CCFADDACE00A08
SHA-512:	A63E7420308C01D7659745872FD50D94AF27BD44FEB1D62802D49638A984EC4E76270BDA56585CB4715EA84DE13FC5A105134C692030EF22AFE4CD3E476FB239
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	0.15034675761260674
Encrypted:	false
SSDEEP:	3:o9HlNllv/etXlby49alk7tcjaJ3utRU3utXzQfJBzlKa+HMtvXtXlbHMn:o9Ulbfa8vtuD2uEbIHEllbHM
MD5:	E344FA3E63DD7BF0B034887556A59FE4
SHA1:	B5CA63F8B94F8594BFF7173C1DE907309AC10089
SHA-256:	B09AEB4E90753D7129249F6A4B179554D8BC1221D7B7F56EB125973A322B5ACB
SHA-512:	8F7D2799A76A8B093174A4139F2ABD772367C772155A513684D6D1C2529E426643173182E5116027F91099152A9FB7706AEDA744ECDC7A235B1A50842B326C93
Malicious:	false
Preview:	..............?9........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d1f9c160-f7f5-435b-9dc2-df8b67907ee6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14465
Entropy (8bit):	5.258735353743563
Encrypted:	false
SSDEEP:	192:st/J9pQTryZioojaba4uyNs3uO2hh2kHyuF8QbV+FAGQ5ygEsQP6BFJ:st/LAo/uMs3u3X9L9bG5QtEs/
MD5:	9B7CB6485FB5D45D1420EC4C07798566
SHA1:	519539E2C396EF054914D24A8201574FF25F7B4D
SHA-256:	0AEDC0300508CE4B34E9960347D2DE066F6D6C9043DEA72D99AAC2EE3C8051CF
SHA-512:	A7763E21F202B602D02C107B5FBA23D2A10630F24DFE5EA2110F21F8AAC8204E5BFD350F7011D3BB9379986E2C5FE75192A09FFEFFD3B48D939218C368BB77BA
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369511150863459","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f19da7a8-e230-42b1-943e-a2461431278b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f7275f0e-5fba-45cd-b151-4c1c4a3124d4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4269757649892375
Encrypted:	false
SSDEEP:	48:ZzQzOonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnE/yjyjyjyjyjy:5kOrPHNNx5+s
MD5:	2438CEC8BADF865AFEF1B97365940F4D
SHA1:	EA5D857C0BB0F73C713AED0CEC1D48DF5E7EE3E3
SHA-256:	3C705F859EFE8601998F9B0BB4CBAABDB31129323EA78AA576264B09972986CE
SHA-512:	79A53929C7607CB9B4265943E5F8E9BE78A8F65CB2A5DA0B4CD506C9BC41F89F9E12773B3773BD45F521B8AC859CDCCB38070E2B2D5EFE593AE0A613253CC0CD
Malicious:	false
Preview:	..-.....e...............X<B!....^..>l_..06x.h$F...-.....e...............X<B!....^..>l_..06x.h$F.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	1800472
Entropy (8bit):	3.299946152368142
Encrypted:	false
SSDEEP:	12288:zVGqOd8EJ4KFYj4vnN62FiT6Xz9iUspdzJnoORA8Ld9YSPYls45YMCoBS1ZdNr0g:
MD5:	93BA64C8EB51ABCE54BDEBF5AA505C2A
SHA1:	9A7BD7A3108055D6B0A9FA8B92DCF4DEB35E8C5E
SHA-256:	1D940D36AC25F33A673390261E0FD9BEAE570992961F443046FD0FCBA800A5E7
SHA-512:	C2D878C845B5D1A70349456B45F5FE652B60EDA536CF2DD7486645E9804A2C574DDEECA3822EEBB57196CBCE452CA865E821CC1B831A524C71571C846C8BE940
Malicious:	false
Preview:	7....-..........^..>l_.....q..$.........^..>l_..X....9I4SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	13128
Entropy (8bit):	5.935806837282585
Encrypted:	false
SSDEEP:	384:sMjOMjAMjTMj3XDMj3Mj3EPMj3XOMjdppMjdpFMjdpjMj5l4Mj5l:sM6MkM3MvMrM2MKMhMtMrMAM
MD5:	4B5ACF0813048FCAC02F5893FF5EAF3D
SHA1:	8A3E1718157605D9A5C55B7A8775B4DB02617C93
SHA-256:	1C71F41E7ADC1989AE39A3B1E3FB3F4C77F75A17C432AE50145272B848BA9655
SHA-512:	E01EB27677BEA1BC1A006FE3A39A85D2CBEDF3CDE50F4529DDC9D86E6143B82C84067E256BCA7A1D7F27B102375F7E1AFDF492339EAB2F16DC19BC8554063F8C
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1?.Q;0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............mj!.;...............#38_h.......6.Z..W.F........................V.e................V.e..................MA0................39_config..........6.....n ....1....................021_download,b03b8e2c-40df-4949-b7da-18ce77d438fc......$b03b8e2c-40df-4949-b7da-18ce77d438fc................".....https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-%20JUZGADO%2002%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.zip..https://www.google.com/"..https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.167463921120169
Encrypted:	false
SSDEEP:	6:FyZ+q2PRN23oH+TcwtfrK+IFUt8oyKWZmw+oyZVkwORN23oH+TcwtfrUeLJ:oZ+vaYeb23FUt8XKW/+XZV5JYeb3J
MD5:	4C012B3711B1D824933F92C767C28806
SHA1:	2C6648B8D4C026DCB2AE93EAB36BA66B92D0DD49
SHA-256:	DD8700F625236C8D5D7A21F3A0B67C4B2325424C1389A1D401515BB92DB53CC8
SHA-512:	2FFC1D8C376F4FE8D79C0C66E581EF314A1AC0BAE3EFE4083D4F0CAD0DD1A7796233B53CFE0343CA1499E3B03273E713F3A6C569F3C45C73EE31C3CB71C04438
Malicious:	false
Preview:	2024/08/30-13:05:50.888 185c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/30-13:05:50.888 185c Recovering log #3.2024/08/30-13:05:50.888 185c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.167463921120169
Encrypted:	false
SSDEEP:	6:FyZ+q2PRN23oH+TcwtfrK+IFUt8oyKWZmw+oyZVkwORN23oH+TcwtfrUeLJ:oZ+vaYeb23FUt8XKW/+XZV5JYeb3J
MD5:	4C012B3711B1D824933F92C767C28806
SHA1:	2C6648B8D4C026DCB2AE93EAB36BA66B92D0DD49
SHA-256:	DD8700F625236C8D5D7A21F3A0B67C4B2325424C1389A1D401515BB92DB53CC8
SHA-512:	2FFC1D8C376F4FE8D79C0C66E581EF314A1AC0BAE3EFE4083D4F0CAD0DD1A7796233B53CFE0343CA1499E3B03273E713F3A6C569F3C45C73EE31C3CB71C04438
Malicious:	false
Preview:	2024/08/30-13:05:50.888 185c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/30-13:05:50.888 185c Recovering log #3.2024/08/30-13:05:50.888 185c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	816
Entropy (8bit):	4.0647916882227655
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
MD5:	3BE72D8D40752B3A97028FDB2931FABA
SHA1:	A27EA4726857A948F0A4B074062B674469A9A371
SHA-256:	3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
SHA-512:	8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.203733672525336
Encrypted:	false
SSDEEP:	6:FyYN+q2PRN23oH+TcwtfrzAdIFUt8oy2SSmWZmw+oyRdT3VkwORN23oH+Tcwtfrm:ok+vaYeb9FUt8X2+W/+X7T3V5JYeb2J
MD5:	4162FA5F3258404800ADE7EC9367532E
SHA1:	B41B3D0771A590DDCEDA8C9A4455610C86858C07
SHA-256:	B08F605FF186188D7C80138A09679B85C44112298507EDA8985144DAF8CA6EA2
SHA-512:	A6560F881CD85CB13C7261584F70460E54A2D1C98028459BE4D92A09D8C15577B7710FFBBE013C7D728D54BDD1C93E7470460B7FE304C24F0102D6A1E8C5470E
Malicious:	false
Preview:	2024/08/30-13:05:50.865 185c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/30-13:05:50.867 185c Recovering log #3.2024/08/30-13:05:50.868 185c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.203733672525336
Encrypted:	false
SSDEEP:	6:FyYN+q2PRN23oH+TcwtfrzAdIFUt8oy2SSmWZmw+oyRdT3VkwORN23oH+Tcwtfrm:ok+vaYeb9FUt8X2+W/+X7T3V5JYeb2J
MD5:	4162FA5F3258404800ADE7EC9367532E
SHA1:	B41B3D0771A590DDCEDA8C9A4455610C86858C07
SHA-256:	B08F605FF186188D7C80138A09679B85C44112298507EDA8985144DAF8CA6EA2
SHA-512:	A6560F881CD85CB13C7261584F70460E54A2D1C98028459BE4D92A09D8C15577B7710FFBBE013C7D728D54BDD1C93E7470460B7FE304C24F0102D6A1E8C5470E
Malicious:	false
Preview:	2024/08/30-13:05:50.865 185c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/30-13:05:50.867 185c Recovering log #3.2024/08/30-13:05:50.868 185c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1cef3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1d01c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1f6fd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26ab6.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a9f2.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e11f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33ccb.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58057
Entropy (8bit):	6.106066732253887
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7ynui+EeTTvqrvYtoYKBuSZ+aoo:k/0+zI7ynz+EGTiviKBuWNP
MD5:	8541D0B96B93EAD49D36372D619BA88A
SHA1:	C78D441C8EC50714A3879A16E3CC5678588573A7
SHA-256:	77000279E3AD8CBA51EDBD94C07566A617ACB60FCE3A15356D81B8D0CCF64ADA
SHA-512:	0E6368E6ACEFE118378E55A56D54859934A0452C372B340311D5B9A31ADDE5235FC99E36DB0D54CB83C4D8A3B3222C39FC0EC57F4587B221657AA5540DD77E94
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2031345
Entropy (8bit):	4.001531149645986
Encrypted:	false
SSDEEP:	49152:8gPh2N/MR+DgVFIlq6hT17X4Vrgtk+lzKVSf4YVxeqOWlcKRayjH09nnwBXQ0a/B:t
MD5:	72C8D70F20839746AF737D59CFEADD5E
SHA1:	56382FA78620B2A5CC81D88DFEE47A3884A6A6A7
SHA-256:	A249C01F9785A5CE8C4E373177F3CEA314535D1CB979720A54CC1D5CD66B1BAC
SHA-512:	30C1B09A067FDC4A5DF1F3D204410F373565E9621E71632137C9933E73153E3F34B73CEC3BF54A5B9F4C20C45B6C5CA3556BDB5749F4D7972973F1939C91C98B
Malicious:	false
Preview:	.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2031345
Entropy (8bit):	4.001531149645986
Encrypted:	false
SSDEEP:	49152:8gPh2N/MR+DgVFIlq6hT17X4Vrgtk+lzKVSf4YVxeqOWlcKRayjH09nnwBXQ0a/B:t
MD5:	72C8D70F20839746AF737D59CFEADD5E
SHA1:	56382FA78620B2A5CC81D88DFEE47A3884A6A6A7
SHA-256:	A249C01F9785A5CE8C4E373177F3CEA314535D1CB979720A54CC1D5CD66B1BAC
SHA-512:	30C1B09A067FDC4A5DF1F3D204410F373565E9621E71632137C9933E73153E3F34B73CEC3BF54A5B9F4C20C45B6C5CA3556BDB5749F4D7972973F1939C91C98B
Malicious:	false
Preview:	.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	14
Entropy (8bit):	3.3787834934861767
Encrypted:	false
SSDEEP:	3:ZK7q6:ZA
MD5:	DF741B3F19D9DC2621EAF973C8C9FA9D
SHA1:	F45F1D9791C05366A8A23322D497C89957E75E61
SHA-256:	6E5DDBA6D7AA3B287EA364034E1F843E4146FF92C07D8426F4A7C4B0E6435006
SHA-512:	650DE3F99038BFFBFEF41A9ACC0A06E15803550C6456D0BDEAC9EBE18AEA94AB3A0BB7D85B7A0230CE6F510F5E26FA739FE58924F355D7E3714EC37DAA4C70D2
Malicious:	false
Preview:	downloadCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.998017438082159
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfV0jifHDozRLuLgfGBkGAeekVy8Hfjg9PIAckYWVn4Yn:YWLSGTT/Do9LuLgfGBPAzkVj/EMvWV4Y
MD5:	10A9D217D5C8F5A54BC443447B2CBFB3
SHA1:	0C51FD47736E3FB7D239A7695556E22F7128ECAF
SHA-256:	4D3740BCD7F1EC6F0A87C9569E4ED5A9268E8198EFD9584118444C04B684824F
SHA-512:	40D995AFE228707325AE9927C2D285566F2BB2244D8BC36769679BEBDB275919D72F1C7952DE00DBCBC4A76DB12DE56A616622C81EC8A91949E053EA8F1FA0DA
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"e54751157997deea","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":0,"expiration_time":1725138388081242}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.95528335235111
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfPWHV+3RpozROWtm5EQnqdbRWE/QNAo2AvHfjg9PIAckY0XW3:YWLSGTuHmro9w5/nmbRL/ov/EMv0G3
MD5:	7565D4D5DB870491E8F9B92DE45FBFBD
SHA1:	1906031605EA3B714DF3C89E6FF212B7510555CA
SHA-256:	495FB6C5E834BB80742345458D7DC8F7F07035BDFC31C47BC0144D77816F2C99
SHA-512:	132C94B69976A20057765AE528D709BE9C94886288D704AD9A0941B4D31D9746A88B1C672958B35955742F51D0028F54C3D25F8AC4AB6ED669C37B03F96E83BE
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"02cb9f3b001da104","server_context":"1;c5faad59-a2e3-31f2-b86e-aaf958e12824;phsh:005;7e-05","result":0,"expiration_time":1725138396302231}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQHn:YQ3Kq9X0dMgAEwjFn
MD5:	E9E365607374115B92E4ABE4B9628101
SHA1:	D5054EA9B22317DCA83801EB3586017BFCC0E2A8
SHA-256:	5CD2C4D9F13524923046198C92213691539407E04FA520CDAE9EADE1BAD3D91D
SHA-512:	A84D65ED53E43883E5ECB7848FBD48F5305A63E6975E6AF480CF85532879720061106BE54F2A5888EBC3569F7123081A0E6EB48CCB8D7DBA3E1DA1C8A3C50401
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":3}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b38e2d22-e29f-4739-a28e-9ccd4d43b724.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	48512
Entropy (8bit):	6.0939151365099296
Encrypted:	false
SSDEEP:	768:DMGQ7FCYXGIgtDAWtJ4nK+L7hfgMb2IYEeTT5oFAqMCoijMYxhJyXW2eh02tdzCj:DMGQ5XMBGK8i5EeTTvqrvE6raoi
MD5:	22F0AE16A49BF149600E28C0BC7F5662
SHA1:	4EE5E23EFCFBF0E6D77B17B4BB291B9D7587357F
SHA-256:	951E9E82F34A1B7C8EF1AD92333CBCAC3B34BF568BD447C97096655E2232D0FD
SHA-512:	A2CF5D7734A0B290B8EA678C2BB11CC4A02E5F1CA81CAB05F313D7C6AE2687795E63D3155E8745D9575D7220F527961E038B2BAAF7D394DE432CB704BFBA559D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fb93f418-2d02-4bca-8ab3-81eae303ef1b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	48645
Entropy (8bit):	6.093566977751936
Encrypted:	false
SSDEEP:	768:iMGQ7FCYXGIgtDAWtJ4hKLL7hfgMb2IdEeTT5oFAqMCoijMYxhJyXW2eh02tdzCj:iMGQ5XMBmKnioEeTTvqrvE6raoi
MD5:	2E41AED565C63979672246FD9A2A7900
SHA1:	80372D9E10954B665A80B20997E26C9F03CC8B8D
SHA-256:	CF6DBD8591C9A89C21FB9CD6CEF11C537568947876D7998CB4FCB5D368FC13D1
SHA-512:	BED37E3B619A6DB64418F16C6B33F323827355D10A65FFC5B7565024575718A4DE73F8DB05AC6037147B2D24824774C6A880C7B9C9A0B9A0B1C4B58D2B543C8F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1725037596"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.850300640651188
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxAxl9Il8uX4buY6fpPJOli1RmrPYk6ad1rc:mdYBBY6ZQSw/6Z
MD5:	E046CD4E2ADEBA4F46ECBB0109FE03FF
SHA1:	87558366D445B9B991464AA8ABC5C5D663D47755
SHA-256:	C06B16A5B3D088E9EA6BF67687AC04D0EE82B3894130E36EE2356E7DD7FB6243
SHA-512:	69ADFFCF748992D02F93D95637475690B0FB9608F29B4930829928C1DAAFBC6EBBC287784C64F83AA6176196D610CF97E0220A7FCE6927432B3C6120EF33D138
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.I.A.f.Q.A.f.7.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.B.C.S.g.V.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.9976865009385087
Encrypted:	false
SSDEEP:	96:oeYBxdsO3EaAl4XRRTLz7evtMTvi+lgh6:oeQdsONAl4BBzSvaTiYN
MD5:	EC63357A6FC068D1A37136A35A7A20DB
SHA1:	FF9F8C47AD7DC091EC2538AAB94B5DE7D0011BB8
SHA-256:	07B6A930A0259699C265212C95682EBDA91C6B316804EDA647B6726BCA8368BB
SHA-512:	859C2957DF642CF50BC060B0811E71F6F6F8D30813E31C26977399A836D07B37440150AE9D7A3472B9D6967359104033D7A50BE99D08222E9939801AE5F9DE79
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".M.z.A.V.J.v./.6.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.B.C.S.g.V.

C:\Users\user\AppData\Local\Temp\1521a3d4-a11c-4114-8363-767f624aa334.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 301 x 310, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6104603
Entropy (8bit):	7.994844086200298
Encrypted:	true
SSDEEP:	98304:D0HpTTtzpj38e2l+q68jZCNnTaUhws7/L+DpBotc1P2tiNbYQ2ffNBAK/CNgm1Qd:Yz+e2l+qPCNTaUj/KYtc1P2t5jjFf8tc
MD5:	2CC87E2728EA596171F6E1F6E7C43AFF
SHA1:	01188E681013294C506C7DE02BDFBEF2EB16ED82
SHA-256:	6C16D9EBF1F7FC6C3E790A74C63BCED6E038DE632816BA030AA181E3691858AE
SHA-512:	516FFBD51F28BEA081BC83E5DEB21481532DF2B56F98F4661A21B47CF4511187E35C34E7F1B8E4A103C98B4469F484D4BC4AA142C6B818708E421285A128B0B4
Malicious:	false
Preview:	.PNG........IHDR...-...6.....4......pHYs..!8..!8.E.1`....sRGB.........gAMA......a.....IDATx...k.f.u...u......-....U.dd.$R.d'..G.$..r.D...`.R...Re..*kf\....D.G~........Hd...d..$-..E.D......e.......}g.....Yk...`p....\|.....z..^{......p\...{_w..w..3.7..}....z...k..k......]../.[...v..._..i.M..................S~q.D....W....[n...............U;.?...6.....5...m.............ou..3.W...u.....Lx....~.?..x./..X...._....y...........q.....5..^.re...X.w....k;3...f'I.].$....F ..B..(.. V..h.-/......2..=..-...Hg<.4....X.z..x...........`..z....#.........6....\|4..7.@3 !qC.................!.~].da.=.7..Y.L._..(k.ES.q.`V.,.....c.1.-.G.\.c.z.....=^..].z........s..z..v..[7.o...&.`...$...R..@l.x..b...,..H.+.&u.n.!.....2.(.s.7z7'.".'.C......G..0,.e.........j..v....w.G.....w...W..{..W..W.......uz....g"N.J.f...B..:\..c>..nF.4......nd_..:.uv.r.\.3{.........X..e#..W......b.}._...5)_..].z...?~.._Y.....6a.....g..(....F'...2...._;.0..&?W....L... .N.....u.u`[.....U..d..@..#..s.N.

C:\Users\user\AppData\Local\Temp\2cd39313-bf22-4847-a806-ffbf6964179f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 300 x 298, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	97372
Entropy (8bit):	7.987949589354508
Encrypted:	false
SSDEEP:	1536:MLWHd+jAEQIqsETy51Wk/hvQbuIjsHlxffKdan4x4PPDeJLOdIsQY3AlZxkuKe0f:OK+cEQpsJzWktQbBjY4x4q4SsvkZxLKn
MD5:	81B2AE3FDB5D3C03878D8E88761DEF75
SHA1:	AD42024931FC387CEF276BBD92619881A713AF3C
SHA-256:	33C3A4C6FDF80FDF1A8B00CB9C331CE1B11CF95AD6400620AAA8A293954160F3
SHA-512:	579631D00BFE94E97A0C657B33DECECFC866227BDD103D39F799A1114C8E9EC21AD9CF1DFC4DB4FCAE0FCDC4C2C24B3A2600D1028F7A86DF2AFCAF06C03490AB
Malicious:	false
Preview:	.PNG........IHDR...,.........$mh....IDATx^.].x.G.}....B."....)..hqw...ww.P.......]B...5...z.{f...$xB....nvggg..9..;......L0!.@g\|...L0!..DX&.`B....L0..T..a.`....&.2...R.L.e..&.......LH50....Fll,...q..%\.~....&.u.....$.}{..._\|..>..s\|..Gpuu5.j..o.&.2!I<y..:...\|...UL0..DX&$...p\|......&M..O....;w.....acc.OOO....W3......LH..e.H.J...<@....s...<.\..VVV..;.....#F.W1...a..<.~eHX..>4...qqq.....w...J".9s&Q..7o6......X.l.....M.o.DX&$.u..MD(/....V.....i..J"8::...L..)S.f!K.,.......'N.C....m\...&.2!Yh.U".Z.z.q.Dx..q".l...U.....ui/K.a...../...(P......c.L....&.2!Y.]..f.i\%....;w..3f.0...k.M..3gN....Wy.........8......MH.0.........@....$.mK9r.H.?k.,...i.."..7o&...Gxyya...J.5$L.<y...GF-...`"....G.......;..........WI.;;;.....8p..J",X. .....",Z.(Q...... "".z?...q5.R.L......[.n)...4.N.c...I......MT....U....N......~..k.N._.P...#..a_.Rgcbb...5...DX).......X...;...G.>.)R.J"......q.D.:thB.....N...$L}..U..Wy..I..Y......e...Lx.0.V.....a...6.q.F.C.@.y....O..2..E(Q

C:\Users\user\AppData\Local\Temp\31b3c1e3-fafb-4995-ab09-af861261401c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
Category:	dropped
Size (bytes):	76319
Entropy (8bit):	7.995960499395982
Encrypted:	true
SSDEEP:	1536:y7lTRS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wp:Yh2dS8scZNzFrMa4M+lK5/nr
MD5:	0876A085F087140D9108F2257042203B
SHA1:	FF6A942726921A4CCE073AA682E6F8FB4CF01390
SHA-256:	078C6C2E64EB3D0DEDE55F251E964859DDF03D9200F58957A4C78C90C6BA8DE5
SHA-512:	5B16FBC9AFFF84135807830C26C5B8E9F6A33BAD0F14B1B6AA074A7DBF6B551A15F619BE3C9DBCFFB39A3495FD33980750E2CBEC362864354488B0D521145850
Malicious:	false
Preview:	...........=ko.9..\|.`.=.7..\|.x&....b1p.;."._.L....l.%K...........U\|6[Vvgp....Y,...b.85s.4..2k..53.....fj...g.....w...Z.O.s.\|c.........t.?.c~....'..\|....]ls....Kv..uc..x.?/.c.jmG\.0..{j..q...B....o..........ic!..(....."..a.3;..3sk^.<.-...@'.{]....{eq..sj{..K....S..Om.s..-..+...\|.....n....B j}.R.F..6....a..N.B.............].7@...hF....n..0;...r..~7...OO...y.D(s....{.8..........>G....pzl.F^"<h...+......&=.........^ ..H.5~......q..6.0.o...z....w.Wz.k5v.=E>.]. .0...c..}g)s...k......>>.,..Z...3F<......#..V.6..T?.......R`a9].kb..U...p.[..>....h.....pe.#..X.^.x..6....TC.=;....7.`U;V...,/..WH...'..S'Uv..\<s.5..y..vt.=...('.$......~.R..vi?.U..v.........v.K..........9~e>............l.dw....<.....n.S7..{...n..G.Y.?..i.g...ro...W-...$.o...ii...........Dz.z....wc..~..o..."t....5J.FQ.yx...\|.."\.E:)Z..........Y...`..:..Ak..=.J..8...2..0.....in.......i.wv..?F.Bz....c.en...3.9.3%V..f.&3...g...)+...M....a..{..4...&)CZ\..G....I.=..)8..\|2.n....S..$.g.pk...

C:\Users\user\AppData\Local\Temp\56a9a8e4-5db2-480a-a523-44faa276d83a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12493
Category:	dropped
Size (bytes):	175512
Entropy (8bit):	7.998056716035855
Encrypted:	true
SSDEEP:	3072:gGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEIjRetkl:gl7E6lEMVo/S01fDpWmEgetkl
MD5:	C754D86B107ECFCFC5F660AB6C933B4C
SHA1:	1493885F53DEB1C71B3637A87C844F6FF7FC22BA
SHA-256:	F72C9DD18B21ECA47EDA4E918FE1A0D638AA8B3AC3B2AEDE48B73D60ADD1B96A
SHA-512:	67E0C1CA2C7FB185D3F00F126F1BD3424FF298271682801CE0E9D7B3105E138B1C2E79416A8363C43FAFF6F07986E08743898E5CC23D7B6AEF712D68F78DC554
Malicious:	false
Preview:	............w.F.0.....N.M. ...2i._.8..$q.v.w....Y......V.....z?AH.3...>.c..P.[.]...q...CVm......h2 I..X..k.U7U>o.i1\......~.C.O.:-.{OFq......8....x<...~....$._.G.P.._O....9~.d..-.l..(...n.....7yY..$u\|._....d>.#..8.H...-2.(..N$Ow.0..I.U.........l..uZA.%.b.\n..G.vv..4.K.......4N..b.#Fgg..l..(M..#:.j=o.J.......53.>.N.l..turu:.P....\....\&W......#(....g...c.g.3>.g'...6n.....\|~....V...m\Y.......iJfd..5......P......w;O...Uz.Nwv.9..2mN.S8m...=.....`..<z..T.8...)Y.b.....1.1..<z.l......y....pA...X..>`..lrMr...........N.....]..<...........O.....\.(....O`..............b.5oV......p..3z..H..s............=....,..\|<.k:.=l...RI.T..03y..J..i.....?...4..-.f.x.p...x6z...,.Y.l<#p..t.F.=.IUp....9..........)@u4!..xv..=.''.l._....f.._..q.........}...t.6N.N.......gr.N...8..\|.....-.!......UY....P. ...+R...aV]........... .)..5....R......V.(nk.&...,.-.Ii[.DsR..2.$.I...4[.^."..$.Y.G.h+l].].......Q./.q...]......*......X.<.O.#..]gM..Q...Jyt.5..B..uq...%Y.V..z ....y...

C:\Users\user\AppData\Local\Temp\6e5012df-e102-4972-830e-0ac4e03d4fee.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\6f65ae20-cae1-402a-a13b-b1a63736a8ec.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\Local\Temp\b2579d3f-7528-45f1-aa2f-92705230f7ad.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	103469
Entropy (8bit):	7.5851113512003785
Encrypted:	false
SSDEEP:	1536:5WcDWyRKNVd2M/IxMuYEDlymsTQ+2LaELsgBlr3EBvSEoFH8jR9xPEEcfBp3+g:5WcDW3D2an0GM+2LaEVBCBvsUrPql
MD5:	37CF67E6E5D3AE47CF40406A1E8BE94F
SHA1:	2A6F868ADC761DB9C03869E238BEA0D67D1FE6CE
SHA-256:	B4B4DBE335296D0CCF9C659D671A54C2FA06F8B4E41228CF03E1D21F7C8F9D03
SHA-512:	51F2C8B56592237378BE92C3EFCD814FC3E144120D109B15A7341AB03F9674251EE8B21BB172E6E021100F4EF792A5114D5B94F86EE0B157FD3386975BEC94CD
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\bb19cde9

Download File

Process:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
File Type:	data
Category:	dropped
Size (bytes):	798937
Entropy (8bit):	7.2770020103400945
Encrypted:	false
SSDEEP:	12288:t1A/41xAGiRWhsmomaIGH0MmAE8ZIMWwuztp93+yT6RrwMPc/cTcRMoD:tgmllgPmB8ZzcRMA
MD5:	693A16FDAE238B83ABFF612C6210B89D
SHA1:	72D5795A197B9C1D1400E54607E8BB36D326355C
SHA-256:	32CF3EE898CA807644DCEED624EED8694EC87FCF37F18FDC2AEDCE4C90C96111
SHA-512:	EC7E8C0F5D37A04F8BFE081DCA37379F85F4A3BA18971232018675E2F7A0C3B0C7DED50BAC613079DB76CA523869499A3D28F68FECA8EFA307F2432AA2E1F9D1
Malicious:	false
Preview:	.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ce7a816a-77e0-432d-bbc5-abcdf8343552.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634
Category:	dropped
Size (bytes):	263704
Entropy (8bit):	7.998774950072608
Encrypted:	true
SSDEEP:	6144:vj1QHfvuVtTT0bCnop1MIPG4y9XgcbKdhRuQRhzb6d0X7ayNC:vjq/GGCnorP0952dPuQRFW0X2yk
MD5:	EF6DB67B82032D675EA4E61A73D3C358
SHA1:	882A4CF2944FC8E27F435890DF647177AD167CB0
SHA-256:	97C885F4390FFAE57EF240B46E113A0DFF637A003B6AD54031A1AA6809956276
SHA-512:	B41B3CD76F50964CD4FA0AB18BEB785FA592CB92045B3455D238799A1167CB5190EB1C7E0216E1E874AA03A8686025A6B366926023C9C56834B92B4F612D0A18
Malicious:	false
Preview:	............ko..q?....Am..0.<.M...e.B,[......\|J..............x..8. .w73;;;;....L.....La.k&.k..........~...#..........%.Y.>}.j~.O.r..L....R.`..w......ta.'.....~:.9.'C...\|..Gt...'..y..?...}..........,....1?..)QX....tgpgN.`..~...'.h.3^.s..UT...~o..R.].4^..V8"JwfnH...%..........i.qmG4.1@....a....\.i.C..Rq9.h....\..j...u..O..O.5!.}x....%j..}CW+...jaA.......-.......P?..vA3+iU...N...%...x.E.8.Z..2HQw._.H8........+Lw].wL..........tc..l.+p..7..<).......Z.!..!i......?./.P9.y..;....,..C.K.....~.0........E...n..(..&.X...na-c.6.....Q.[.p.IO....[...W$....l7J.,..=EK.3Y...R...\|..z_i.q......./.......[..5..qE.....FM+..VRB...r9!{3.....!...;.,{..}.sP..m..f.....~..2J..4.+..i6M...EW..ON..N.........4...T...j...1:..E=..<....Y..w.MV.....w.q.{...Y.....J...@.W..i.Sm;..0.1......./.4..b.wPbK.yeZ@.I...0.C.TZ$...-.+.[*......w.qG..}B^........n....#.........Y4.g4.....(.K..e..q7[.{..W....,%...z.^N...[/?......).9/?...r].oM2.'G.gu..Q\|..._+......1^...9......-.j2lae..+!3

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.4170049128229865
Encrypted:	false
SSDEEP:	24:YemMjYJ52mMtmZ52mMRb0VA0I+dt50qC0yZRj05NsP07F6L51P08enK5xe6V08ef:YIE5QwZ5Q50i0Im50l0yZ505NsP07F6A
MD5:	8EE48212E917EE81EB1A1E062C1319E8
SHA1:	2A812D5BC2B7A079A121D2E3FB3CD04DC5AE8F3C
SHA-256:	36DFB1EC423D64EF760C9130A27AAD7F5F27CA82441C861DFAE6AEC65AFA11B9
SHA-512:	557EC42C4FB9AFAFC6EFD3C51169142B3A4B663210DCCD74A6165BD26E7FDE6C2C7765516276AF981B69270A5C6768A0B648AC46AB3EACA2D1103AC750D38CA2
Malicious:	false
Preview:	{"logTime": "1006/090722", "correlationVector":"rmkayOhJfEabcRCB2/Bp31","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"jqHPV/yTVN5KYgOfDN/5Rr","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"25C1A0EE3BD244A1BB83CF2641B12F1A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093120", "correlationVector":"a/GaihlkzouX6tpAQ3civy","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093121", "correlationVector":"2831F27CA5B645488E2DF2452C16A59E","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093243", "correlationVector":"7DhT8FK3VbHYWFgub0ZtsN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093243", "correlationVector":"83EFC8979E1A419495133BAFAFA5A23F","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093745", "correlationVector":"Bxyvid0fodNJ7Wehc/BC7P","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093746", "correlationVector":"B1516CBB

C:\Users\user\AppData\Local\Temp\ed408330-cca2-4bbd-95ac-4856f4184a05.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\efb27518-bff6-46ca-a974-7428242bb934.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\eff04f9d-8ae5-407f-abff-b505681363b3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	408686
Entropy (8bit):	7.997945322236659
Encrypted:	true
SSDEEP:	12288:hGRIWUPDsbW1rT2XFETZYp/ILUX0tdDoUiIuoLLHjCo5aH:hGRRpi1rTkiZQIgX+ds5HRo2
MD5:	19F23ACFA8B6B967EBC04D039B813278
SHA1:	3223A5F06BA9B2464271B55EB62F500ECB6B8A6D
SHA-256:	6514EB98AEC560B73D3E84B519F931A560B334011DD65B3FECA49553940E1066
SHA-512:	07412565C1E2EE5BD8C6C626DE336F9C6095AC702F748BF2A42D02216537712DF46CBF5272EDCD8FCD5A7FD099246949CAF1AF83E0627EEC01A9F499D1795D02
Malicious:	false
Preview:	.PNG........IHDR...K...K.....8Nz.....sRGB.........gAMA......a.....pHYs...........~....lIDATx^.yp]U.........-.m.A.pw.f\..HU...".TKA..(Bk.k.@v....:Z(X..2.0Rh.fO.fi.W.5K....s.#7'.&w{)3......{.o;'...8.zA.....>XP.".W._3C.t.].R.U.H..V..%.=...\|I....?....)Y!....)Y!....)Y!....)Y!.!k~I.z{.....ejv..7.....)g.?.8.d1y.Y.X.Zt.:......7..j..u...M...<.w.Q.z...+L;Y.....f..mTw..Y...L.:..F.)...)wO.N].....vh..W.V.....[......\|.....V_..M.\.D..m.&....W..uz...}...vu..F.;.d..vt...)........9'.7~N.....F...M.GG.U.P.j.<.?.....L.C.#..Yil../..'.rF.V.m..U...BU.7..Ky......Z...J...G...S.J._.R....N...nM...4.E5..j.4Q....,.J+....]MG....r.Zm..'.j@..+^...t.<..<.w.Q.z...>.8^.wu.c....WY.......N...8....x...R..=.._~.~.(.\[[~.<......].].....&9...%.%...#j_o.(.[.......s....... ...q{./w.>.Wz.-.(Y.......3K...n\..................E"da..z(s,.)..o.o.1..6."...Z..=.........V$B..\|.......C...-O...]....n.......pc....TH.,,..=...w...Z#..-..T^.&..V..)....h.16Y....sf.{...^.}.[$...<.....

C:\Users\user\AppData\Local\Temp\mwnheff

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 30 16:07:08 2024, mtime=Fri Aug 30 16:07:13 2024, atime=Thu Aug 29 17:51:11 2024, length=3222504, window=hide
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	4.699886075369269
Encrypted:	false
SSDEEP:	24:8nk2rTM7KxVpQmEVVp7mFwA/aaVNUYM7KxVpQoVlwlpZm:8k2rTM7GQmsp7m1SANM7GQBl/
MD5:	AD37FECF5E2E075324DB1EF8D4392E23
SHA1:	8934E491DF4A3EE52D64E57ECA582F48B631DAD1
SHA-256:	2A5E428C5AF8086D2CC02B78BB68E07E7E33C4DC763A0A593B105A701B6AF68F
SHA-512:	6496B7B7FF1A5B2E93FD88735CBF9503D0EC684E5BA3A49640F0B1341F7542F71915EE6E999C9E7B7D1D6CE8114AAD46EC3A62669705B6A30D00CE7727766DAB
Malicious:	false
Preview:	L..................F.... ...]*......8.......)..jD....+1.....................V....P.O. .:i.....+00.:....9..#..K.&].B.._&...&.........{4...;...................1......Y...2_DEMN~1..........Y..Y.....5U....................v...2.+.D.E.M.N.A.D.A.+.L.A.B.O.R.A.L.-.+.J.U.Z.G.A.D.O.+.0.2.+.C.I.V.I.L.+.D.E.L.+.C.I.R.C.U.I.T.O.+.R.A.M.A.+.J.U.D.I.C.I.A.L.......1......YN...2DEMNA~1..........Y..Y.....6U....................:G..2. .D.E.M.N.A.D.A. .L.A.B.O.R.A.L.-. .J.U.Z.G.A.D.O. .0.2. .C.I.V.I.L. .D.E.L. .C.I.R.C.U.I.T.O. .R.A.M.A. .J.U.D.I.C.I.A.L.....z.2..+1..Yf. .1DEMAN~1.EXE..^.......Y..Y.....7U.....................AW.1. .D.E.M.A.N.A.D.A. .L.A.B.O.R.A.L...e.x.e.......................-....................Y......C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe........\.....\.....\.D.o.w.n.l.o.a.d.s.\.2.+.D.E.M.N.A.D.A.+.L.A.B.O.R.A.L.-.+.J.U.Z.G.A.D.O.+.0.2.+.C.I.V

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\6f65ae20-cae1-402a-a13b-b1a63736a8ec.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.631887382471946
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
MD5:	1F565FB1C549B18AF8BBFED8DECD5D94
SHA1:	B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
SHA-256:	E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
SHA-512:	A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1880
Entropy (8bit):	4.295185867329351
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
MD5:	8E16966E815C3C274EEB8492B1EA6648
SHA1:	7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
SHA-256:	418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
SHA-512:	85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.754230909218899
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
MD5:	BE5DB35513DDEF454CE3502B6418B9B4
SHA1:	C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
SHA-256:	C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
SHA-512:	38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417689528134667
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
MD5:	10FF8E5B674311683D27CE1879384954
SHA1:	9C269C14E067BB86642EB9F4816D75CF1B9B9158
SHA-256:	17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
SHA-512:	4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	95567
Entropy (8bit):	5.4016395763198135
Encrypted:	false
SSDEEP:	1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
MD5:	09AF2D8CFA8BF1078101DA78D09C4174
SHA1:	F2369551E2CDD86258062BEB0729EE4D93FCA050
SHA-256:	39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
SHA-512:	F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir6880_285325104\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	103988
Entropy (8bit):	5.389407461078688
Encrypted:	false
SSDEEP:	1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
MD5:	EA946F110850F17E637B15CF22B82837
SHA1:	8D27C963E76E3D2F5B8634EE66706F95F000FCAF
SHA-256:	029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
SHA-512:	5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
Malicious:	false
Preview:	'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,g

C:\Users\user\AppData\Local\Temp\scoped_dir6880_946805029\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir6880_946805029\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6880_946805029\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6880_946805029\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6880_946805029\ed408330-cca2-4bbd-95ac-4856f4184a05.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\vjjpgbbqs

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	67584
Entropy (8bit):	5.508135673905188
Encrypted:	false
SSDEEP:	1536:imImx6tX2kNff4sKu+UYFgidyDxbB49WLFvXafZXF21FrPlTGBx:im9x6tmkN7Ku+UYFbCba9mvXwpOdyx
MD5:	973FF252B50F40B29BCBBCFD228BB3F2
SHA1:	9098251EB527B3635F46A718049BFE29608C2FBA
SHA-256:	0FC697799F3C3526607918CA450C41CE0478B61484E1A60DD081D4DE9FCBE921
SHA-512:	49B9215B337514E4BFBE231FE46E53F150F112B7BE42D6ECB7FAEDF4AF581674F73C15D2CC52E24AB9237D7DE790CD1CD097287FC40A8329DDFE63A512BE7F92
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, Author: Joe Security Rule: Windows_Trojan_Asyncrat_11a11ba1, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: C:\Users\user\AppData\Local\Temp\vjjpgbbqs, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;..Y............................N.... ... ....@.. .......................`............`.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H.......,z................................................................V..;...$0.xC.=VD..b......9A../.\.....(.....~............~............~............~............~............~............~............~.....~............~............~............(A......2~.....oB....s..........()...:(...(...:....(+...:....('...:....((...9.....(y...~..(...........(..... .....!...V~%...(3....&...(.....r.;.p(....r.;.p(r...."......4...sC....%...~.....&.....

C:\Users\user\AppData\Roaming\rtw_Scan\madHcNet32.dll

Download File

Process:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	943472
Entropy (8bit):	6.691167848639275
Encrypted:	false
SSDEEP:	24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
MD5:	D22B9DA713AB36102C9C3D812AF8C12D
SHA1:	371FDBF6AE6A9A2E5C0560FC94EBA3290028A252
SHA-256:	95B538B47E02D0AD2BD15D47EFC18695D5E379EF61568B81EF405773D9C199BB
SHA-512:	E5AE51F79403358AF60BB3EA663251BADAC57414813F5537D763B0B95504A393FB2D34C94C4B7328EC13F58E74A7147D3A72E63E62973C4C5D80671BE1C8FACE
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\rtw_Scan\madHcNet32.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....P.[.................R..........4j.......p....`J....................................................................:....`...0......................pk...........................................................i...............................text...tE.......F.................. ..`.itext..`....`.......J.............. ..`.data...\x...p...z...V..............@....bss.....c...............................idata...0...`...2..................@....didata.............................@....edata..:...........................@..@.rdata..D...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Users\user\AppData\Roaming\rtw_Scan\mvrSettings32.dll

Download File

Process:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1046528
Entropy (8bit):	6.507786842214223
Encrypted:	false
SSDEEP:	12288:GwsG8YWuTCipwKm3ZCdX+y0Cg57ZrVmK5UhYX5NN/u3ZeEb+LJkzuol1Y:MmWuFKKVuig5jZ5xX5P2bKyzum
MD5:	A5A41FF8944533F25E059870F34E375F
SHA1:	26390818928BD4345BDC4CD521F90F9B36A54F75
SHA-256:	AF25AA87E44194BC4A6E1B82154DB9B64E25BE13951ECFB87D080208F75A4638
SHA-512:	9CAC6A25AF5EF2C34FE01B0D4E67F0F218B2A5616402D8FAB94570C0E60DF88E748AA229EACE1F0C7FB5C23742B3C7F7FA7F739A9BC1EE965A251006E13B2931
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\rtw_Scan\mvrSettings32.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...44.[.................,...........:.......@....PJ.................................W..................................R....P.......................................................................................Y..4............................text............ .................. ..`.itext.......0.......$.............. ..`.data...X....@.......0..............@....bss....Te...............................idata.......P...0..................@....didata.............................@....edata..R...........................@..@.rdata..D...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Users\user\AppData\Roaming\rtw_Scan\pjoxwh

Download File

Process:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
File Type:	data
Category:	dropped
Size (bytes):	666871
Entropy (8bit):	7.4881349879969585
Encrypted:	false
SSDEEP:	12288:U63ceNEKk/Ekbjr5J+WUWxurvwGj/Xo/9+wRLcdw9T/LELl6b3MGPqy+7lD:/o5bnL+2CARIMDKu8ga5
MD5:	76689D041784CE90BBC4F46B6A78D880
SHA1:	F6981B991A27F08B97272DE0AE5A71EFD66099FA
SHA-256:	905E7992CDE8A36F19FD11AB7CBD79D5463F17FB551D0AD19520FA26FD67655D
SHA-512:	D53F529DFDF9E38A4377546A7124DAFDF4E4652ED558DD529B2853C773D8D57C6EC511D619709094C5898FE999B19034F260CD6D04A1FA147184351A4B554F56
Malicious:	false
Preview:	..gymo.....i.Mx.Mf..s.rV^.toIOlZvl.J...._Gnr..MXyn.H.C...r.Ji.[..w..l.c[CM]...Uiiy..c[.....s....l...HXgO`.\K[S]......V..X.....E...Y.i...do......M.C..VsbO.....F.....iQ...........Uu....oJ.bEA.A..^.eb.JrT.bn..QI^cm.A.KAx.ZZ....H..c.MsOq..a..sv.T...yA.g....KE..R.[rq.[.].....i.I..q..Tu.d.]XY...b.g.K..Ka..g..T.Y.H..nr.......npaD.s[Q..s......lA.wXCdrs...Ymt..L..u.A..ldn....n..I...Rh..o..Dh.qu.\Fp....vBhs..J.^...[..L.].P..ql.k.oyNdjBh....d.n`]pOMx.U.......Y.rTTsBsgeaerP._...f..E.PvT.Qbi..r..U..r.Q[....FsrSL....J.C..Qj.r..C\qdZ.]f.B..O.i`.h.gQ....q.r..OnoI.hjk.aP.J._n._d[s......G.Z.OT.kA.Mi...A]RE.^..c.H..l......m...bYOTM.lm.sRUS.N.q.lDYi.`......C\I...Z....V..TqubKW.S...SAUi.D.Y..L]SBM_M.]rH].M......q.np..M.M....]....`..h....\..M.m.H.g.e....[..j.UfwW.u.XB.F^hk..h.vT..X..LCV.m..lGprj....t....Obx.AQ.\.u.\..t.t.C...PimSh.V.....vk....r..V.y.^nQwsGgR.YD.Ni.g.C..C..E.RW.n.....w.xI..Su.eDk....Nf`npMAJ....MqgWh.E.....tL.wp..I..tbO..xaFM..b.kmN.t.efwU.w.g.^Vj.\..YE..K....KITG.A...lU..j..Sj.c\..D..P.iR]t

C:\Users\user\AppData\Roaming\rtw_Scan\unrar.dll

Download File

Process:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	311448
Entropy (8bit):	6.60360129496697
Encrypted:	false
SSDEEP:	6144:e2Gk6wDaKov/5qrawOZI8uN0f/UVvN3MwdZFmiVFC+OEu:e2GkNo35qrawqmG/yM8PmiO+Ol
MD5:	851C9E8CE9F94457CC36B66678F52494
SHA1:	40ABD38C4843CE33052916904C86DF8AAB1F1713
SHA-256:	0891EDB0CC1C0208AF2E4BC65D6B5A7160642F89FD4B4DC321F79D2B5DFC2DCC
SHA-512:	CDF62A7F7BB7A6D511555C492932E9BCF18183C64D4107CD836DE1741F41AC304BD6ED553FD868B442EAF5DA33198E4900E670CD5AE180D534D2BD56B42D6664
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: RzDiagnostic.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[S8D:=kD:=kD:=k..kN:=k..k::=k..k\:=k.A9jU:=k.A>j\:=kMB.kE:=k.A8ji:=kMB.kK:=kD:<k.:=k.A8jt:=k.A=jE:=k.A.kE:=kD:.kE:=k.A?jE:=kRichD:=k................PE..L...r.@f...........!...!.....H...............................................@.......Q....@A........................0a..p....b..x........................(.......!...<..T....................=......0<..@............... ............................text............................... ..`.rdata.............................@..@.data.......p.......^..............@....rsrc................p..............@..@.reloc...!......."...v..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\rtw_Scan\xjbupt

Download File

Process:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
File Type:	data
Category:	dropped
Size (bytes):	93909
Entropy (8bit):	4.358442459804063
Encrypted:	false
SSDEEP:	1536:UZCYvGC286obl9MQ4eiUPLpJIcDOv2o8MS+tWvUeTkGfBUVB5Lv6pJQ1s:4uC0ojMQ4eiUPxu2LMSSWPTDq6F
MD5:	0938F8823B88E23715E1347B68C0A0F7
SHA1:	BD7F0A2E78D97E0982F1021BE90A16D2A941D2A3
SHA-256:	D5F2ADEEAD53BBB60F3E35FF83CE33438552B0E466DA20E0D544A884F7210FB1
SHA-512:	14C01423152D9FEE1D79D8D570399217B99C3C5D469848D0690CDDCA7695A7214B21F8ACBC326CD47CD6FC429E98ED1C3A6452EDA7B3BDEBE39E240BD617B400
Malicious:	false
Preview:	M.H..d_Ev.......[O...pt`YaD.Tr.mS..`EiN.p^q`.........pcW^..UMi.XnH._.y..R.GvI..q.gZ.ExD..Zmd..j..Nu...r.]..vha.VLq.MUGK...`fvyx....xK.w..._GT.\...MMaHA.....lIF..jvB.j.D..KAQw.H....rok[...Bfx.A...a.x..G_.Q.f..C....B.dw.V...VtHXe.JJi..N.`.if..SK.e....X..l.I.D.j...ON...iTa.....Dp.Kk.LG.l...Y.Bw`C.q\R\.L......\.Uol..b.t...[TM...dQ.H.W.oum.aivXG.OSL.dejr....ixOgl.m]E..I...rYg.[.Qw..NtM.H.GP.p.q...I..ISM..wwOawNAn...t..IaS\hLeRw..k.O.dSM......o.w.F.rEMeYT.Q.hk..W..i..RvP...j.y\..hc.t.pj..ZKx.o.gG.O.o...g.....L.T....C.JBl....r...F.Yar..RWnx.Wj..D..[LD.J.[lw..dI.....gM....E.JStA......I....we.s.pk.H.B.Y.vS.qPC.nMD....`...w.....v..VCE...V.r..B.e._Q[wo..OL..e.`Po..K....cav..E^.r.ssb.q.Yt.P...n..kYx.^..Tg`.RI.q..i.V..Q..C..adst.R....ES.Ty[..LaF.GnWo......EZK....u.MLQh.CO...b.M.....n.w\..VA....n.kul.wg.Rc...VaQIx......^.A.]..EaR.O.n.XT...kvr.c.........C.oc][.cY.VF.sL..Aai..CF.erWt...IB.CR.dE.qE.U..._..\.y.R..[..i..Uc....\..\M..g...K.jn...oQurUk.[....w..A.s.UR..G.s..........DfEZU.G.....aJ.rs...W[Z^^

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL (1).REV (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2997803
Entropy (8bit):	7.999940817834114
Encrypted:	true
SSDEEP:	49152:VEUZ+mVZJu0sMSaaIBWSWSaSlLa36cBmU6CD/q8aonw+L6RW77HQztvbUAmss3K1:euJluGxKT4q68mNCD/q8vw+L37HotzUU
MD5:	43F189BD6EB0880F13A79F979E2EAE63
SHA1:	A8E2AD46E48A941E37B1436E5E0D96804D2E835C
SHA-256:	5DBD0331888E0EBB32973F77A94A26E68B8563E68A0C66062B96EAB5FDD1A35E
SHA-512:	35F781FF44B2832E9B2306FA240F0A56CF006D9ACC616E3CE397DA9AF408C246034B1781500719E36F62E5B6FF07DF02A7E58B8996BD4FE448A615B6A6683D1D
Malicious:	false
Preview:	PK........Nq.Y............?...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK........fn.Y`c.......+1.U...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exe.C..;.._.)......Q2]JO..~L..l.......f.^~}K. ..wi^...v.`Ua......n2..-..$/.......e".....X...]..%.....E...s..?...c.-y8.Br..(...7.s.....f.!..`;.>.+@....8.................C...l.f}.3 ......j..nu....G.WD..eLg~.#Z......$.J........!...V.)...d..$.q.v.....K....y..E.d.?;...$...Q@...iG^...........<...._7.7.FH...............A...!Jo...F.../....C..[.6..jr;..@].pop.H...]..DA..P......BG....^@5..x.N.."NEn....s.7eut...A.$_.y~vR#..f@...H...l....3.=.5..5.........J}.W..x...4.^}.W...&]..P;V.......}\...(.....n/..L........`...`...Q...j;^S..1m..#....3.u.......`}.3V...?..U..Y.......t$....w...M......i...,.I...I........9...G..&..>..x...U.;..5a.~.[...=\|.\...7.K.D=@k..)7.#....:y.M.......#.Ia*....0/...P2....)5.[....-...[.v#(.... .7..B..$...t...1.).hhUe...S..

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL.REV (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2997803
Entropy (8bit):	7.999940817834114
Encrypted:	true
SSDEEP:	49152:VEUZ+mVZJu0sMSaaIBWSWSaSlLa36cBmU6CD/q8aonw+L6RW77HQztvbUAmss3K1:euJluGxKT4q68mNCD/q8vw+L37HotzUU
MD5:	43F189BD6EB0880F13A79F979E2EAE63
SHA1:	A8E2AD46E48A941E37B1436E5E0D96804D2E835C
SHA-256:	5DBD0331888E0EBB32973F77A94A26E68B8563E68A0C66062B96EAB5FDD1A35E
SHA-512:	35F781FF44B2832E9B2306FA240F0A56CF006D9ACC616E3CE397DA9AF408C246034B1781500719E36F62E5B6FF07DF02A7E58B8996BD4FE448A615B6A6683D1D
Malicious:	false
Preview:	PK........Nq.Y............?...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK........fn.Y`c.......+1.U...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exe.C..;.._.)......Q2]JO..~L..l.......f.^~}K. ..wi^...v.`Ua......n2..-..$/.......e".....X...]..%.....E...s..?...c.-y8.Br..(...7.s.....f.!..`;.>.+@....8.................C...l.f}.3 ......j..nu....G.WD..eLg~.#Z......$.J........!...V.)...d..$.q.v.....K....y..E.d.?;...$...Q@...iG^...........<...._7.7.FH...............A...!Jo...F.../....C..[.6..jr;..@].pop.H...]..DA..P......BG....^@5..x.N.."NEn....s.7eut...A.$_.y~vR#..f@...H...l....3.=.5..5.........J}.W..x...4.^}.W...&]..P;V.......}\...(.....n/..L........`...`...Q...j;^S..1m..#....3.u.......`}.3V...?..U..Y.......t$....w...M......i...,.I...I........9...G..&..>..x...U.;..5a.~.[...=\|.\...7.K.D=@k..)7.#....:y.M.......#.Ia*....0/...P2....)5.[....-...[.v#(.... .7..B..$...t...1.).hhUe...S..

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3222504
Entropy (8bit):	6.438346911476665
Encrypted:	false
SSDEEP:	49152:pvFg5qg9BtIAHE3SM4ahx6LK2SamuZob+tCjNrv8:Jm5qGBHBLRKuZfkjNrv8
MD5:	B841D408448F2A07F308CED1589E7673
SHA1:	F5B5095C0ED69D42110DF6D39810D12B1FA32A1E
SHA-256:	69A90665113BD73B30360D87F7F6ED2C789A90A67F3B6E86474E21273A64F699
SHA-512:	A689734048109AB7BEC9491BBB7781686C19C7885166B3CA2975E2F49E956FCC388CD8CA85A4E5A8BF9EFE6056F1E0D80197B7F521D4F0D4CADB10BA9EF1FA93
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....U.[.................."..........."......."...@...........................1.......1..........@...................P$.P.....#.TM....&..;...........@0.......$..A...........................p$.....................x.#......@$......................text...(o"......p"................. ..`.itext........"......t"............. ..`.data...4.....".......".............@....bss....ho....#......l#..................idata..TM....#..N...l#.............@....didata......@$.......#.............@....edata..P....P$.......#.............@..@.tls....D....`$.......#..................rdata.......p$.......#.............@..@.reloc...A....$..B....#.............@..B.rsrc....;....&..<....&.............@..@.............P/.....................@..@................

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\madHcNet32.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	943472
Entropy (8bit):	6.691167848639275
Encrypted:	false
SSDEEP:	24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
MD5:	D22B9DA713AB36102C9C3D812AF8C12D
SHA1:	371FDBF6AE6A9A2E5C0560FC94EBA3290028A252
SHA-256:	95B538B47E02D0AD2BD15D47EFC18695D5E379EF61568B81EF405773D9C199BB
SHA-512:	E5AE51F79403358AF60BB3EA663251BADAC57414813F5537D763B0B95504A393FB2D34C94C4B7328EC13F58E74A7147D3A72E63E62973C4C5D80671BE1C8FACE
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\madHcNet32.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....P.[.................R..........4j.......p....`J....................................................................:....`...0......................pk...........................................................i...............................text...tE.......F.................. ..`.itext..`....`.......J.............. ..`.data...\x...p...z...V..............@....bss.....c...............................idata...0...`...2..................@....didata.............................@....edata..:...........................@..@.rdata..D...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\mvrSettings32.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1046528
Entropy (8bit):	6.507786842214223
Encrypted:	false
SSDEEP:	12288:GwsG8YWuTCipwKm3ZCdX+y0Cg57ZrVmK5UhYX5NN/u3ZeEb+LJkzuol1Y:MmWuFKKVuig5jZ5xX5P2bKyzum
MD5:	A5A41FF8944533F25E059870F34E375F
SHA1:	26390818928BD4345BDC4CD521F90F9B36A54F75
SHA-256:	AF25AA87E44194BC4A6E1B82154DB9B64E25BE13951ECFB87D080208F75A4638
SHA-512:	9CAC6A25AF5EF2C34FE01B0D4E67F0F218B2A5616402D8FAB94570C0E60DF88E748AA229EACE1F0C7FB5C23742B3C7F7FA7F739A9BC1EE965A251006E13B2931
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\mvrSettings32.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...44.[.................,...........:.......@....PJ.................................W..................................R....P.......................................................................................Y..4............................text............ .................. ..`.itext.......0.......$.............. ..`.data...X....@.......0..............@....bss....Te...............................idata.......P...0..................@....didata.............................@....edata..R...........................@..@.rdata..D...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\pjoxwh

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	data
Category:	dropped
Size (bytes):	666871
Entropy (8bit):	7.4881349879969585
Encrypted:	false
SSDEEP:	12288:U63ceNEKk/Ekbjr5J+WUWxurvwGj/Xo/9+wRLcdw9T/LELl6b3MGPqy+7lD:/o5bnL+2CARIMDKu8ga5
MD5:	76689D041784CE90BBC4F46B6A78D880
SHA1:	F6981B991A27F08B97272DE0AE5A71EFD66099FA
SHA-256:	905E7992CDE8A36F19FD11AB7CBD79D5463F17FB551D0AD19520FA26FD67655D
SHA-512:	D53F529DFDF9E38A4377546A7124DAFDF4E4652ED558DD529B2853C773D8D57C6EC511D619709094C5898FE999B19034F260CD6D04A1FA147184351A4B554F56
Malicious:	false
Preview:	..gymo.....i.Mx.Mf..s.rV^.toIOlZvl.J...._Gnr..MXyn.H.C...r.Ji.[..w..l.c[CM]...Uiiy..c[.....s....l...HXgO`.\K[S]......V..X.....E...Y.i...do......M.C..VsbO.....F.....iQ...........Uu....oJ.bEA.A..^.eb.JrT.bn..QI^cm.A.KAx.ZZ....H..c.MsOq..a..sv.T...yA.g....KE..R.[rq.[.].....i.I..q..Tu.d.]XY...b.g.K..Ka..g..T.Y.H..nr.......npaD.s[Q..s......lA.wXCdrs...Ymt..L..u.A..ldn....n..I...Rh..o..Dh.qu.\Fp....vBhs..J.^...[..L.].P..ql.k.oyNdjBh....d.n`]pOMx.U.......Y.rTTsBsgeaerP._...f..E.PvT.Qbi..r..U..r.Q[....FsrSL....J.C..Qj.r..C\qdZ.]f.B..O.i`.h.gQ....q.r..OnoI.hjk.aP.J._n._d[s......G.Z.OT.kA.Mi...A]RE.^..c.H..l......m...bYOTM.lm.sRUS.N.q.lDYi.`......C\I...Z....V..TqubKW.S...SAUi.D.Y..L]SBM_M.]rH].M......q.np..M.M....]....`..h....\..M.m.H.g.e....[..j.UfwW.u.XB.F^hk..h.vT..X..LCV.m..lGprj....t....Obx.AQ.\.u.\..t.t.C...PimSh.V.....vk....r..V.y.^nQwsGgR.YD.Ni.g.C..C..E.RW.n.....w.xI..Su.eDk....Nf`npMAJ....MqgWh.E.....tL.wp..I..tbO..xaFM..b.kmN.t.efwU.w.g.^Vj.\..YE..K....KITG.A...lU..j..Sj.c\..D..P.iR]t

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\unrar.dll

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	311448
Entropy (8bit):	6.60360129496697
Encrypted:	false
SSDEEP:	6144:e2Gk6wDaKov/5qrawOZI8uN0f/UVvN3MwdZFmiVFC+OEu:e2GkNo35qrawqmG/yM8PmiO+Ol
MD5:	851C9E8CE9F94457CC36B66678F52494
SHA1:	40ABD38C4843CE33052916904C86DF8AAB1F1713
SHA-256:	0891EDB0CC1C0208AF2E4BC65D6B5A7160642F89FD4B4DC321F79D2B5DFC2DCC
SHA-512:	CDF62A7F7BB7A6D511555C492932E9BCF18183C64D4107CD836DE1741F41AC304BD6ED553FD868B442EAF5DA33198E4900E670CD5AE180D534D2BD56B42D6664
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[S8D:=kD:=kD:=k..kN:=k..k::=k..k\:=k.A9jU:=k.A>j\:=kMB.kE:=k.A8ji:=kMB.kK:=kD:<k.:=k.A8jt:=k.A=jE:=k.A.kE:=kD:.kE:=k.A?jE:=kRichD:=k................PE..L...r.@f...........!...!.....H...............................................@.......Q....@A........................0a..p....b..x........................(.......!...<..T....................=......0<..@............... ............................text............................... ..`.rdata.............................@..@.data.......p.......^..............@....rsrc................p..............@..@.reloc...!......."...v..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\xjbupt

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	data
Category:	dropped
Size (bytes):	93909
Entropy (8bit):	4.358442459804063
Encrypted:	false
SSDEEP:	1536:UZCYvGC286obl9MQ4eiUPLpJIcDOv2o8MS+tWvUeTkGfBUVB5Lv6pJQ1s:4uC0ojMQ4eiUPxu2LMSSWPTDq6F
MD5:	0938F8823B88E23715E1347B68C0A0F7
SHA1:	BD7F0A2E78D97E0982F1021BE90A16D2A941D2A3
SHA-256:	D5F2ADEEAD53BBB60F3E35FF83CE33438552B0E466DA20E0D544A884F7210FB1
SHA-512:	14C01423152D9FEE1D79D8D570399217B99C3C5D469848D0690CDDCA7695A7214B21F8ACBC326CD47CD6FC429E98ED1C3A6452EDA7B3BDEBE39E240BD617B400
Malicious:	false
Preview:	M.H..d_Ev.......[O...pt`YaD.Tr.mS..`EiN.p^q`.........pcW^..UMi.XnH._.y..R.GvI..q.gZ.ExD..Zmd..j..Nu...r.]..vha.VLq.MUGK...`fvyx....xK.w..._GT.\...MMaHA.....lIF..jvB.j.D..KAQw.H....rok[...Bfx.A...a.x..G_.Q.f..C....B.dw.V...VtHXe.JJi..N.`.if..SK.e....X..l.I.D.j...ON...iTa.....Dp.Kk.LG.l...Y.Bw`C.q\R\.L......\.Uol..b.t...[TM...dQ.H.W.oum.aivXG.OSL.dejr....ixOgl.m]E..I...rYg.[.Qw..NtM.H.GP.p.q...I..ISM..wwOawNAn...t..IaS\hLeRw..k.O.dSM......o.w.F.rEMeYT.Q.hk..W..i..RvP...j.y\..hc.t.pj..ZKx.o.gG.O.o...g.....L.T....C.JBl....r...F.Yar..RWnx.Wj..D..[LD.J.[lw..dI.....gM....E.JStA......I....we.s.pk.H.B.Y.vS.qPC.nMD....`...w.....v..VCE...V.r..B.e._Q[wo..OL..e.`Po..K....cav..E^.r.ssb.q.Yt.P...n..kYx.^..Tg`.RI.q..i.V..Q..C..adst.R....ES.Ty[..LaF.GnWo......EZK....u.MLQh.CO...b.M.....n.w\..VA....n.kul.wg.Rc...VaQIx......^.A.]..EaR.O.n.XT...kvr.c.........C.oc][.cY.VF.sL..Aai..CF.erWt...IB.CR.dE.qE.U..._..\.y.R..[..i..Uc....\..\M..g...K.jn...oQurUk.[....w..A.s.UR..G.s..........DfEZU.G.....aJ.rs...W[Z^^

C:\Users\user\Downloads\66004157-759f-47d3-90ff-115f6755c70a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1786368
Entropy (8bit):	7.999911278232239
Encrypted:	true
SSDEEP:	49152:VEUZ+mVZJu0sMSaaIBWSWSaSlLa36cBmU6CD/q8aonwq:euJluGxKT4q68mNCD/q8vwq
MD5:	8DA427CA1882D92A433356F8E5735EBE
SHA1:	6F5574E40C518F67048EB789D1E005E282EA9E90
SHA-256:	F8D96046DD660B86AC14955AA9B5C3B293E032900A50C762E98F17774C4578D7
SHA-512:	4C5DDB41275DA9DF994FE95C5F80571D38260D40DFE93DCB94EF6789941E2B77F15214AAD229AB9B7B69F6BBFEA4EB47209E6AD70C7EE31FF2CDAD59B7C1EB00
Malicious:	false
Preview:	PK........Nq.Y............?...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK........fn.Y`c.......+1.U...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exe.C..;.._.)......Q2]JO..~L..l.......f.^~}K. ..wi^...v.`Ua......n2..-..$/.......e".....X...]..%.....E...s..?...c.-y8.Br..(...7.s.....f.!..`;.>.+@....8.................C...l.f}.3 ......j..nu....G.WD..eLg~.#Z......$.J........!...V.)...d..$.q.v.....K....y..E.d.?;...$...Q@...iG^...........<...._7.7.FH...............A...!Jo...F.../....C..[.6..jr;..@].pop.H...]..DA..P......BG....^@5..x.N.."NEn....s.7eut...A.$_.y~vR#..f@...H...l....3.=.5..5.........J}.W..x...4.^}.W...&]..P;V.......}\...(.....n/..L........`...`...Q...j;^S..1m..#....3.u.......`}.3V...?..U..Y.......t$....w...M......i...,.I...I........9...G..&..>..x...U.;..5a.~.[...=\|.\...7.K.D=@k..)7.#....:y.M.......#.Ia*....0/...P2....)5.[....-...[.v#(.... .7..B..$...t...1.).hhUe...S..

C:\Users\user\Downloads\Unconfirmed 113337.crdownload

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2997803
Entropy (8bit):	7.999940817834114
Encrypted:	true
SSDEEP:	49152:VEUZ+mVZJu0sMSaaIBWSWSaSlLa36cBmU6CD/q8aonw+L6RW77HQztvbUAmss3K1:euJluGxKT4q68mNCD/q8vw+L37HotzUU
MD5:	43F189BD6EB0880F13A79F979E2EAE63
SHA1:	A8E2AD46E48A941E37B1436E5E0D96804D2E835C
SHA-256:	5DBD0331888E0EBB32973F77A94A26E68B8563E68A0C66062B96EAB5FDD1A35E
SHA-512:	35F781FF44B2832E9B2306FA240F0A56CF006D9ACC616E3CE397DA9AF408C246034B1781500719E36F62E5B6FF07DF02A7E58B8996BD4FE448A615B6A6683D1D
Malicious:	false
Preview:	PK........Nq.Y............?...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK........fn.Y`c.......+1.U...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exe.C..;.._.)......Q2]JO..~L..l.......f.^~}K. ..wi^...v.`Ua......n2..-..$/.......e".....X...]..%.....E...s..?...c.-y8.Br..(...7.s.....f.!..`;.>.+@....8.................C...l.f}.3 ......j..nu....G.WD..eLg~.#Z......$.J........!...V.)...d..$.q.v.....K....y..E.d.?;...$...Q@...iG^...........<...._7.7.FH...............A...!Jo...F.../....C..[.6..jr;..@].pop.H...]..DA..P......BG....^@5..x.N.."NEn....s.7eut...A.$_.y~vR#..f@...H...l....3.=.5..5.........J}.W..x...4.^}.W...&]..P;V.......}\...(.....n/..L........`...`...Q...j;^S..1m..#....3.u.......`}.3V...?..U..Y.......t$....w...M......i...,.I...I........9...G..&..>..x...U.;..5a.~.[...=\|.\...7.K.D=@k..)7.#....:y.M.......#.Ia*....0/...P2....)5.[....-...[.v#(.... .7..B..$...t...1.).hhUe...S..

C:\Users\user\Downloads\Unconfirmed 760756.crdownload

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2997803
Entropy (8bit):	7.999940817834114
Encrypted:	true
SSDEEP:	49152:VEUZ+mVZJu0sMSaaIBWSWSaSlLa36cBmU6CD/q8aonw+L6RW77HQztvbUAmss3K1:euJluGxKT4q68mNCD/q8vw+L37HotzUU
MD5:	43F189BD6EB0880F13A79F979E2EAE63
SHA1:	A8E2AD46E48A941E37B1436E5E0D96804D2E835C
SHA-256:	5DBD0331888E0EBB32973F77A94A26E68B8563E68A0C66062B96EAB5FDD1A35E
SHA-512:	35F781FF44B2832E9B2306FA240F0A56CF006D9ACC616E3CE397DA9AF408C246034B1781500719E36F62E5B6FF07DF02A7E58B8996BD4FE448A615B6A6683D1D
Malicious:	false
Preview:	PK........Nq.Y............?...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK........fn.Y`c.......+1.U...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exe.C..;.._.)......Q2]JO..~L..l.......f.^~}K. ..wi^...v.`Ua......n2..-..$/.......e".....X...]..%.....E...s..?...c.-y8.Br..(...7.s.....f.!..`;.>.+@....8.................C...l.f}.3 ......j..nu....G.WD..eLg~.#Z......$.J........!...V.)...d..$.q.v.....K....y..E.d.?;...$...Q@...iG^...........<...._7.7.FH...............A...!Jo...F.../....C..[.6..jr;..@].pop.H...]..DA..P......BG....^@5..x.N.."NEn....s.7eut...A.$_.y~vR#..f@...H...l....3.=.5..5.........J}.W..x...4.^}.W...&]..P;V.......}\...(.....n/..L........`...`...Q...j;^S..1m..#....3.u.......`}.3V...?..U..Y.......t$....w...M......i...,.I...I........9...G..&..>..x...U.;..5a.~.[...=\|.\...7.K.D=@k..)7.#....:y.M.......#.Ia*....0/...P2....)5.[....-...[.v#(.... .7..B..$...t...1.).hhUe...S..

C:\Users\user\Downloads\c5800385-31d3-472a-a9da-5d64283ad603.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1786368
Entropy (8bit):	7.999911278232239
Encrypted:	true
SSDEEP:	49152:VEUZ+mVZJu0sMSaaIBWSWSaSlLa36cBmU6CD/q8aonwq:euJluGxKT4q68mNCD/q8vwq
MD5:	8DA427CA1882D92A433356F8E5735EBE
SHA1:	6F5574E40C518F67048EB789D1E005E282EA9E90
SHA-256:	F8D96046DD660B86AC14955AA9B5C3B293E032900A50C762E98F17774C4578D7
SHA-512:	4C5DDB41275DA9DF994FE95C5F80571D38260D40DFE93DCB94EF6789941E2B77F15214AAD229AB9B7B69F6BBFEA4EB47209E6AD70C7EE31FF2CDAD59B7C1EB00
Malicious:	false
Preview:	PK........Nq.Y............?...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK........fn.Y`c.......+1.U...2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exe.C..;.._.)......Q2]JO..~L..l.......f.^~}K. ..wi^...v.`Ua......n2..-..$/.......e".....X...]..%.....E...s..?...c.-y8.Br..(...7.s.....f.!..`;.>.+@....8.................C...l.f}.3 ......j..nu....G.WD..eLg~.#Z......$.J........!...V.)...d..$.q.v.....K....y..E.d.?;...$...Q@...iG^...........<...._7.7.FH...............A...!Jo...F.../....C..[.6..jr;..@].pop.H...]..DA..P......BG....^@5..x.N.."NEn....s.7eut...A.$_.y~vR#..f@...H...l....3.=.5..5.........J}.W..x...4.^}.W...&]..P;V.......}\...(.....n/..L........`...`...Q...j;^S..1m..#....3.u.......`}.3V...?..U..Y.......t$....w...M......i...,.I...I........9...G..&..>..x...U.;..5a.~.[...=\|.\...7.K.D=@k..)7.#....:y.M.......#.Ia*....0/...P2....)5.[....-...[.v#(.... .7..B..$...t...1.).hhUe...S..

Static File Info

General

File type:	SVG Scalable Vector Graphics image
Entropy (8bit):	5.127017644555513
TrID:	Scalable Vector Graphics (18501/1) 100.00%
File name:	140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
File size:	398'012 bytes
MD5:	0731171ed0d53d5d801520b2c006cec8
SHA1:	54ef81687635c8d28e13f2216d273535cf417af2
SHA256:	27d3b45a83d4c4c484877b1a4c30a0c46d92aaa9f0ebd4c9d6e94152b7543cf7
SHA512:	0490ded1b9b5584a700d0b77ec6c087bc09c149e62fd26d8b9957ff4c2caa99c228aa7a6852dab2e6fea9b3483d1a9153d55b99a7159af171aff2e58fe515102
SSDEEP:	3072:K6unuJZruJuWukuMusKueu2JumuCuYuxuFJuauXubuku3ui7uxuzuFuBnuNu92uM:QfBpCoK21dE+XlpJGwSsKld8LsuCN
TLSH:	B184BB77B39096C0FBFD66B35DE15A7F282B5A654B443084660EE898CCFF2148769CC2
File Content Preview:	<svg version="1.1" viewBox="0.0 0.0 960.0 720.0" fill="none" stroke="none" stroke-linecap="square" stroke-miterlimit="10" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg"><clipPath id="p.0"><path d="m0 0l960.0 0l0 720.0l-960.0

File Icon


Icon Hash:	0703053232670f1f

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-30T19:07:48.325635+0200	TCP	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	3030	49988	181.235.3.0	192.168.2.16
2024-08-30T19:07:48.325635+0200	TCP	2030673	ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	1	3030	49988	181.235.3.0	192.168.2.16
2024-08-30T19:07:48.325635+0200	TCP	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	3030	49988	181.235.3.0	192.168.2.16
2024-08-30T19:07:48.325635+0200	TCP	2035607	ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	1	3030	49988	181.235.3.0	192.168.2.16

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 19:05:50.927210093 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:05:51.229820013 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:05:51.833945036 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:05:53.038947105 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:05:53.930078030 CEST	49689	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:05:54.044723034 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.044749975 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.044831038 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.045073986 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.045084000 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.687104940 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.687367916 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.687386990 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.687736988 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.687756062 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.687802076 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.687809944 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.687851906 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.688343048 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.689614058 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.689666986 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.689750910 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.689754963 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.741964102 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.954384089 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.954420090 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.954479933 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.954502106 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.957138062 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.957298994 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.957304955 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.963391066 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.963448048 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.963454008 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.969821930 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.970357895 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.970362902 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.976047039 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.978368044 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.978373051 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.982187033 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.982793093 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.982798100 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.988384962 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.988599062 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.988605022 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.995299101 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:54.995379925 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:54.995384932 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.042382956 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.042440891 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.042447090 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.043243885 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.043296099 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.043301105 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.049351931 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.049401045 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.049406052 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.074944019 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.075170994 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.075213909 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.075227976 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.075233936 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.075284004 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.075613976 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.075654030 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.075656891 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.080564022 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.082350969 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.082355976 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.082607031 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.082648039 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.082652092 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.087176085 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.090346098 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.090351105 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.093005896 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.093063116 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.093067884 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.099100113 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.099169016 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.099174023 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.104746103 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.104788065 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.104792118 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.110028028 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.110340118 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.110343933 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.115185976 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.118355989 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.118366003 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.122792959 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.123035908 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.123042107 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.126131058 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.126204967 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.126209021 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.131351948 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.131866932 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.131871939 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.135073900 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.138375044 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.138381004 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.141441107 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.141495943 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.141500950 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.142565012 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.142606974 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.142611980 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.146310091 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.146361113 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.146365881 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.149707079 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.149774075 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.149780035 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.153318882 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.154341936 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.154346943 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.156546116 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.156599045 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.156604052 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.160099030 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.161385059 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.161390066 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.164041996 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.166354895 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.166359901 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.167304993 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.167351961 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.167356968 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.170531034 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.171838045 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.171849012 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.174001932 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.174055099 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.174058914 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.177634954 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.177736044 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.177742958 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.181727886 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.182359934 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.182364941 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.186511993 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.186578989 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.186584949 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.191514969 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.192569017 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.192574024 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.196142912 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.196270943 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.196274996 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.200360060 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.200417995 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.200431108 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.205063105 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.205127954 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.205133915 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.209878922 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.209959030 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.209963083 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.214354038 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.214406013 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.214411020 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.219611883 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.219728947 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.219743967 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.224415064 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.224446058 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.224467993 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.224474907 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.224522114 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.229331017 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.234694004 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.234792948 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.234798908 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.234843016 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.234903097 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.235105038 CEST	49712	443	192.168.2.16	142.250.184.225
Aug 30, 2024 19:05:55.235114098 CEST	443	49712	142.250.184.225	192.168.2.16
Aug 30, 2024 19:05:55.441977024 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:05:55.792429924 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:55.792474985 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:55.792552948 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:55.792762041 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:55.792776108 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.536856890 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.536883116 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.536988020 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.537143946 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.537154913 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.537489891 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.537503958 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.537581921 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.537738085 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.537745953 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.546627998 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:56.546634912 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:56.546696901 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:56.547399998 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:56.547409058 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:56.610506058 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.610821962 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.610850096 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.611694098 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.611752987 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.612909079 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.612958908 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.613071918 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.613082886 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.652278900 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.652328014 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.652395964 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.652582884 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.652599096 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.663925886 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.716084957 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.716104984 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.716111898 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.716150999 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.716181993 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.716212034 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.716236115 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.716250896 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.716289043 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.803097963 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.803118944 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.803183079 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.803216934 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.803257942 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.805201054 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.805214882 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.805412054 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.805427074 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.805461884 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.889530897 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.889552116 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.889703035 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.889729977 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.889864922 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.889895916 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.889902115 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.889929056 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.889933109 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.889959097 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.890002012 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.891051054 CEST	49721	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:56.891066074 CEST	443	49721	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:56.996195078 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.996499062 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.996509075 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.997529984 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.997594118 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.998585939 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.998670101 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.998756886 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.998760939 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.999600887 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:56.999764919 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:56.999785900 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.000663042 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.000741959 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.001518011 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.001570940 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.001632929 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.001638889 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.027154922 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.027335882 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.027343988 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.028196096 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.028268099 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.029048920 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.029098988 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.029151917 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.029158115 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.045937061 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.046041012 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.076939106 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.114415884 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.114478111 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.114541054 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.114892960 CEST	49724	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.114903927 CEST	443	49724	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.129080057 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.129471064 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.129542112 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.129652977 CEST	49723	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.129666090 CEST	443	49723	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.148329973 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.148374081 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.148428917 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.148629904 CEST	49725	443	192.168.2.16	162.159.61.3
Aug 30, 2024 19:05:57.148641109 CEST	443	49725	162.159.61.3	192.168.2.16
Aug 30, 2024 19:05:57.284894943 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.285269022 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.285290956 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.285598040 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.286046028 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.286102057 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.286225080 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.332500935 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.435782909 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.435806990 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.435821056 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.436311960 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.436331987 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.436597109 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.522619009 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.522634983 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.525187969 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.525228977 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.525248051 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.525281906 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.526329041 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.613307953 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.613326073 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.613440990 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.613471031 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.613714933 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.615680933 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.615696907 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.615827084 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.615834951 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.615889072 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.618036032 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.618052006 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.618141890 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.618150949 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.618256092 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.620019913 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.620042086 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.620207071 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.620214939 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.620289087 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.698976040 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.698996067 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.699139118 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.699153900 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.699240923 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.701381922 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.701397896 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.701502085 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.701510906 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.701598883 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.703620911 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.703639984 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.703783989 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.703792095 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.703867912 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.705415964 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.705434084 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.705560923 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.705568075 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.705656052 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.707031965 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.707047939 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.707257032 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.707264900 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.707465887 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.708781958 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.708798885 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.708858013 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.708865881 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.708973885 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.710504055 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.710520983 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.710721970 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.710730076 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.710963964 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.712251902 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.712265968 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.712452888 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.712460995 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.712574005 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.785953045 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.785973072 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.786071062 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.786071062 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.786086082 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.786191940 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.787429094 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.787451982 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.787537098 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.787537098 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.787544966 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.787730932 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.789150953 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.789165974 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.789242029 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.789242029 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.789248943 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.789418936 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.790808916 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.790852070 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.790879965 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.790887117 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.790945053 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.790945053 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.792929888 CEST	49726	443	192.168.2.16	13.107.246.64
Aug 30, 2024 19:05:57.792944908 CEST	443	49726	13.107.246.64	192.168.2.16
Aug 30, 2024 19:05:57.859153032 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.859194040 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.859339952 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.859374046 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.859404087 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.859479904 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.859822035 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.859839916 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:57.859950066 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:57.859962940 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.361007929 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.361701965 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:58.361716032 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.361780882 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.362060070 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.362206936 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:58.362226009 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.362411976 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:58.362469912 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.362539053 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.362801075 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:58.362862110 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:05:58.409951925 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:58.409954071 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:05:58.459464073 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.459500074 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.459577084 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.459614038 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.459645033 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.459749937 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.459933043 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.459940910 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.460016012 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460114002 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460119963 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.460165977 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460331917 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460336924 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.460386038 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460452080 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460457087 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.460649967 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460664034 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.460674047 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460769892 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460778952 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.460889101 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.460899115 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.461002111 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.461013079 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.461117983 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.461126089 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:58.461225986 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:58.461235046 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.033566952 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.033828974 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.033849955 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.034790039 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.034868956 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.035192966 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.035247087 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.035331964 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.035336971 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.078947067 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.095324993 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:05:59.115451097 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.115708113 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.115720034 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.115737915 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.115878105 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.115884066 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.116221905 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.116389990 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.116395950 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.116729021 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.116781950 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.116844893 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.116847038 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.116902113 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117029905 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117091894 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.117305040 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117357969 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.117537975 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117647886 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.117698908 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117738008 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117742062 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.117775917 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.117783070 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.150638103 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.150677919 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.150926113 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.150935888 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.151201010 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.151209116 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.151232958 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.151540041 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.151581049 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.151684046 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.152082920 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.152151108 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.152415991 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.152467966 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.152529001 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.156712055 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.156725883 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.156793118 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.156816006 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.156955004 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.157001972 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.157840967 CEST	49735	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.157854080 CEST	443	49735	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.158096075 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.158123016 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.158184052 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.158473015 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.158482075 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.158960104 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.158982038 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.164499998 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.196501970 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.200495958 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.206958055 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.206964970 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.232820988 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.232846975 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.232933044 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.232959032 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.233088017 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.233237028 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.234011889 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.234030008 CEST	443	49730	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.234040976 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.234127998 CEST	49730	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.234467983 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.234492064 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.234544039 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.234564066 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.234630108 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.234745026 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.235616922 CEST	49733	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.235626936 CEST	443	49733	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.242082119 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.242475033 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.242527008 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.242531061 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.242572069 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.242919922 CEST	49732	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.242932081 CEST	443	49732	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.254940987 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.398078918 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:05:59.558954954 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.559027910 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.559051991 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.559079885 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.559148073 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.559148073 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.559173107 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.559566021 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.561583996 CEST	49734	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.561583996 CEST	49731	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.561598063 CEST	443	49734	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.561608076 CEST	443	49731	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.834168911 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.834549904 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.834559917 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.835354090 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.836458921 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.836532116 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:05:59.836637020 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:05:59.884497881 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:00.012022018 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:06:00.245543957 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:00.245565891 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:00.245670080 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:00.245690107 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:00.245702982 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:00.245753050 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:00.248347998 CEST	49737	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:00.248358965 CEST	443	49737	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:00.250962973 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:06:01.220964909 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:06:03.561212063 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:03.624974012 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:06:03.864976883 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:04.471978903 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:05.682977915 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:08.092982054 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:08.428009033 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:06:09.865093946 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 30, 2024 19:06:12.820991039 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:12.821044922 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:12.821141005 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:12.821310043 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:12.821326017 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:12.907980919 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:13.236762047 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.236845970 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.236991882 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.243736029 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.243837118 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.243904114 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.387768984 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.388233900 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.388258934 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.389241934 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.389322042 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.393635988 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.393693924 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.393802881 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.393810987 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.436000109 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.490144014 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.491267920 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.491276026 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.491302967 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.491322041 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.491440058 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.491440058 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.491534948 CEST	49749	443	192.168.2.16	152.195.19.97
Aug 30, 2024 19:06:13.491552114 CEST	443	49749	152.195.19.97	192.168.2.16
Aug 30, 2024 19:06:13.722790956 CEST	49729	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.722831011 CEST	443	49729	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.722850084 CEST	49728	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.722889900 CEST	443	49728	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.726310015 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.726353884 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.726428032 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.726535082 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.726562977 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.726614952 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.726689100 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.726702929 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:13.726815939 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:13.726831913 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.181910038 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.182135105 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:14.182157993 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.182502031 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.182802916 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:14.182873011 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.187180996 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.187446117 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:14.187474012 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.187813997 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.188102961 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:14.188169003 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:14.231009960 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:14.231012106 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:18.029187918 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 30, 2024 19:06:21.183015108 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.183053017 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.183118105 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.183619022 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.183629036 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.185373068 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.185396910 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.185463905 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.185605049 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.185615063 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.654295921 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.654613972 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.654639959 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.655523062 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.655683994 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.656595945 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.656675100 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.656785965 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.656794071 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.658030987 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.658209085 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.658221960 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.659137964 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.659190893 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.660089970 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.660145044 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.707998991 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.708012104 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.708045006 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.756004095 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.762218952 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.762285948 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.762356043 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.764691114 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.764709949 CEST	443	49760	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:21.764719963 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.764761925 CEST	49760	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:21.877434015 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:21.877460957 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:21.877536058 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:21.877688885 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:21.877698898 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.234056950 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.234082937 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.234158039 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.234333038 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.234353065 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.342350960 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.342592001 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.342601061 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.343472004 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.343600988 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.344372988 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.344429970 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.344527960 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.344532967 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.395004988 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.520989895 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 30, 2024 19:06:22.559017897 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.561621904 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.561697960 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.564425945 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.564440966 CEST	443	49762	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.564449072 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.564502954 CEST	49762	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.567276001 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:22.612498999 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:22.683032036 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:22.683413982 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:22.683574915 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:22.693321943 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.693523884 CEST	49761	443	192.168.2.16	23.52.161.218
Aug 30, 2024 19:06:22.693546057 CEST	443	49761	23.52.161.218	192.168.2.16
Aug 30, 2024 19:06:22.697799921 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.697813034 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.698124886 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.698642015 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.698702097 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.698995113 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.699033976 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.699095964 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.699166059 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.699285984 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:22.699295998 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:22.740499973 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.829929113 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.871046066 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.929625034 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.929639101 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.929678917 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.929725885 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.929738998 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.929754019 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.929790974 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.929811001 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.930269957 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.930349112 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.930356979 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.932420015 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.932440042 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.932497025 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.932504892 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:22.932528019 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:22.983025074 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.024949074 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.025165081 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.025190115 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.026798964 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.026820898 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.026866913 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.026876926 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.026902914 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.026927948 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.027504921 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.027523041 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.027580023 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.027586937 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.027636051 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.029196024 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.029213905 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.029273987 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.029284000 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.029330969 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.030088902 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.030163050 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.030169964 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.079006910 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.112513065 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.112533092 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.112673044 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.112689972 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.112761974 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.112926006 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.113003016 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.113009930 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.114675045 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.114692926 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.114736080 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.114742994 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.114765882 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.115524054 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.115592957 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.115600109 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.117309093 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.117327929 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.117389917 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.117398024 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.159123898 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.176059961 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.176374912 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.176393986 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.176753998 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.177105904 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.177160025 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.177257061 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.198565960 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.198729992 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.198740005 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.200268030 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.200283051 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.200342894 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.200350046 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.201033115 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.201101065 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.201107979 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.202680111 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.202697039 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.202754021 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.202761889 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.203558922 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.203619003 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.203625917 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.205308914 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.205322981 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.205387115 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.205395937 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.206008911 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.206069946 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.206077099 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.206975937 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.206995010 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.207037926 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.207047939 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.207067013 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.207870007 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.207931995 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.207940102 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.209709883 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.209724903 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.209785938 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.209793091 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.209825039 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.220489979 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.254009008 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.285274982 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.285361052 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.285379887 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.286597967 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.286614895 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.286670923 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.286698103 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.286714077 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.287200928 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.287267923 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.287285089 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.288969994 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.288985968 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.289015055 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.289030075 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.289042950 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.289066076 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.289103985 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.290837049 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.290858984 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.290920973 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.290935040 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.290982962 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.291789055 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.291865110 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.291874886 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.293042898 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.293059111 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.293102026 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.293118954 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.293135881 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.293150902 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.293196917 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.294024944 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.294043064 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.294114113 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.294131994 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.294148922 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.294188023 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.294874907 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.294945002 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.294955969 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.350013018 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.372808933 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.372848034 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.372932911 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.372961998 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.373006105 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.373104095 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.373173952 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.373184919 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.374216080 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.374231100 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.374289989 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.374315023 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.374330044 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.375122070 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.375191927 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.375211000 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.376059055 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.376075983 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.376123905 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.376148939 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.376173973 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.376936913 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.377002001 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.377017021 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.377868891 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.377886057 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.377945900 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.377969980 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.378007889 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.378721952 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.378793001 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.378810883 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.379643917 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.379663944 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.379707098 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.379729033 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.379745007 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.380399942 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.380467892 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.380498886 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.430166006 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.462275982 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.462296009 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.462433100 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.462464094 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.462482929 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.462517023 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.462523937 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.462548018 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.462573051 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.463777065 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.463798046 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.463835001 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.463855028 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.463866949 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.463897943 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.463917017 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.464818001 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.464833021 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.464922905 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.464940071 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.464998960 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.465763092 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.465840101 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.465848923 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.466609001 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.466650009 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.466686964 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.466698885 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.466711998 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.466720104 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.466762066 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.466933966 CEST	49766	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:23.466958046 CEST	443	49766	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:23.470108032 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.470145941 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.470206022 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.470408916 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.470421076 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.470705986 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.470741987 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.470797062 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.470925093 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.470936060 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.957696915 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.957775116 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.957952976 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.960032940 CEST	49767	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.960053921 CEST	443	49767	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.960619926 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.960653067 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.960727930 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.960890055 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:23.960901022 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:23.964164972 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.964251041 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.964344025 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.964368105 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.964442015 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.964462042 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.965284109 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.965348959 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.965370893 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.965429068 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.966169119 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.966228962 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.966325045 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.966332912 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:23.966393948 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:23.966450930 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.017115116 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.017115116 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.017134905 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.064033031 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.104302883 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.104341984 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.104511023 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.104512930 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.104566097 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.106053114 CEST	49768	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.106080055 CEST	443	49768	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.246820927 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.246850967 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.246933937 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.247113943 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.247124910 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.435611963 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:24.435962915 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:24.435976982 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:24.436283112 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:24.436655045 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:24.436712980 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:24.436903000 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:24.477643013 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.484498978 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:24.524496078 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.576618910 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.576658964 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.576687098 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.576750040 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.576766968 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.576786995 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.576817036 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.577214956 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.577271938 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.578135014 CEST	49769	443	192.168.2.16	142.251.35.164
Aug 30, 2024 19:06:24.578150988 CEST	443	49769	142.251.35.164	192.168.2.16
Aug 30, 2024 19:06:24.841774940 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.842045069 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.842061996 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.842370987 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.842443943 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.842967033 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.843019962 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.843935013 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.843986034 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.844114065 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:24.844120979 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:24.889013052 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.040375948 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.040525913 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.040571928 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.044820070 CEST	49771	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.044836044 CEST	443	49771	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.598325014 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.598346949 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.598361015 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.598511934 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.598511934 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.598537922 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.598591089 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.632250071 CEST	49772	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.632285118 CEST	443	49772	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.632438898 CEST	49772	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.632817984 CEST	49773	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.632843971 CEST	443	49773	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.632905006 CEST	49773	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633212090 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633219004 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.633277893 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633528948 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633538961 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.633589029 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633822918 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633841038 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.633892059 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.633997917 CEST	49772	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.634007931 CEST	443	49772	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.634221077 CEST	49773	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.634231091 CEST	443	49773	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.634346962 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.634356022 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.634447098 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.634455919 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.634536028 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:25.634550095 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:25.685846090 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.685878038 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.686043978 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.686064005 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.686130047 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.687530041 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.687546015 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.687607050 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.687621117 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.687666893 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.688723087 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.688786983 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.688796997 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.731146097 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.777401924 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.777421951 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.777510881 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.777527094 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.777595997 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.778424025 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.778441906 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.778508902 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.778512955 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.778561115 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.793812037 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.793840885 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:25.793920040 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.793946981 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.793953896 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:25.794008017 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.794106960 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.794137955 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:25.794190884 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.794270992 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.794286966 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:25.794384003 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.794394970 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:25.794472933 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:25.794483900 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:25.998251915 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.998265028 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.998298883 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.998366117 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.998383999 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.998414040 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.998434067 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.999371052 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.999387980 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.999444962 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.999450922 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.999495983 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.999660015 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:25.999716997 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:25.999721050 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.000520945 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.000579119 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.000582933 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.050024033 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.197428942 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.197813034 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.197818995 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.197833061 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198015928 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.198031902 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198223114 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198292971 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.198402882 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198461056 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.198494911 CEST	443	49773	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198719978 CEST	49773	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.198728085 CEST	443	49773	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198915005 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.198977947 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.199069977 CEST	443	49773	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.199088097 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.199093103 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.199134111 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.199166059 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.199332952 CEST	49773	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.199388981 CEST	443	49773	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.199436903 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.199501038 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.199552059 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.199558020 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.201478004 CEST	443	49772	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.201657057 CEST	49772	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.201713085 CEST	443	49772	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.202070951 CEST	443	49772	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.202331066 CEST	49772	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.202404022 CEST	443	49772	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.213584900 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.213885069 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.213918924 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.214247942 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.214344025 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.214848995 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.214903116 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.215032101 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.215084076 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.239125013 CEST	49773	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.239130020 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.239147902 CEST	443	49776	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.245115042 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.245125055 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.245197058 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.254002094 CEST	49772	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.254378080 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.270083904 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.270092010 CEST	443	49775	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:26.286022902 CEST	49776	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.318028927 CEST	49775	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:26.427371025 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.427591085 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.427607059 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.427649975 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.427717924 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.427738905 CEST	443	49770	23.52.162.42	192.168.2.16
Aug 30, 2024 19:06:26.427789927 CEST	49770	443	192.168.2.16	23.52.162.42
Aug 30, 2024 19:06:26.428319931 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.428559065 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.428577900 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.429680109 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.429753065 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.430687904 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.430733919 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.430855989 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.430865049 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.458709955 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.458973885 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.459000111 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.459852934 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.460005999 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.460210085 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.460253954 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.460338116 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.460345030 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.475054979 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.507055998 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.525075912 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.525402069 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.525432110 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.526289940 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.526452065 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.526737928 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.526783943 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.526896000 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.526910067 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.529937029 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.529953957 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.529961109 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.529995918 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.530024052 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.530024052 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.530045033 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.530071020 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.530100107 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.562745094 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.562771082 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.562803984 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.562846899 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.562882900 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.562939882 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.563657045 CEST	49779	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.563673019 CEST	443	49779	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.566821098 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.566860914 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.566960096 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.567154884 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.567171097 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.571021080 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.615752935 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.615777016 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.615902901 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.615936041 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.616033077 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.617573023 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.617590904 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.617659092 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.617671967 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.617724895 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.627800941 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.627819061 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.627827883 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.627855062 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.627876997 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.627935886 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.627964973 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.628129005 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.628129005 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.671813965 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:26.671861887 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:26.671950102 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:26.672142029 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:26.672156096 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:26.687391043 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:26.687433958 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:26.687524080 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:26.687726021 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:26.687741041 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:26.702311993 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.702353001 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.702486038 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.702521086 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.702678919 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.703480959 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.703500986 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.703588009 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.703620911 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.703669071 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.704687119 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.704708099 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.704793930 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.704817057 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.704860926 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.707218885 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.707242012 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.707326889 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.707350969 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.707392931 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.713953972 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.713982105 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.714112043 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.714143991 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.714191914 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.715848923 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.715867043 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.715950012 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:26.715977907 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:26.716027975 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.101283073 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.101300955 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.101347923 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.101371050 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.101396084 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.101418972 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.101443052 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.102328062 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.102351904 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.102428913 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.102442980 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.102495909 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.103233099 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.103249073 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.103308916 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.103322029 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.103364944 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.104163885 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.104180098 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.104243994 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.104258060 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.104300976 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.105214119 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.105226994 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.105266094 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.105298996 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.105318069 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.105350018 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.105365992 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.106141090 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.106167078 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.106226921 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.106240988 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.106286049 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.107120037 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.107141972 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.107212067 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.107234955 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.107284069 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.108056068 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.108078003 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.108140945 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.108160019 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.108208895 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:27.108210087 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.108293056 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:27.108334064 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:27.108792067 CEST	49774	443	192.168.2.16	13.107.5.80
Aug 30, 2024 19:06:27.108812094 CEST	443	49774	13.107.5.80	192.168.2.16
Aug 30, 2024 19:06:27.109834909 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.109858990 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.109910965 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.109941959 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.109961987 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.110008001 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.110779047 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.110795975 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.110865116 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.110886097 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.110961914 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.111582041 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.111603975 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.111654997 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.111665964 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.111696005 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.111720085 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.112649918 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.112672091 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.112744093 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.112762928 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.112813950 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.113527060 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.113543987 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.113547087 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.113559961 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.113632917 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.113656998 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.113692045 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.113692045 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.113703966 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.113728046 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.113749981 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.114473104 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.114489079 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.114528894 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.114574909 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.114598989 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.114614010 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.114624977 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.114666939 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.114876032 CEST	49777	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.114898920 CEST	443	49777	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.115844011 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.115868092 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.115936995 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.115961075 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.116010904 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.116755009 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.116772890 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.116847038 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.116848946 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.116871119 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.116909981 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.116945028 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.117254019 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.117289066 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.117355108 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.117505074 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.117530107 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.117806911 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.117821932 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.117880106 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.117892981 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.118637085 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.118655920 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.118707895 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.118726015 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.118762016 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.119599104 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.119612932 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.119664907 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.119685888 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.119709015 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.121263027 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.121280909 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.121349096 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.121368885 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.121385098 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.122292995 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.122307062 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.122375011 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.122395992 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.123398066 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.123415947 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.123472929 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.123486042 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.124840021 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.124860048 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.124931097 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.124943972 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.125854015 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.125869036 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.125920057 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.125927925 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.125965118 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.126091003 CEST	49778	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.126106024 CEST	443	49778	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.128575087 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.128607988 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.128683090 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.128839970 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.128850937 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.307764053 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.308063984 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.308088064 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.308964968 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.309039116 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.310074091 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.310122013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.310261011 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.310269117 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.313034058 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.313226938 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.313234091 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.314090014 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.314150095 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.314587116 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.314632893 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.314894915 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.315059900 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.315085888 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.315416098 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.315896034 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.315952063 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.316020012 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.352051020 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.360495090 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.368218899 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.368233919 CEST	443	49782	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.416053057 CEST	49782	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.418535948 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.418556929 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.418570995 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.418649912 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.418679953 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.418731928 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.505728960 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.505748987 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.505834103 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.505863905 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.505914927 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.507462025 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.507482052 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.507544041 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.507555008 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.507602930 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.594192982 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.594214916 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.594424963 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.594451904 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.594504118 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595040083 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595056057 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595114946 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595124006 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595170975 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595304012 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595341921 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595371008 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595379114 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595391989 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.595423937 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595452070 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595670938 CEST	49780	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.595686913 CEST	443	49780	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.598581076 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.598609924 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.598690987 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.598867893 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.598881006 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.639892101 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.639944077 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.640149117 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.640178919 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.640237093 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.643893003 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.643959999 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.653805017 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.653903008 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.728044033 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.728264093 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.728764057 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.728770971 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.728859901 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.728874922 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.728920937 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.733017921 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.733078003 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.751331091 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.751384974 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.751431942 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.751457930 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.751473904 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.764292002 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.764550924 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.764578104 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.765466928 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.765631914 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.765825987 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.765882969 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.765968084 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.765976906 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.772017956 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.772206068 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.772232056 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.772536039 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.772854090 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.772913933 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.772939920 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.798115969 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.814142942 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.814146042 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.814167976 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.815468073 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.815495968 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.815552950 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.815577984 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.815602064 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.815615892 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.816442013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.816495895 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.816520929 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.816528082 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.816555977 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.820151091 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.820195913 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.820239067 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.820246935 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.820282936 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.834800005 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.834840059 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.834881067 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.834891081 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.834922075 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.834942102 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.837889910 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.837958097 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.852948904 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.852992058 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.853027105 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.853044987 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.853059053 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.863905907 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.863923073 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.863944054 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.863995075 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.864015102 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.864068031 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.864418983 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.864455938 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.864502907 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.864895105 CEST	49785	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.864912033 CEST	443	49785	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.866745949 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.866787910 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.866874933 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.867057085 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.867064953 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875623941 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875649929 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875658035 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875689030 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875709057 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875768900 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.875806093 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.875823021 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.875861883 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.894037008 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.903882027 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.903928995 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.903970003 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.903976917 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.904015064 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.904027939 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.904043913 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.904072046 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.905066013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.905108929 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.905145884 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.905154943 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.905185938 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.905209064 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.908334017 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.908377886 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.908416986 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.908443928 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.908457041 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.908504009 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.915971041 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.916028976 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.916085005 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.916100025 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.916131020 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.916152954 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.922547102 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.922591925 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.922638893 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.922645092 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.922684908 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.922697067 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.932190895 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.932233095 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.932271004 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.932279110 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.932307005 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.932334900 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.941314936 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.941355944 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.941390038 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.941399097 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.941431999 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.941452980 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.976710081 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.976778984 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.976891994 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.976891994 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.977189064 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.977189064 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.977209091 CEST	443	49784	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.977262974 CEST	49784	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.979595900 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.979630947 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.979723930 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.980671883 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:27.980688095 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:27.991063118 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.991120100 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.991167068 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.991183043 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.991226912 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.993974924 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.994014978 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.994060040 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.994066000 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.994091988 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.994108915 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.995332003 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.995373011 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.995414972 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.995423079 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.995445013 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.995460987 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.995515108 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.995557070 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.995585918 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.995592117 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:27.995618105 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:27.995625019 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.000396013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.000437975 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.000473022 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.000479937 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.000499964 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.000528097 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.010551929 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.010593891 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.010633945 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.010643959 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.010668993 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.010683060 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.028716087 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.028759003 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.028815031 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.028821945 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.028860092 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.028872967 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.029642105 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.029687881 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.029730082 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.029736042 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.029762030 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.029810905 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.081722021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.081779003 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.081845045 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.081871986 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.081886053 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.081933975 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.082360029 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.082401991 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.082441092 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.082448006 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.082472086 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.082493067 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.083513021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.083569050 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.083589077 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.083610058 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.083643913 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.083659887 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.084235907 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.084274054 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.084319115 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.084327936 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.084347963 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.084364891 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.088459969 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.088537931 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.088542938 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.088562012 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.088608980 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.098306894 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.098349094 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.098387957 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.098398924 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.098418951 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.098437071 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.104192019 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.104232073 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.104274035 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.104280949 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.104311943 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.104324102 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.114897013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.114938021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.114994049 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.115005016 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.115034103 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.115041018 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.166343927 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.166366100 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.166476011 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.166501045 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.166548967 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.167030096 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.167067051 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.167104959 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.167112112 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.167144060 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.167150974 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.167915106 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.167928934 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.168023109 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.168030024 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.168073893 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.170772076 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.170788050 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.170861959 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.170871019 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.170911074 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.175906897 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.175924063 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.176033020 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.176040888 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.176098108 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.185915947 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.185961962 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.186032057 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.186041117 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.186060905 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.186085939 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.192310095 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.192349911 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.192387104 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.192394018 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.192425013 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.192442894 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.203205109 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.203243971 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.203295946 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.203304052 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.203345060 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.203363895 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.256438017 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.256531954 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.256560087 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.256582975 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.256614923 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.256624937 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.257503033 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.257546902 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.257584095 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.257591009 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.257620096 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.257638931 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.258302927 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.258344889 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.258368969 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.258375883 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.258419991 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.259351015 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.259392977 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.259435892 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.259443045 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.259468079 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.259486914 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.260354996 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.260688066 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.260710955 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.261003971 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.261296034 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.261348009 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.261424065 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.263674021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.263730049 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.263767004 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.263772964 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.263808966 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.263823986 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.274065018 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.274110079 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.274153948 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.274161100 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.274198055 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.274207115 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.290466070 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.290512085 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.290549994 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.290556908 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.290610075 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.308490038 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.320734024 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.320765018 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.320849895 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.321094036 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.321110010 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.330904961 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.330928087 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.331054926 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.331063032 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.331125021 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.339018106 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.339065075 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.339148045 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.339421034 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.339430094 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.343936920 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.343971014 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.344052076 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.344058037 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.344120979 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.345292091 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.345309973 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.345410109 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.345416069 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.345460892 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.345681906 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.345700979 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.345774889 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.345773935 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.345782042 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.345798969 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.345823050 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.345890999 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.346481085 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.346492052 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.346936941 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.346952915 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.347047091 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.347054005 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.347096920 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.350944042 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.350969076 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.351061106 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.351244926 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.351246119 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.351254940 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.351269960 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.351361036 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.351372004 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.351428986 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.360502958 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.360573053 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.360630035 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.361557007 CEST	49786	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.361572981 CEST	443	49786	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.361660957 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.361682892 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.361742973 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.361751080 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.361807108 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.363373041 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.363406897 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.363497019 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.363712072 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.363720894 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.377979994 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.378002882 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.378109932 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.378118038 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.378173113 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.418692112 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.418713093 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.418912888 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.418936014 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.419022083 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.431613922 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.431638956 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.431829929 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.431838036 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.431901932 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.433058023 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.433074951 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.433156013 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.433161974 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.433208942 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.433561087 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.433578014 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.433651924 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.433657885 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.433692932 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.434549093 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.434566021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.434642076 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.434648037 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.434689045 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.438788891 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.438807011 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.438891888 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.438899040 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.438956022 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.449256897 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.449281931 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.449367046 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.449390888 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.449455023 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.465473890 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.465491056 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.465595007 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.465615034 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.465770006 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.506366968 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.506390095 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.506645918 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.506670952 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.506725073 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.519184113 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.519202948 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.519275904 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.519284010 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.519331932 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.520957947 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.520973921 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.521044016 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.521050930 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.521104097 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.521708965 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.521725893 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.521790028 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.521797895 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.521846056 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.522522926 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.522538900 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.522597075 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.522603989 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.522650003 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.526359081 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.526374102 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.526449919 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.526462078 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.526513100 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.534066916 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.534554005 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.534576893 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.534924030 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.535259962 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.535315990 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.535453081 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.537765026 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.537790060 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.537879944 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.537889957 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.537951946 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.553313971 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.553333044 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.553406000 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.553412914 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.553456068 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.580506086 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.594897032 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.594913960 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.595019102 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.595036983 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.595083952 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.608778000 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.608794928 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.608987093 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.609009027 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.609070063 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.611713886 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.611727953 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.611797094 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.611804962 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.611875057 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.612884998 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.612900972 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.612983942 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.612993002 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.613042116 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.614022017 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.614037037 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.614100933 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.614111900 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.614155054 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.618912935 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.619168043 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.619194984 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.619519949 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.619820118 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.619868040 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.619894028 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.619909048 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.619982958 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.619996071 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.620002985 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.620045900 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.636123896 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.636142015 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.636225939 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.636250973 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.636399031 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.660784960 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.660801888 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.660989046 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.661000967 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.661050081 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.664490938 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.690428972 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.690449953 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.690510035 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.690622091 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.690622091 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.691713095 CEST	49787	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.691729069 CEST	443	49787	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.693427086 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.693466902 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.693561077 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.693758011 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.693766117 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.716183901 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.716201067 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.716291904 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.716315031 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.716470957 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.732820988 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.732837915 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.733014107 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.733021021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.733072996 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.734551907 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.734565973 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.734632015 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.734638929 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.734687090 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.735188961 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.735203981 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.735266924 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.735272884 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.735312939 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.736341000 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.736360073 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.736416101 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.736422062 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.736450911 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.736466885 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.738215923 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.738231897 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.738301039 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.738312006 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.738362074 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.743906021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.743921041 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.744008064 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.744014978 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.744061947 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.767976999 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.767982960 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.767998934 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.767999887 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.768013954 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.768237114 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.768239975 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.768248081 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.768249989 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.768311977 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.769514084 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.804100037 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.804136038 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.804322004 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.804328918 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.804387093 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.823256969 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.823280096 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.823591948 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.823592901 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.823609114 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.823627949 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.823668957 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.823676109 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.823704958 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.823731899 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.824471951 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.824496031 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.824547052 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.824553013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.824585915 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.824610949 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.825891018 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.825906992 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.825988054 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.825994015 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.826050997 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.826790094 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.826807976 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.826874971 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.826880932 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.826929092 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.833477974 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.833496094 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.833570957 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.833578110 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.833621025 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.849147081 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.849167109 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.849242926 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.849251032 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.849289894 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.850958109 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.850982904 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.851057053 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.851063013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.851108074 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.868083000 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.868340969 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.868351936 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.868695974 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.868861914 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.869373083 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.869431019 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.869612932 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.869832993 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.869839907 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.870153904 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.870215893 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.870270014 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.870321035 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.870650053 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.870656013 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.870671988 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.870680094 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.870824099 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.870874882 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.871527910 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.871575117 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.871681929 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.871686935 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.871741056 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.871757030 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.891751051 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.891768932 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.891855001 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.891863108 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.892014980 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.902456999 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.902704954 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.902729988 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.903090000 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.903261900 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.903754950 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.903824091 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.904624939 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.904714108 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.904768944 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.904793978 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.904800892 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.907469034 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.907651901 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.907672882 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.907984972 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.908046961 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.908605099 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.908663988 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.908807039 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.908864975 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.908932924 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.908937931 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.908957005 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.908988953 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:28.910540104 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.910567045 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.910633087 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.910639048 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.910693884 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.912708998 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.912733078 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.912827015 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.912833929 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.912889004 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.913419962 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.913443089 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.913513899 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.913522005 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.913574934 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.914598942 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.914621115 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.914690971 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.914697886 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.914752960 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.915632963 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.915652990 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.915734053 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.915743113 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.915802956 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.920064926 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.920082092 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.920177937 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.920191050 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.920238972 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.924041033 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.924042940 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.933471918 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.933495998 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.933573961 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.933582067 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.933733940 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.936060905 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.936079025 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.936151981 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.936158895 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.936216116 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.937052965 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.937072039 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.937149048 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.937155962 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.937211990 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.938699961 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.938716888 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.938796997 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.938803911 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:28.938853979 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:28.939435005 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.939452887 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.939523935 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.939532995 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.939587116 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.956048012 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.956305027 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:28.980061054 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.980078936 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.980165958 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.980176926 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.980221987 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.987716913 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.987735033 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.987802029 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.987817049 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.987828970 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.987885952 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.988769054 CEST	49791	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.988780975 CEST	443	49791	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.991636992 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.991656065 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.991722107 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.991727114 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.991785049 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.992100954 CEST	49789	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:28.992114067 CEST	443	49789	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:28.998316050 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.998332977 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.998403072 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:28.998410940 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:28.998456001 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.000463009 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.000489950 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.000543118 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.000550985 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.000616074 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.001149893 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.001166105 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.001239061 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.001250982 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.001305103 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.002449989 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.002468109 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.002511024 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.002516985 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.002576113 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.003928900 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.003954887 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.004095078 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.004102945 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.004179955 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.007744074 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.007781982 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.007833958 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.007839918 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.007900000 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.029055119 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029077053 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029155016 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.029161930 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029211044 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.029687881 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029704094 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029740095 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029774904 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.029782057 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029813051 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.029831886 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.029859066 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.029972076 CEST	49788	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.029977083 CEST	443	49788	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.030414104 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.030457020 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.030497074 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.030504942 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.030541897 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.030567884 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.032700062 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.032740116 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.032840014 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.033030033 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.033039093 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.035948992 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.036259890 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.036276102 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.036580086 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.037074089 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.037142992 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.037338018 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.037868977 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.037884951 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.037950039 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:29.037950993 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.038012028 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:29.038590908 CEST	49792	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:29.038595915 CEST	443	49792	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.063801050 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.063821077 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.063888073 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.063893080 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:29.063951015 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:29.064301968 CEST	49790	443	192.168.2.16	52.159.108.190
Aug 30, 2024 19:06:29.064315081 CEST	443	49790	52.159.108.190	192.168.2.16
Aug 30, 2024 19:06:29.067384005 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.067428112 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.067481995 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.067490101 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.067550898 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.080508947 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.085644960 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.085689068 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.085742950 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.085762978 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.085808992 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.085818052 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.087630033 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.087668896 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.087707996 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.087718964 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.087754011 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.087795019 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.088200092 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.088255882 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.088285923 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.088293076 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.088321924 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.088344097 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.089417934 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.089457989 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.089497089 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.089505911 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.089540005 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.089557886 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.090250015 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.090289116 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.090332985 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.090339899 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.090390921 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.092613935 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:29.092678070 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:29.092741013 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:29.094814062 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.094866037 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.094912052 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.094923019 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.094955921 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.095007896 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.095967054 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:29.096122026 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:29.096182108 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:29.114759922 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.114839077 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.114937067 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115067959 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115094900 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.115176916 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115364075 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115370989 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.115431070 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115596056 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115628004 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.115685940 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115695953 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.115789890 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.115797997 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.116833925 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.116877079 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.116925955 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.116940022 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.116991997 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.117014885 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.141058922 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.141083002 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.141097069 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.141187906 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.141201973 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.141241074 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.141273022 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.155297995 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.155369043 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.155400038 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.155416012 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.155453920 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.155474901 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.173530102 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.173553944 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.173640966 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.173655987 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.173708916 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.175431967 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.175463915 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.175512075 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.175520897 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.175545931 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.175575018 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.175878048 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.175896883 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.175973892 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.175982952 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.176039934 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.177351952 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.177396059 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.177464008 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.177472115 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.177515030 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.177970886 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.178013086 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.178059101 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.178065062 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.178102970 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.178133965 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.182579994 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.182622910 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.182666063 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.182672977 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.182718992 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.204355955 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.204375982 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.204461098 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.204469919 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.204516888 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.224476099 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.224503994 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.224636078 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.224666119 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.224725008 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.225931883 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.225946903 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.226056099 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.226063967 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.226108074 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.248116970 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.248168945 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.248226881 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.248250961 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.248289108 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.248313904 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.261502028 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.261543989 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.261614084 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.261622906 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.261692047 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.263077021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.263119936 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.263155937 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.263166904 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.263196945 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.263220072 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.263541937 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.263586044 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.263627052 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.263633966 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.263679028 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.265692949 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.265734911 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.265794992 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.265800953 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.265827894 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.265855074 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.266226053 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.266263962 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.266319036 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.266324997 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.266350031 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.266383886 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.270215034 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.270257950 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.270315886 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.270322084 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.270380974 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.291922092 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.291968107 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.292054892 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.292062998 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.292110920 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.311079979 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.311096907 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.311192989 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.311223984 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.311288118 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.311790943 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.311805964 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.311877012 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.311883926 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.311933041 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.312215090 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.312231064 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.312275887 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.312283993 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.312316895 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.312361002 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.313359976 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.313374043 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.313457966 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.313466072 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.313515902 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.335711956 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.335769892 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.335808992 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.335817099 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.335886955 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.342899084 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.343167067 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.343182087 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.344305038 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.345583916 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.345752954 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.345791101 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.349447966 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.349489927 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.349541903 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.349556923 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.349626064 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.350723982 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.350764990 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.350800037 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.350806952 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.350864887 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.351392984 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.351433992 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.351469040 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.351475954 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.351511002 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.351547956 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.353316069 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.353357077 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.353398085 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.353408098 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.353482962 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.353960991 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.354005098 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.354039907 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.354046106 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.354084015 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.354110003 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.357752085 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.357836008 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.357837915 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.357865095 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.357898951 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.357923985 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.379663944 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.379759073 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.379765987 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.379791975 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.379858017 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.388515949 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.397468090 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.397504091 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.397553921 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.397567034 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.397613049 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.398273945 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.398288965 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.398364067 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.398370981 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.398435116 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.398799896 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.398814917 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.398876905 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.398885012 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.398958921 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.399760962 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.399775982 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.399853945 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.399861097 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.399907112 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.400053024 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.400648117 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.400664091 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.400738001 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.400744915 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.400784016 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.401416063 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.401428938 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.401488066 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.401499987 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.401539087 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.402122021 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.402134895 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.402193069 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.402200937 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.402245998 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.423492908 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.423535109 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.423579931 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.423588037 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.423645020 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.437243938 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.437287092 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.437320948 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.437328100 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.437386990 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.438173056 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.438214064 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.438245058 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.438251019 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.438301086 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.438963890 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.439006090 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.439054012 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.439060926 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.439116001 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.441071033 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.441112041 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.441147089 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.441153049 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.441210985 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.441651106 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.441724062 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.441807985 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.441879034 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.445485115 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.445527077 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.445563078 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.445569992 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.445628881 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.446819067 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.446870089 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.446891069 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.446908951 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.446938992 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.446949005 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.446969032 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.447000027 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.447011948 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.447041988 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.447058916 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.467392921 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.467441082 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.467485905 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.467494011 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.467564106 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.485963106 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.485980034 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486042976 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486100912 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.486116886 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486152887 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.486160040 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486171961 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486205101 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.486207962 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486224890 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.486289024 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.486330986 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.491432905 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.491450071 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.491559029 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.491569042 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.491616011 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.492096901 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.492110968 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.492182970 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.492191076 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.492238998 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.493233919 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.493251085 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.493319035 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.493325949 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.493369102 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.493685961 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.493700027 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.493762970 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.493771076 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.493814945 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.511329889 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.511374950 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.511547089 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.511547089 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.511554956 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.511607885 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.524739027 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.524779081 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.524867058 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.524878979 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.524951935 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.525907040 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.525979042 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.526071072 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.526077986 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.526132107 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.527081013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.527158022 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.527173996 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.527182102 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.527214050 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.527236938 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.528786898 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.528827906 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.528879881 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.528887033 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.528945923 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.529867887 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.529906988 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.529953003 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.529966116 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.529972076 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.529977083 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.530097961 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.530105114 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.530138969 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.530153990 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.530937910 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.530952930 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.531039953 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.531045914 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.531096935 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.533075094 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.533118963 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.533169985 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.533176899 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.533211946 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.533231020 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.555174112 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.555214882 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.555315971 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.555322886 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.555393934 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.570854902 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.570871115 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.571034908 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.571048975 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.571116924 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.571408987 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.571428061 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.571496964 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.571504116 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.571547031 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.572241068 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.572256088 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.572324038 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.572331905 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.572380066 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.572814941 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.572828054 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.572906017 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.572911978 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.572957993 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.573548079 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.573565960 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.573645115 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.573652029 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.573704958 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.574285030 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.574297905 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.574359894 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.574367046 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.574413061 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.574914932 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.574928999 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.575031042 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.575038910 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.575093031 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.575484991 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.575500011 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.575575113 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.575582981 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.575628996 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.598834991 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.598936081 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.599000931 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.599078894 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.612545967 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.612588882 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.612632036 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.612639904 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.612700939 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.613641977 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.613682032 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.613732100 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.613739014 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.613766909 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.613791943 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.614635944 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.614675045 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.614712954 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.614723921 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.614753962 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.614774942 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.615819931 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.615840912 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.615909100 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.615916967 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.615972996 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.616441011 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.616497993 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.616516113 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.616523027 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.616554022 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.616580009 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.616991997 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.617008924 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.617065907 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.617070913 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.617124081 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.617628098 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.617665052 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.617701054 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.617707014 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.617738008 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.617763996 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.618190050 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.618206978 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.618278980 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.618283033 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.618329048 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.618952990 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.618968010 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.619045019 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.619050026 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.619096041 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.621301889 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.621345043 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.621397972 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.621403933 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.621457100 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.642877102 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.642918110 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.642996073 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.643002987 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.643058062 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.658447027 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.658466101 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.658556938 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.658571005 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.658615112 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.659028053 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.659041882 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.659104109 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.659111977 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.659161091 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.659410954 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.659425020 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.659492016 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.659499884 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.659548998 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.660301924 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.660315990 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.660377026 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.660383940 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.660444975 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.661120892 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.661134958 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.661178112 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.661191940 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.661199093 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.661237955 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.661283970 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.662143946 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.662156105 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.662215948 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.662223101 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.662992001 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.663008928 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.663064957 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.663074017 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.680736065 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.681118965 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.681133986 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.681452036 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.681777954 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.681835890 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.681946993 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.686731100 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.686779976 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.686837912 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.686846972 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.686904907 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.700448990 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.700512886 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.700546026 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.700551987 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.700584888 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.700611115 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.701212883 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.701252937 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.701296091 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.701302052 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.701335907 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.701361895 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.702683926 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.702724934 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.702759981 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.702765942 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.702809095 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.702852964 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.702877045 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.702923059 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.702928066 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.702951908 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.702992916 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.703398943 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.703413963 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.703476906 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.703480959 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.703531981 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.703895092 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.703910112 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.703989983 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.703995943 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.704042912 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.704695940 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.704782009 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.704792976 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.704818010 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.704855919 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.704879045 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.705099106 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.705116034 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.705172062 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.705177069 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.705208063 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.705234051 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.705677986 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.705718040 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.705753088 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.705760956 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.705806971 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.706121922 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.706140041 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.706199884 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.706204891 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.706248999 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.706594944 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.706612110 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.706671953 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.706676960 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.706712961 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.707218885 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.707246065 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.707290888 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.707298040 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.707319975 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.707353115 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.708981991 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.709022999 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.709084988 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.709091902 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.709144115 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.718044996 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.723139048 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.723144054 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.723388910 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.723404884 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.723496914 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.723510027 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.723772049 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.723840952 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.723851919 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.723911047 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.724502087 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.724539995 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.724595070 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.724605083 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.724647999 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.725701094 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.725758076 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.725948095 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.725955963 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.725970030 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.726085901 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.726134062 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.726232052 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.726238012 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.726253033 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.728578091 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.728771925 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.728777885 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.729094982 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.729167938 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.729779005 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.729836941 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.729940891 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.729991913 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.730053902 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.730060101 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.730073929 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.730535030 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.730576038 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.730612993 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.730622053 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.730654955 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.730680943 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.744915009 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.744941950 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.745045900 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.745055914 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.745115042 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.745352983 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.745372057 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.745429039 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.745438099 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.745480061 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.746012926 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.746028900 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.746094942 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.746104002 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.746150017 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.746480942 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.746494055 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.746550083 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.746556997 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.746602058 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.746987104 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.747004032 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.747062922 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.747070074 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.747112989 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.747610092 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.747623920 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.747697115 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.747709036 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.747755051 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.748012066 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.748025894 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.748099089 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.748107910 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.748153925 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.748647928 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.748662949 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.748727083 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.748734951 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.748780012 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.772515059 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.772536039 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.772542953 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:29.774296045 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.774413109 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.774434090 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.774513960 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.781128883 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.781128883 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.781832933 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:29.785197973 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.785218954 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.785233974 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.785301924 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.785312891 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.785367966 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.788259983 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.788302898 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.788382053 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.788388968 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.788446903 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.788831949 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.788873911 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.788892031 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.788908005 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.788908958 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.788914919 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.788996935 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.789005041 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.789036036 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.789051056 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.789530993 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.789546967 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.789613962 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.789618015 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.789658070 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.789947987 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.789963961 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.790029049 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.790034056 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.790077925 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.790724993 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.790740013 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.790811062 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.790816069 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.790859938 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.791146040 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.791186094 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.791218996 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.791225910 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.791254997 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.791277885 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.791635036 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.791676998 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.791699886 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.791706085 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.791752100 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.792360067 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.792402029 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.792486906 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.792495012 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.792534113 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.795670986 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.795687914 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.795762062 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.795768976 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.795815945 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.795869112 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.795885086 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.795943975 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.795953035 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.795999050 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.796298027 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.796324015 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.796359062 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.796364069 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.796396971 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.796416998 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.796951056 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.796993017 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.797090054 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.797101021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.797158957 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.797171116 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.797193050 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.797245979 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.797255039 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.797300100 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.818484068 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.818526983 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.818612099 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.818619013 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.818686008 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.833725929 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.833741903 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.833854914 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.833873987 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834055901 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.834057093 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834068060 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834084988 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834117889 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.834125996 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834157944 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.834182978 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.834716082 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834728003 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834816933 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.834824085 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834867954 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.834923983 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.834937096 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.835026979 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.835033894 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.835076094 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.835665941 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.835680962 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.835736036 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.835741997 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.835783958 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.836411953 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.836426973 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.836473942 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.836489916 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.836497068 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.836565971 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.837244987 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.837259054 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.837366104 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.837373972 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.861958981 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.862059116 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.862195969 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.862195969 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.862212896 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.862260103 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.872638941 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.872659922 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.872746944 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.872757912 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.872915030 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.874756098 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.874772072 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.874855042 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.874859095 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.874905109 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.876043081 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.876089096 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.876118898 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.876136065 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.876163960 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.876192093 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.876547098 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.876588106 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.876626968 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.876631021 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.876658916 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.876667976 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.876713037 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.876816988 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:29.876873016 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.876920938 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.876940966 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877015114 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.877021074 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877065897 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.877348900 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877365112 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877448082 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.877453089 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877501965 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.877840996 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877856016 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877914906 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.877919912 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.877986908 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.878101110 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.878118992 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.878190041 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.878192902 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.878240108 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.878293037 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.878308058 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.878375053 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.878380060 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.878427029 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.879010916 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.879025936 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.879091024 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.879096031 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.879142046 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.879452944 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.879468918 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.879528046 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.879534006 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:29.879581928 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.880541086 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.892035007 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:29.910552025 CEST	49781	443	192.168.2.16	206.168.190.239
Aug 30, 2024 19:06:29.910564899 CEST	443	49781	206.168.190.239	192.168.2.16
Aug 30, 2024 19:06:30.226100922 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.226182938 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.226258993 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.226934910 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.226953030 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227143049 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.227159977 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227210045 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.227449894 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227463961 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227524996 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.227525949 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227536917 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227565050 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227591038 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.227597952 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.227627039 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.227646112 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.228461981 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.228473902 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.228532076 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.228539944 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.228585005 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.229341984 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.229355097 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.229408026 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.229423046 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.229429960 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.229470968 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.229516029 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.230326891 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.230340958 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.230416059 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.230422974 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.230532885 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230556011 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230568886 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230590105 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230597973 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230600119 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230623007 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.230638027 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.230668068 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.230695009 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.231383085 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.231394053 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.231427908 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.231452942 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.231463909 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.231472969 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.231494904 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.231544018 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.232494116 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232511997 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232561111 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.232568026 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232603073 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.232692003 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232707977 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232738972 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232764006 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.232769012 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.232817888 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.232834101 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.233606100 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233622074 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233649969 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233664036 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233689070 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.233694077 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233704090 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233762980 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.233784914 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.233819008 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.233820915 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.234112978 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234129906 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234205008 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.234210014 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234257936 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.234363079 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234385014 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234453917 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.234457970 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234477043 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234498978 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234507084 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.234510899 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.234572887 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.235326052 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.235342026 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.235389948 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.235394955 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.235421896 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.235445023 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.235898972 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.235922098 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.235961914 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.235965967 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.236032009 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.236033916 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.236047029 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.236068010 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.236094952 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.236098051 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.236123085 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.236138105 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.236151934 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.236160040 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.236166954 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.236176968 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.236206055 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.236228943 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.236234903 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.236267090 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.236296892 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.236532927 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237165928 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237183094 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237231016 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237246037 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237253904 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237296104 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237340927 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237652063 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237653017 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237672091 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237715960 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237723112 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237745047 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237759113 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237771034 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237780094 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.237786055 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.237838030 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.238310099 CEST	49796	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.238326073 CEST	443	49796	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.238814116 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.238830090 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.238899946 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.238907099 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.238955021 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.239772081 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.239784956 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.239834070 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.239852905 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.239859104 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.239873886 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.239908934 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.239914894 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.239945889 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.239965916 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.241023064 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241036892 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241084099 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241100073 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241116047 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.241123915 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241204023 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.241209030 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241233110 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.241250992 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.241816998 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241837025 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241928101 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.241933107 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241944075 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241960049 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.241998911 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.242003918 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.242057085 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.242094040 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.242953062 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.242966890 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243010044 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243021965 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.243027925 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243073940 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.243119955 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.243634939 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243655920 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243716955 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.243722916 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243751049 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243765116 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243824005 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.243829966 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.243872881 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.244518042 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.244532108 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.244595051 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.244601965 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.244646072 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.244652987 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.244667053 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.244733095 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.244740009 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.244786024 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.244998932 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245018959 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245079994 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245085001 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245117903 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245400906 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245419979 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245482922 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245488882 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245517969 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245640993 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245661020 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245706081 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245708942 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245755911 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245783091 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245795012 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245845079 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245848894 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245872021 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.245918989 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.245938063 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246012926 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.246018887 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246175051 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246187925 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246257067 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.246263027 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246393919 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.246684074 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246699095 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246761084 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.246767998 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.246814013 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.246814966 CEST	49795	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.246830940 CEST	443	49795	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247457027 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247476101 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247523069 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.247529030 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247562885 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247579098 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.247584105 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247601986 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.247606993 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.247658968 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.247697115 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.247914076 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.247942924 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.247948885 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.247972965 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.248004913 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.248009920 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.248045921 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.248064995 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.248084068 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.248084068 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.248090029 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.248152018 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.248158932 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.248202085 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.248945951 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.248960018 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249025106 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249031067 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249073029 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249383926 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249397993 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249445915 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249450922 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249486923 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249507904 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249578953 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249598980 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249635935 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249644041 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.249677896 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.249694109 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.250427008 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250444889 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250487089 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.250494003 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250526905 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.250550032 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.250633001 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.250650883 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.250695944 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.250701904 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.250727892 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.250808001 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250827074 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250857115 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.250860929 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250895023 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.250932932 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.250946045 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.251018047 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.251024961 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.251741886 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.251853943 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.251868010 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.251916885 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.251920938 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.251946926 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.252115011 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.252135038 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.252165079 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.252171040 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.252226114 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.252310038 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.252324104 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.252386093 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.252389908 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.252413988 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.253242970 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253268957 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253315926 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.253319979 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253329039 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253351927 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253381014 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.253437042 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.253442049 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253484011 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.253865004 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253880978 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253943920 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.253948927 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.253968954 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.253983974 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.253990889 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.254013062 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.254018068 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.254097939 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.254103899 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.254128933 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.254137039 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.254183054 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.254483938 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.254818916 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.254838943 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.254903078 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.254909039 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.254959106 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255294085 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.255309105 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.255357981 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255364895 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.255409002 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255445004 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.255460024 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.255501032 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255507946 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.255537987 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255557060 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255798101 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.255886078 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256099939 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256230116 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256248951 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256249905 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256264925 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256292105 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256298065 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256361961 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256366014 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256392956 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256392956 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256452084 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256803989 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256818056 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256870031 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256874084 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256911039 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256918907 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.256922960 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256947041 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.256964922 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257015944 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257019043 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.257061958 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257375002 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257438898 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257560968 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257781029 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.257795095 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.257862091 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257867098 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.257911921 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.257934093 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.257952929 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258016109 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258023977 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258467913 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258481979 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258528948 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258534908 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258572102 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258584023 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258635998 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258639097 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258661985 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258702040 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258708000 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.258742094 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258949041 CEST	49798	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.258960009 CEST	443	49798	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.263478994 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.263493061 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.263565063 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.263571978 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.266129017 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.266148090 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.266215086 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.266222000 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.268616915 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.268630028 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.268685102 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.268690109 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.268729925 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.270031929 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.270050049 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.270097971 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.270103931 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.270144939 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.271678925 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.271692991 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.271760941 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.271768093 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.273370981 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.273389101 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.273443937 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.273451090 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.273488998 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.274312019 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.274328947 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.274386883 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.274396896 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.274441957 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.274571896 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.274596930 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.274631977 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.274638891 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.274663925 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.274683952 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.275198936 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.275214911 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.275273085 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.275286913 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.275332928 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.275404930 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.275418997 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.275475025 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.275480986 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.275938988 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.275955915 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.276032925 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.276040077 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.276084900 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.277528048 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.277543068 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.277609110 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.277616978 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.277666092 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.277952909 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.277967930 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.278021097 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.278028965 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.278079033 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.278239965 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.278260946 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.278301001 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.278306007 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.278347015 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.278700113 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.278721094 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.278768063 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.278774977 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.278800964 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.278814077 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.279269934 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.279284954 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.279333115 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.279336929 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.279370070 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.279414892 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.279433012 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.279479027 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.279485941 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.279515982 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.280311108 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.280323982 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.280378103 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.280384064 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281146049 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281163931 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281210899 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.281215906 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281224966 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281233072 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281246901 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.281276941 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.281281948 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281310081 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.281826019 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281848907 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281884909 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.281891108 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.281925917 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.282457113 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.282469988 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.282517910 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.282522917 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.282557964 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.293898106 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.293917894 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.294009924 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.294020891 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.294168949 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.324774981 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.324795961 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.324846029 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.324855089 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.324906111 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.325109959 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325140953 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325177908 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.325181961 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325226068 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.325464964 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325481892 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325608969 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.325613976 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325666904 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.325748920 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325768948 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325814962 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.325819969 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.325869083 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.326153994 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326170921 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326221943 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.326227903 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326272964 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.326528072 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326543093 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326603889 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.326611996 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326663017 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.326890945 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326911926 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.326965094 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.326971054 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327020884 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.327316046 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327331066 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327385902 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.327390909 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327431917 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.327833891 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327850103 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327902079 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.327907085 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.327945948 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.335027933 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.362550020 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.362566948 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.362644911 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.362652063 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.362709045 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.367516994 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.367531061 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.367619038 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.367624044 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.367674112 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368144035 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368158102 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368230104 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368236065 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368283033 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368501902 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368516922 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368576050 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368580103 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368626118 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368766069 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368781090 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368837118 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368840933 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.368880033 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.368899107 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369060993 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369076967 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369126081 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369129896 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369165897 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369191885 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369297028 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.369317055 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.369379044 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.369388103 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.369422913 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369438887 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369462013 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369494915 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369498968 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369530916 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.369530916 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369546890 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369621992 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369632959 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.369648933 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.369657040 CEST	443	49797	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:30.369697094 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.369704008 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.369749069 CEST	49797	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:30.369761944 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.369790077 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.371418953 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.371433973 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.371484995 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.371491909 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.371530056 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.372422934 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.372442961 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.372525930 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.372533083 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.372590065 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.373791933 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.373806953 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.373883963 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.373891115 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.373955965 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.374999046 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.375014067 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.375072002 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.375078917 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.375122070 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.377101898 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.377114058 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.377173901 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.377182961 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.377326965 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.380320072 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.411505938 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.411521912 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.411597013 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.411607027 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.411649942 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412018061 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412045002 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412097931 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412101984 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412133932 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412158012 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412452936 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412468910 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412523031 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412527084 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412566900 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412836075 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412853956 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412906885 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.412911892 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.412990093 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.413610935 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.413626909 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.413772106 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.413777113 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.413865089 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.414165020 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414181948 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414244890 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.414249897 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414294958 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.414457083 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414470911 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414546967 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.414551973 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414593935 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.414891005 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414906979 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.414963961 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.414969921 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.415023088 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.415518999 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.415538073 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.415597916 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.415601969 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.415644884 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.423130989 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.455918074 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.455935001 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.456013918 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.456026077 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.456104994 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.456542969 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.456558943 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.456613064 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.456620932 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.456707001 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.458316088 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.458349943 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.458374977 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.458380938 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.458417892 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.458429098 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.459270000 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.459300041 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.459336996 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.459342957 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.459371090 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.459386110 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.460585117 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.460607052 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.460658073 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.460664988 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.460714102 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.461805105 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.461818933 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.461869001 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.461874962 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.461901903 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.461915016 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.465030909 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.465063095 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.465092897 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.465099096 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.465115070 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.465137959 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.465152025 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.475056887 CEST	49793	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.475075006 CEST	443	49793	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499078035 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499102116 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499147892 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.499156952 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499185085 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.499205112 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.499577045 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499593973 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499640942 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.499644995 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.499671936 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.499690056 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.500309944 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.500324965 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.500376940 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.500380993 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.500403881 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.500422955 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.500585079 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.500598907 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.500648975 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.500653982 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.500689983 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.501156092 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.501172066 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.501224041 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.501228094 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.501270056 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.501406908 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.501425982 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.501466990 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.501471996 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.501744032 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.502186060 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.502201080 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.502258062 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.502263069 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.502302885 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.502445936 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.502460957 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.502509117 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.502512932 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.502578974 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586071014 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586091042 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586155891 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586169958 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586211920 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586419106 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586433887 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586473942 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586478949 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586503029 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586525917 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586781025 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586796999 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586853981 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.586858988 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.586899042 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587143898 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587158918 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587207079 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587210894 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587235928 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587263107 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587502956 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587518930 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587559938 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587565899 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587599039 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587610960 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.587980032 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.587996006 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.588051081 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.588057041 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.588095903 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.588392019 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.589035034 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.589051008 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.589107990 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.589112997 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.589160919 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.589508057 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.589523077 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.589574099 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.589577913 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.589633942 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.672892094 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.672911882 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.672970057 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.672983885 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673033953 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.673151970 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673167944 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673219919 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.673223972 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673264980 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.673609018 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673624039 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673672915 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.673679113 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.673717976 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.674006939 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.674026966 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.674078941 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.674082994 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.674125910 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.674367905 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.674388885 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.674418926 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.674422979 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.674457073 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.674470901 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.675386906 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.675420046 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.675457001 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.675460100 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.675477028 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.675496101 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.675528049 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.677143097 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.694813967 CEST	49794	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.694828033 CEST	443	49794	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.789030075 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.789069891 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.789176941 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.789417028 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.789429903 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.805955887 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.805970907 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.806075096 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.806299925 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.806308985 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.813007116 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.813045979 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:30.813150883 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.813308954 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:30.813323021 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.444011927 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.445441008 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.445460081 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.446430922 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.446516037 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.446820021 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.446878910 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.447009087 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.460594893 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.460834980 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.460860968 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.461183071 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.461556911 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.461612940 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.461616039 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.483428001 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.483735085 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.483742952 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.484097004 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.484370947 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.484426975 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.484500885 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.488507032 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.499135971 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.499145031 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.508501053 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.515141964 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.528501987 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.545829058 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.545839071 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.545874119 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.545893908 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.545901060 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.546005964 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.546005964 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.546024084 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.546035051 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.546077013 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.567786932 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.567809105 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.567816019 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.567847967 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.567859888 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.567869902 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.567980051 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.567981005 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.567991018 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.568042040 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.590550900 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.591165066 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.591183901 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.591370106 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.591378927 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.591438055 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.632603884 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632616997 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632664919 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632687092 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632694006 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632695913 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.632705927 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632710934 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632776976 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.632860899 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.632860899 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.632878065 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.633084059 CEST	49801	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.633096933 CEST	443	49801	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.635776043 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.635793924 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.635871887 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.636118889 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.636128902 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.656641960 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.656723022 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.656725883 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.656985998 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.656991959 CEST	443	49799	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.657020092 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.657059908 CEST	49799	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.660784006 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.660800934 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.660866022 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.661030054 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.661040068 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.681622982 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.681668997 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.681710005 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.681718111 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.681740999 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:31.681767941 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.681792021 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.681963921 CEST	49800	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:31.681972980 CEST	443	49800	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.275626898 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.279088974 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.279119015 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.279469013 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.283530951 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.283606052 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.283695936 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.313272953 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.314619064 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.314646006 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.315006971 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.316808939 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.316867113 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.316950083 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.328490019 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.360502958 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.385227919 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.385250092 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.385266066 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.385353088 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.385370970 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.385449886 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.433398962 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.433422089 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.433434963 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.433487892 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.433497906 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.433530092 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.433548927 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.468718052 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.468744040 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.468822956 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.468846083 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.468866110 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.468900919 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.470597029 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.470617056 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.470675945 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.470685005 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.470725060 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.518548965 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.518567085 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.518763065 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.518774986 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.518826962 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.520879984 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.520894051 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.520956039 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.520962954 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.521012068 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.558079958 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558100939 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558295965 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.558309078 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558352947 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558360100 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.558367014 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558382988 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558396101 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.558439016 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.558444023 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.558489084 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.559370995 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.559390068 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.559448957 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.559454918 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.559492111 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.560242891 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.560261011 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.560318947 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.560326099 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.560365915 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.604080915 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.604098082 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.604294062 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.604321957 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.604371071 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.605031013 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.605098009 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.605098009 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.605144024 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.606791973 CEST	49803	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.606807947 CEST	443	49803	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.644771099 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.644790888 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.644859076 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.644881964 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.644932032 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.645466089 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.645483017 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.645539045 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.645545006 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.645591974 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.646308899 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.646326065 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.646406889 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.646414042 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.646466017 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.647278070 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.647295952 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.647356987 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.647366047 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.647423029 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.648164988 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.648181915 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.648237944 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.648247957 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:32.648296118 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:32.953241110 CEST	49804	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:32.953280926 CEST	443	49804	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:32.953376055 CEST	49804	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:32.953578949 CEST	49804	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:32.953589916 CEST	443	49804	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:33.104968071 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.104980946 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105021000 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105186939 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105186939 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105215073 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105232954 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105259895 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105271101 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105277061 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105297089 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105314970 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105340004 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105541945 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105556011 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105606079 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105613947 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105658054 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105835915 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105853081 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105904102 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105910063 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.105921030 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.105953932 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.106076956 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.106096029 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.106148005 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.106154919 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.106199980 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.110440016 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.110461950 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.110502005 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.110507965 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.110538006 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.110874891 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.110894918 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.110908031 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.110913992 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.110924006 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.110965014 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.111381054 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.111401081 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.111449003 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.111455917 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.111504078 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.111699104 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.111713886 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.111771107 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.111777067 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.111815929 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.112564087 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.112585068 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.112642050 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.112647057 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.112696886 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.112756968 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.112776995 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.112826109 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.112831116 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.112843990 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.112865925 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.113632917 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.113660097 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.113694906 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.113699913 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.113729000 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.113751888 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.114195108 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.114222050 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.114258051 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.114263058 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.114283085 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.114300966 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.114587069 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.114605904 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.114650965 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.114655972 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.114679098 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.114697933 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115223885 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115243912 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115322113 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115333080 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115371943 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115613937 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115645885 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115678072 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115684986 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115701914 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.115708113 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115746021 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115823030 CEST	49802	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.115832090 CEST	443	49802	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.355072021 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.355110884 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.355186939 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.355577946 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.355590105 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.356008053 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.356014967 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.356071949 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.356245995 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.356255054 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.357326031 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.357356071 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.357433081 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.357570887 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.357580900 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.479950905 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.479973078 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.480046034 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.480498075 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.480508089 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.490313053 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.490343094 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.490447044 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.490798950 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.490808964 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.491188049 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.491195917 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.491251945 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.491410971 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.491419077 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.520415068 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.520430088 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.520504951 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.520658016 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:33.520667076 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:33.572678089 CEST	443	49804	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:33.573139906 CEST	49804	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:33.573148966 CEST	443	49804	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:33.573466063 CEST	443	49804	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:33.573800087 CEST	49804	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:33.573854923 CEST	443	49804	23.33.238.58	192.168.2.16
Aug 30, 2024 19:06:33.617043018 CEST	49804	443	192.168.2.16	23.33.238.58
Aug 30, 2024 19:06:34.042438030 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.042804956 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.042831898 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.043848038 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.043939114 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.044198990 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.044250011 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.044347048 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.044353962 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.047643900 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.047821999 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.047835112 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.048690081 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.048748016 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.048980951 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.049022913 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.049081087 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.049087048 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.070207119 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.070477962 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.070485115 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.071356058 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.071418047 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.071645021 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.071692944 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.071743965 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.094135046 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.094136953 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.112508059 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.126117945 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.126127958 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.145847082 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.145874023 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.145880938 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.145911932 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.145940065 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.145950079 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.145958900 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.146019936 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.146045923 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.151792049 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.151814938 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.151822090 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.151854038 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.151880026 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.151885033 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.151894093 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.151916027 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.151937962 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.163264990 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.163543940 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.163552046 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.164392948 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.164546013 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.165354013 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.165405035 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.165503979 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.165508986 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.174067974 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.175590038 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.175823927 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.175833941 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.176703930 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.176769972 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.177037001 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.177088976 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.177160978 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.177167892 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.185911894 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.186141968 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.186148882 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.187163115 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.187226057 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.187510014 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.187562943 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.187623978 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.187629938 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.188426018 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.188478947 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.188534021 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.189245939 CEST	49805	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.189260006 CEST	443	49805	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.189573050 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.189595938 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.189662933 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.189944983 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.189954996 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.193130970 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.193347931 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.193356037 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.194195986 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.194262028 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.194529057 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.194578886 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.194691896 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.194698095 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.206029892 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.222157955 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.229744911 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.229782104 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.229840994 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.229861975 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.229882002 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.230370045 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.231632948 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.231664896 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.231719971 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.231726885 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.231753111 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.231775045 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.235761881 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.235783100 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.235866070 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.235874891 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.235901117 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.235918999 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.238044977 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.238046885 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.239933968 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.239947081 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.240046978 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.240051985 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.240106106 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.271084070 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.275913000 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.275919914 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.275928974 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.276014090 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.276021957 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.276077986 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.293720961 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.293781996 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.293833017 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.294600010 CEST	49809	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.294610977 CEST	443	49809	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.301536083 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.301593065 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.301640987 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.302495003 CEST	49810	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.302509069 CEST	443	49810	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.308650017 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.308821917 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.308873892 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.309483051 CEST	49811	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.309494972 CEST	443	49811	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.315315962 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.315340996 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.315419912 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.315443993 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.315522909 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.316085100 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.316107035 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.316154003 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.316159964 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.316200972 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.316210985 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.317262888 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.317285061 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.317344904 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.317351103 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.317397118 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.318180084 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.318201065 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.318253994 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.318260908 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.318309069 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.321679115 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.321693897 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.321763039 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.321769953 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.321818113 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.322516918 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.322530031 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.322587967 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.322592974 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.322638988 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.323194981 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.323208094 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.323266983 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.323271036 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.323314905 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.326272011 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.326284885 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.326383114 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.326390028 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.326446056 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.361109972 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.361135006 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.361232996 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.361244917 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.361288071 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.363670111 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.363689899 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.363758087 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.363766909 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.363806009 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.364475012 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.364535093 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.364541054 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.364588022 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.364739895 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.364748001 CEST	443	49808	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.364768982 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.364790916 CEST	49808	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.371124029 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.371151924 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.371251106 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.371407032 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.371418953 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.402337074 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.402432919 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.402476072 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.402503967 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.402750969 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.402764082 CEST	443	49806	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.402771950 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.402816057 CEST	49806	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.409461975 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.409501076 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.409533024 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.409544945 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.409593105 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.409887075 CEST	49807	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.409897089 CEST	443	49807	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.512522936 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.512553930 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.512640953 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.512821913 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.512835026 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.520220995 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:34.520262957 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:34.520328999 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:34.520478010 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:34.520493984 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:34.521286964 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.521317959 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.521387100 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.521562099 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.521574020 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.708522081 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.708540916 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.708614111 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.718175888 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.718190908 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.724957943 CEST	49751	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:34.724978924 CEST	443	49751	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:34.725115061 CEST	49750	443	192.168.2.16	172.64.41.3
Aug 30, 2024 19:06:34.725152969 CEST	443	49750	172.64.41.3	192.168.2.16
Aug 30, 2024 19:06:34.727250099 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:34.727268934 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:34.727328062 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:34.727510929 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:34.727519035 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:34.741055012 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.742630959 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.742639065 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.742953062 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.749943018 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.750049114 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.750468016 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.792506933 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.864530087 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.864581108 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:34.864630938 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.879513979 CEST	49812	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:34.879528999 CEST	443	49812	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.032752991 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.033180952 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.033195972 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.033483028 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.033952951 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.034003019 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.034137964 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.070727110 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.070960045 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.070977926 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.071901083 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.072069883 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.073436022 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.073494911 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.073618889 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.073626995 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.076500893 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.120068073 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.163867950 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.164258003 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.164269924 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.165275097 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.165350914 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.166346073 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.166409016 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.166528940 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.166536093 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.168739080 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.168803930 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.168828964 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.168853998 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.168859005 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.168870926 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.168911934 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.168926001 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.168968916 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.169414043 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.169466019 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.169513941 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.169521093 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.170252085 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.170308113 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.170315981 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.175735950 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.175816059 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.175822973 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.179044008 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.179064989 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.179080009 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.179121017 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.179127932 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.179157019 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.179179907 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.187187910 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.187489986 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.187500954 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.187897921 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.188195944 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.188252926 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.188313961 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.215048075 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.231024027 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.232497931 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.242383957 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.242630005 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.242636919 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.243742943 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.244039059 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.244174004 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.244178057 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.244199991 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.244211912 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.244308949 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.255114079 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.255300045 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.255326986 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.255352020 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.255371094 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.255383968 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.255405903 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.255443096 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.255496025 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.255693913 CEST	49815	443	192.168.2.16	151.101.193.108
Aug 30, 2024 19:06:35.255709887 CEST	443	49815	151.101.193.108	192.168.2.16
Aug 30, 2024 19:06:35.267985106 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268004894 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268095970 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.268102884 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268157005 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.268594980 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268624067 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268652916 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268662930 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268676043 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.268678904 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268693924 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.268712044 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.268731117 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.268752098 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.270411015 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.270426035 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.270487070 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.270493031 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.270539999 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.295025110 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.355021000 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.355242968 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.355297089 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.355983019 CEST	49818	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:35.355997086 CEST	443	49818	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:35.356642962 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.356664896 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.356700897 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.356709957 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.356744051 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.356765032 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.357666016 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.357682943 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.357738018 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.357748032 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.357902050 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.358998060 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.359015942 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.359075069 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.359081984 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.359126091 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.359338045 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.359352112 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.359394073 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.359399080 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.359431982 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.359451056 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.361222029 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.361236095 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.361295938 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.361300945 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.361349106 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.363010883 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.363024950 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.363085985 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.363091946 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.363135099 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.363501072 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:35.363526106 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:35.363593102 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:35.364609957 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.364629984 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.364692926 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.365255117 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:35.365261078 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:35.365333080 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:35.365642071 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:35.365654945 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:35.366000891 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.366009951 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.366167068 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:35.366174936 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:35.386931896 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.387192011 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.387198925 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.388245106 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.388308048 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.389348030 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.389408112 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.389513969 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.389518976 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.434020042 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.440989971 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.441133976 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.441195011 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.441945076 CEST	49816	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.441958904 CEST	443	49816	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.445055008 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.445075989 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.445132017 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.445143938 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.445182085 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.445204020 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.446547031 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.446563005 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.446630955 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.446641922 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.446686983 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.447582960 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.447597980 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.447638035 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.447645903 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.447673082 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.447700024 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.448724031 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.448745966 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.448800087 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.448807001 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.448851109 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.449368954 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.449434996 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.449630022 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.449688911 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.449875116 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.449891090 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.449945927 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.449951887 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.450016022 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.451209068 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.451225042 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.451277018 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.451282978 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.451335907 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.453139067 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.453155041 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.453214884 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.453222036 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.453262091 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.453923941 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.453939915 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.453999996 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.454008102 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.454051018 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.454251051 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.454265118 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.454319954 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.454325914 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.454371929 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.455811024 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.455825090 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.455899000 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:35.455905914 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:35.455941916 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.583338022 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583422899 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583637953 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583652020 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583684921 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.583690882 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583729982 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.583739042 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583775997 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.583895922 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.583955050 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.583971977 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584115982 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584122896 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584213972 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584269047 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584284067 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584352970 CEST	49817	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584352970 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584366083 CEST	443	49817	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584376097 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584461927 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584600925 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584619999 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584661961 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584692001 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584697008 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584719896 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584719896 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584753036 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584769011 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584769964 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584794998 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584813118 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584841967 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584841967 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584850073 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584887981 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.584891081 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.584925890 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.585031033 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.585527897 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.585544109 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.585634947 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.585655928 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.585660934 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.585695982 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.585819006 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.586045027 CEST	49814	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.586049080 CEST	443	49814	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.586371899 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.586386919 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.586457014 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.586462975 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.586491108 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.586576939 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.588432074 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:36.588445902 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:36.588749886 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.589052916 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:36.589056015 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.589071989 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.589416027 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.589449883 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:36.589459896 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:36.590054035 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.590054989 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.590060949 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.590132952 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.590238094 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.590285063 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.590285063 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.590308905 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.590456963 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.590466022 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.598921061 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.598936081 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.599258900 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.599270105 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.599472046 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.599993944 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.600008965 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.600097895 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.600104094 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.600163937 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.600347996 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.600363016 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.600581884 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.600586891 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.600864887 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.601569891 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.601584911 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.601681948 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.601689100 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.601753950 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.601772070 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.601788044 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.601794004 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.601804018 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.601869106 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.602080107 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.602101088 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.602209091 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.602215052 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.602375031 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.602659941 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.602674007 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.602859974 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.602865934 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.603040934 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.603307009 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.603322983 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.603416920 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.603423119 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.603504896 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.603689909 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.603703976 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.603921890 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.603929043 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.604185104 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.604399920 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.604413986 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.604605913 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.604612112 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.604751110 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.605060101 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.605074883 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.605247021 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.605252981 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.605365038 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.605760098 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.605773926 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.606056929 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.606064081 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.606215954 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.606307983 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.606323004 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.606373072 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.606376886 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.606399059 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.606779099 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.607137918 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.607152939 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.607264996 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.607270956 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.607501984 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.609086990 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.609102964 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.609201908 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.609208107 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.609333038 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.609415054 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.609431028 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.609582901 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.609589100 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.609708071 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.609989882 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.610003948 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.610110998 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.610116959 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.610251904 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.610270977 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.610287905 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.610294104 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.610306025 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.610375881 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.611210108 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.611223936 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.611443996 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.611449957 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.611705065 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.611725092 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.611741066 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.611886024 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.611891985 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.611972094 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.612577915 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.612596989 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.612776041 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.612782955 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.612972021 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.613359928 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.613375902 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.613521099 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.613534927 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.613652945 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.613743067 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.613756895 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.613825083 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.613825083 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.613831997 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.613946915 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.614326954 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.614341021 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.614491940 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.614496946 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.614696026 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.614705086 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.614718914 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.614800930 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.614800930 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.614805937 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615011930 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615088940 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615103006 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615185022 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615185022 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615191936 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615339994 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615350008 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615354061 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615380049 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615410089 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615417004 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615444899 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615485907 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615588903 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615602016 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615693092 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615698099 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615813971 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.615838051 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.615853071 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616130114 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616134882 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616144896 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616161108 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616190910 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616195917 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616224051 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616290092 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616302967 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616322041 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616327047 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616348028 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616355896 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616365910 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616395950 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616400957 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616447926 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616447926 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.616978884 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.616997004 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617079973 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617084980 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617115974 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617187023 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617351055 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617364883 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617433071 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617439032 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617464066 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617554903 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617572069 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617587090 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617590904 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617603064 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617633104 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617877007 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617893934 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617968082 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.617974043 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.617983103 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618001938 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618005991 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618040085 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618046045 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618073940 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618143082 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618467093 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618480921 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618537903 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618542910 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618609905 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618626118 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618695974 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618695974 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.618702888 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.618989944 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619002104 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619019985 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619024992 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619057894 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619271994 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619290113 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619307995 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619312048 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619334936 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619471073 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619615078 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619627953 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619695902 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619702101 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619757891 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.619970083 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.619982958 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620129108 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620135069 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620260954 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620279074 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620291948 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620296001 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620312929 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620357990 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620456934 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620470047 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620667934 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620673895 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620784998 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620801926 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620809078 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620815039 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620863914 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620863914 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.620966911 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.620980978 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621076107 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621081114 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621167898 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621412992 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621427059 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621558905 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621562958 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621581078 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621598005 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621614933 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621618986 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621634007 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621694088 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621764898 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621778965 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.621903896 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.621908903 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622138023 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622359037 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622380018 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622442961 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622447968 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622474909 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622539043 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622555017 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622569084 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622571945 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622584105 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622637987 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622664928 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622678995 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622750044 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622750044 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.622759104 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.622873068 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623184919 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623198986 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623270988 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623270988 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623275995 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623357058 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623368025 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623380899 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623450041 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623450041 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623455048 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623537064 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623553991 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623568058 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623573065 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.623584986 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.623670101 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624123096 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624138117 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624219894 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624219894 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624223948 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624308109 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624325037 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624398947 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624398947 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624404907 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624438047 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624450922 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624530077 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624530077 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624536037 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624543905 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624563932 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624574900 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624578953 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.624602079 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.624830008 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.625240088 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.625258923 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.625300884 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.625334024 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.625334024 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.625339031 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.625363111 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.625364065 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.625418901 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.625418901 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.626117945 CEST	49813	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.626126051 CEST	443	49813	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.696336031 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.696686983 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.696697950 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.697715998 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.697863102 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.699856043 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.699858904 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:36.699889898 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:36.699918985 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.700092077 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.700325966 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:36.700325966 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:36.700359106 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:36.731817007 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:36.731853008 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:36.732007980 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:36.732105017 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:36.732115030 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:36.740498066 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.750093937 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.750099897 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.783377886 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.786611080 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.786618948 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.787745953 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.787851095 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.788832903 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.788897991 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.789036036 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.798063040 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.798095942 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.798156977 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.801655054 CEST	49821	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:36.801666975 CEST	443	49821	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:36.830044985 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.830053091 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.878066063 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.878376961 CEST	49697	80	192.168.2.16	199.232.210.172
Aug 30, 2024 19:06:36.878376961 CEST	49698	80	192.168.2.16	199.232.210.172
Aug 30, 2024 19:06:36.884641886 CEST	80	49697	199.232.210.172	192.168.2.16
Aug 30, 2024 19:06:36.884747982 CEST	49697	80	192.168.2.16	199.232.210.172
Aug 30, 2024 19:06:36.885328054 CEST	80	49698	199.232.210.172	192.168.2.16
Aug 30, 2024 19:06:36.885407925 CEST	49698	80	192.168.2.16	199.232.210.172
Aug 30, 2024 19:06:36.905106068 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.905177116 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:36.906553984 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.906553984 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:36.915564060 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.915582895 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.915599108 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.915703058 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.915718079 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.915797949 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.930383921 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.930398941 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.930490017 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.930490017 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.930497885 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.974379063 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.988806009 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.988827944 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.989075899 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:36.989087105 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:36.989177942 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.007576942 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.007606983 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.007689953 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.007993937 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.008007050 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.027626991 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.027647018 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.027759075 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.027777910 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.028008938 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.028892994 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.028908014 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.029027939 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.029033899 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.029139042 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.030889034 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.030906916 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.031117916 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.031124115 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.031194925 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.093571901 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.093591928 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.093708038 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.093708038 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.093727112 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.093940973 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.113858938 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.113893986 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.113972902 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.113993883 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.113993883 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.114377975 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.115490913 CEST	49819	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.115505934 CEST	443	49819	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.122865915 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.128155947 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.128170967 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.128504038 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.133166075 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.133166075 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.133193970 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.133232117 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.133238077 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.133275986 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.133305073 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.162825108 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.163608074 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.163615942 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.164652109 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.165520906 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.171216011 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.171216011 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.171226978 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.171278000 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.215054989 CEST	49820	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.215086937 CEST	443	49820	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.215118885 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.215131044 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.250127077 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.250446081 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.250457048 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.250787973 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.251272917 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.251274109 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.251281977 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.251327038 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.259016037 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.259125948 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.259299994 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.259613037 CEST	49822	443	192.168.2.16	4.152.133.8
Aug 30, 2024 19:06:37.259622097 CEST	443	49822	4.152.133.8	192.168.2.16
Aug 30, 2024 19:06:37.261250973 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.261293888 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.261451006 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.261773109 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.261786938 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.263151884 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.282427073 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.282556057 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.282584906 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.282591105 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.282747030 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.295067072 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.322668076 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.323060036 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.323084116 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.323448896 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.323612928 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.324172020 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.324430943 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.325225115 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.325292110 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.325438976 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.325444937 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.369863987 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.369874001 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.369910002 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.369923115 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.369934082 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.369956970 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.369997978 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.370018959 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.371532917 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.371547937 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.371578932 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.371623039 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.371649027 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.371661901 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.372579098 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.372592926 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.372662067 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.372674942 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.375044107 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.423036098 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.440280914 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.440299988 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.440403938 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.440412045 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.440469980 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.441220999 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.441227913 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.441296101 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.441303015 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.445099115 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.445161104 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.445167065 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.456809044 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.456816912 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.456856966 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.456893921 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.456899881 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.456923008 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.456940889 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.456968069 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.458210945 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.458229065 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.458288908 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.458311081 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.458324909 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.458364964 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.459260941 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.459280014 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.459358931 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.459377050 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.459435940 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.462291002 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.462305069 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.462369919 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.462382078 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.462431908 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.486032963 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.488024950 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.488290071 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.488301992 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.489392042 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.489464045 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.490367889 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.490447044 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.490535021 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.490542889 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.529863119 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.531217098 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.531228065 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.531291962 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.531300068 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.531899929 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.531936884 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.531960011 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.531965971 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.532006979 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.532757044 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.532819986 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.532825947 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533523083 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533576012 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533585072 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.533590078 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533629894 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.533633947 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533644915 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533688068 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.533771992 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.533782005 CEST	443	49825	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:37.533790112 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.533834934 CEST	49825	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:37.537273884 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.537298918 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.537374973 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.537569046 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.537589073 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.543045044 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543112993 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543379068 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543417931 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543431997 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543447971 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543463945 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543466091 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543493986 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543503046 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543529987 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543623924 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543657064 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543664932 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543673038 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.543709040 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.543728113 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.544294119 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.544329882 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.544364929 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.544378996 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.544392109 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.544433117 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.544543982 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.544559956 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.544615030 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.544622898 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.544662952 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.545737028 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.545753002 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.545809984 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.545818090 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.545847893 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.545867920 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.546612024 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.546633005 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.546667099 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.546705961 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.546705961 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.546715975 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.546736002 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.546766043 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.547597885 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.547632933 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.547666073 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.547676086 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.547689915 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.547744989 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.602010012 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.602047920 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.602057934 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.602075100 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.602096081 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.602124929 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.602134943 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.602181911 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.629852057 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.629870892 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.629947901 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.629971981 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.630018950 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.630316973 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.630382061 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.630387068 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.630433083 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.630537987 CEST	49824	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:37.630558014 CEST	443	49824	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:37.633898973 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.633917093 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.633975983 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.634216070 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.634227991 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.645049095 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.684504986 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.684529066 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.684557915 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.684593916 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.684602976 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.684655905 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.687187910 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.687252998 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.687567949 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.687638998 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.687644958 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.687664032 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.687726974 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.687849998 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.687863111 CEST	443	49827	23.200.3.23	192.168.2.16
Aug 30, 2024 19:06:37.687870026 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.687911987 CEST	49827	443	192.168.2.16	23.200.3.23
Aug 30, 2024 19:06:37.690982103 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.690998077 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.691051960 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.691354036 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.691365957 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.867985010 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.868365049 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.868381977 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.868742943 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.869709015 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.869771957 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.869873047 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.869887114 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:37.869900942 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:37.951107979 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.951137066 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.951173067 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.951195955 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.951217890 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.951220989 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.951236963 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:37.951248884 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.951271057 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:37.951282978 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.283930063 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.283940077 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.283993006 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.284032106 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.284041882 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.284069061 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.284092903 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.284348011 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:38.284420967 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.284431934 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:38.284437895 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.284514904 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.284519911 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.284521103 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:38.284562111 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.284965992 CEST	49828	443	192.168.2.16	40.118.171.167
Aug 30, 2024 19:06:38.284980059 CEST	443	49828	40.118.171.167	192.168.2.16
Aug 30, 2024 19:06:38.286351919 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.286379099 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.286448956 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.286627054 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.286638975 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.291712046 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.291731119 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.291785955 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.291793108 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.291832924 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.295247078 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.295264006 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.295792103 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.295795918 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.295839071 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.296705008 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.296726942 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.296785116 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.296789885 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.296829939 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.298566103 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.298580885 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.298645973 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.298650980 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.298753977 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.300457954 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.300473928 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.300518036 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.300522089 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.300597906 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.301819086 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.301834106 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.301903963 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.301908970 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.301953077 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.302473068 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.302486897 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.302526951 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.302531958 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.302562952 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.302581072 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.303121090 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.303170919 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.303179026 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.303258896 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.303508043 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.303522110 CEST	443	49823	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.303534031 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.303564072 CEST	49823	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.308808088 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.308821917 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.308892012 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.309084892 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.309093952 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.468087912 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.468497038 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.468511105 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.468879938 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.469309092 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.469369888 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.469376087 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.469398022 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.469650984 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.469657898 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.470010996 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.470377922 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.470446110 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.470479965 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.477883101 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.478108883 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.478125095 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.479266882 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.479412079 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.479712009 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.479793072 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.479866028 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.512490034 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.512501955 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.520499945 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.522036076 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.522077084 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.522077084 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.522084951 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.570102930 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.591305017 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591335058 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591341019 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591372967 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591383934 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591392994 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591408968 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.591418982 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.591450930 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.591505051 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.649779081 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649795055 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649811029 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649827003 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649841070 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649852037 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649873972 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.649889946 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.649918079 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.650113106 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.678914070 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.678935051 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.679013014 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.679020882 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.679094076 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.681355000 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.681370020 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.681512117 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.681518078 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.681705952 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.682667971 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682693958 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682704926 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682723045 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682737112 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682746887 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682769060 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.682776928 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.682801962 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.683043957 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.731729031 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.731739044 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.731767893 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.731803894 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.731864929 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.731872082 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.731920004 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.741333961 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.741350889 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.741441011 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.741441011 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.741453886 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.741529942 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.765707970 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.765724897 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.765773058 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.765779018 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.765810966 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.765839100 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.767050982 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.767065048 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.767337084 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.767342091 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.767432928 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.768457890 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.768487930 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.768565893 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.768565893 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.768572092 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.768701077 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.769021988 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.769036055 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.769120932 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.769125938 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.769247055 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.769963980 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.769978046 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.770128012 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.770133018 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.770169973 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.770198107 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.770212889 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.770277023 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.770282984 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:38.770378113 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:38.776556969 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.776838064 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.776849031 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.777838945 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.777932882 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.779324055 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.779324055 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.779335976 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.779385090 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.825242996 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:38.825251102 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:38.872145891 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.011293888 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011307001 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011344910 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011413097 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011429071 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011470079 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011497021 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011540890 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011559963 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011630058 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011630058 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011636019 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011743069 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011857986 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011873007 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011921883 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.011959076 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.011965036 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012006998 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012262106 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012310982 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012320042 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012366056 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012411118 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012425900 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012455940 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012511015 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012588024 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012609959 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012780905 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012784004 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012794018 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012820959 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012857914 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012864113 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.012890100 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.012931108 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013294935 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013308048 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013351917 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013379097 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013428926 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013461113 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013465881 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013497114 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013555050 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013571024 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013573885 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013588905 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013617039 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013676882 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013695955 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013710976 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013716936 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.013729095 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.013788939 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.014345884 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014415979 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014452934 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014487028 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014520884 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.014535904 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014547110 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.014594078 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014620066 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014669895 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014697075 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014699936 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.014705896 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014759064 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.014800072 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.014806986 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.015206099 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.016429901 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.016761065 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.016768932 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.017115116 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.017644882 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.017663002 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.017833948 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.017841101 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.018383980 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.018446922 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.018476963 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.019012928 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019031048 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019138098 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.019145966 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019171000 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019190073 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019268036 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.019268036 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.019274950 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019866943 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019892931 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019932032 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.019959927 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.019970894 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.019989014 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.019996881 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.020068884 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.020121098 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.020132065 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.020411968 CEST	49832	443	192.168.2.16	151.101.193.229
Aug 30, 2024 19:06:39.020426989 CEST	443	49832	151.101.193.229	192.168.2.16
Aug 30, 2024 19:06:39.023089886 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.023117065 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.023261070 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.023415089 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.023428917 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.030421972 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.030440092 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.030560017 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.030565023 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.030715942 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.042604923 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.042628050 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.042735100 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.042735100 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.042746067 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.042912006 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.042932034 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043225050 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043243885 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043374062 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043394089 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043409109 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043431997 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043433905 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043452978 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043452978 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043472052 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043472052 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043482065 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043487072 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043498993 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043526888 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043526888 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043533087 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043557882 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043586969 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043586969 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043598890 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043597937 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043613911 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043636084 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043646097 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043668985 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043685913 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043713093 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043716908 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043737888 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043737888 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043751001 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043768883 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043777943 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043782949 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043792009 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043804884 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.043807983 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043880939 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043880939 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.043888092 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045141935 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045147896 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045160055 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045173883 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045232058 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045232058 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045243025 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045249939 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045277119 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045277119 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045277119 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045300961 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045310020 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045320988 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045321941 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045341015 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045345068 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045345068 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045366049 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045397997 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045398951 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045403004 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045438051 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045468092 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045486927 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045547962 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045548916 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045553923 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045573950 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045587063 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.045607090 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045653105 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045653105 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.045659065 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.047954082 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.047972918 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048000097 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048012018 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048023939 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048026085 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048044920 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048049927 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048078060 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048099995 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048099995 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048106909 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048131943 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048146963 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048165083 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048165083 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048173904 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048207998 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048228979 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048257113 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048259020 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048316956 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048316956 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048322916 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.048425913 CEST	49831	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048425913 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.048439026 CEST	443	49831	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051498890 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.051521063 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051542044 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051561117 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051639080 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.051645041 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.051652908 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051795959 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.051806927 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051839113 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.051847935 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.051871061 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052087069 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052093983 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052149057 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052162886 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052185059 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052231073 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052231073 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052236080 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052366018 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052470922 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052495003 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052544117 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052548885 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.052578926 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.052634954 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.053913116 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.053926945 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.054028988 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.054034948 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.054096937 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.054300070 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.054317951 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.054382086 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.054388046 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.054717064 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.055077076 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.055099964 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.055315018 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.055330038 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.055344105 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.055351019 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.055418968 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.055418968 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.055418968 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.055424929 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.055893898 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.056080103 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.056102037 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.056160927 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.056169987 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.056452036 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.056467056 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.056519985 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.056519985 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.056526899 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.056555033 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.056574106 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.057493925 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.057512999 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.057682991 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.057689905 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.057707071 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.057730913 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.057749033 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.057823896 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.057827950 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.057920933 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.058367014 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.058386087 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.058454037 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.058454037 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.058459997 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.058540106 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.058630943 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.058644056 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.058707952 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.058707952 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.058712959 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.058814049 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.060496092 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.063167095 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.120457888 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.120477915 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.120719910 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.120742083 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.120754004 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.120774031 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.120811939 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.120819092 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.120842934 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.120909929 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.121112108 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.121154070 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.121195078 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.121198893 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.121226072 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.121254921 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.121404886 CEST	49829	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.121417046 CEST	443	49829	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.124310017 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.124346018 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.124398947 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.124413013 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.124429941 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.124466896 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.124567986 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.125185013 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.125201941 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.125340939 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.125430107 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.125449896 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.125488043 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.125499964 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.125539064 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.125544071 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.126178026 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.126200914 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.126240969 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.126247883 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.126269102 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.126677990 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.126703024 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.126813889 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.126820087 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.127841949 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.127873898 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.127912045 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.127918005 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.127939939 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.128343105 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.128360033 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.128456116 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.128457069 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.128464937 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.129419088 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.129441977 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.129518032 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.129518032 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.129523993 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147116899 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147136927 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147170067 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147182941 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147202015 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147203922 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.147214890 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.147242069 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.147340059 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.175074100 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212331057 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212354898 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212440014 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212454081 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212469101 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212496996 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212500095 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212508917 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212527037 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212744951 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212851048 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212871075 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.212953091 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212953091 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.212960005 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.213429928 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.213474035 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.213491917 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.213696003 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.213701963 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.213860035 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.214082956 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.214098930 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.214175940 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.214175940 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.214184999 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.214289904 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.214396954 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.214412928 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.214490891 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.214497089 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.215292931 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.215311050 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.215337992 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.215343952 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.215400934 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.215400934 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.217114925 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.217130899 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.217216969 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.217216969 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.217223883 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.217340946 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.229891062 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.229921103 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.230058908 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.230058908 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.230067968 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.230181932 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.231857061 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.231873989 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.232033014 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.232039928 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.232165098 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.299640894 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.299679041 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.299913883 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.299937963 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300126076 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300144911 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300158024 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300163984 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300177097 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300224066 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300338984 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300354004 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300415993 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300415993 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300422907 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300513983 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300812960 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300828934 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.300970078 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.300975084 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.301103115 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.301223993 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.301240921 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.301352024 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.301358938 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.301408052 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.301985025 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.302006006 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.302119017 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.302124977 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.302237988 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.302603006 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.302618027 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.302695990 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.302695990 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.302700996 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.304574966 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.304594040 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.304766893 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.304773092 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.304912090 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.317254066 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.317272902 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.317375898 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.317375898 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.317385912 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.317905903 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.317925930 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.318027020 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.318027020 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.318034887 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.318384886 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.318659067 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.318675041 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.318756104 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.318763018 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.319031954 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.319631100 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.319648981 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.319860935 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.319871902 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.319964886 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388022900 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388048887 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388113976 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388123989 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388165951 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388248920 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388268948 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388322115 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388328075 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388520956 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388562918 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388581038 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388634920 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388642073 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388727903 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388834000 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388858080 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388922930 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.388927937 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.388992071 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.389113903 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.389133930 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.389178991 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.389184952 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.389208078 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.389231920 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.389858961 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.389875889 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.389933109 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.389938116 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.389990091 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.390182018 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.390202045 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.390245914 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.390252113 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.390275955 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.390306950 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.392311096 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.392327070 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.392398119 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.392402887 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.392467976 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.404603958 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.404623032 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.404683113 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.404690027 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.404725075 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.404743910 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.405092955 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.405108929 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.405179024 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.405186892 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.405227900 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406131029 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406146049 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406224012 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406229019 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406291008 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406378031 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406393051 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406421900 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406450987 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406455994 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406483889 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406502962 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.406550884 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406827927 CEST	49833	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.406841993 CEST	443	49833	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.411602020 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.411633968 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.411822081 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.412049055 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.412065029 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475498915 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475518942 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475584030 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.475601912 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475649118 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.475759983 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475776911 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475857019 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.475866079 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475950003 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.475975990 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.475992918 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476079941 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.476085901 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476249933 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.476285934 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476304054 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476370096 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.476376057 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476520061 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.476638079 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476656914 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476702929 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.476715088 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.476732016 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.476747036 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.477246046 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.477262020 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.477319002 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.477324963 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.477438927 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.477705002 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.477724075 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.477771044 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.477777004 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.477804899 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.477812052 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.479679108 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.479696989 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.479752064 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.479759932 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.479945898 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.562942982 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.562966108 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563069105 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.563095093 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563146114 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.563381910 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563400984 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563458920 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.563466072 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563673973 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563694954 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563730001 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.563735962 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.563751936 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.563780069 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.564137936 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.564157963 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.564209938 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.564215899 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.564503908 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.564523935 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.564563990 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.564570904 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.564585924 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.564619064 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.565340996 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.565356970 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.565404892 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.565412998 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.565784931 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.565804958 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.565838099 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.565844059 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.565865040 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.565887928 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.567282915 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.567297935 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.567357063 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.567362070 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.570409060 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.623466015 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:39.623501062 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:39.623581886 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:39.625355005 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:39.625365019 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:39.651842117 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.651865005 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.651913881 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.651921988 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.651957035 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.651973963 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.652040958 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.652055979 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.652100086 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.652107000 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.652472019 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.652497053 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.652524948 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.652530909 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.652554989 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.652581930 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.653126955 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653146982 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653189898 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.653197050 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653501987 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653521061 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653548956 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.653556108 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653567076 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653589010 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.653589964 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653613091 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.653619051 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.653630972 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.653655052 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.654395103 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.654727936 CEST	49830	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.654740095 CEST	443	49830	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.662611961 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.662636042 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.662970066 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.664558887 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.664571047 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.692883015 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.693178892 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.693193913 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.693571091 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.693914890 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.693977118 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.694082975 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.706398964 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.706654072 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.706662893 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.707142115 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.707588911 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.707658052 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.707752943 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.736501932 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.752499104 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.802872896 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.803190947 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.803200006 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.803491116 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.803813934 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.803863049 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.803997040 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.841610909 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.841681004 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.841730118 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.841739893 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.841794014 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.842132092 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.842243910 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.842294931 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.843271971 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.843285084 CEST	443	49834	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.843291998 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.843540907 CEST	49834	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.844504118 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.871860027 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.871884108 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.871898890 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.871958971 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.871973991 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.872061014 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.872601986 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.872641087 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.872840881 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.873043060 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.873055935 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.876058102 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.876085043 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.876153946 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.876315117 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.876328945 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.880222082 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.880230904 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.880285025 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.880810022 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.880820990 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.881263971 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.881273031 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.881383896 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.881586075 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.881588936 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.938913107 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.938930988 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.938946962 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.939014912 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.939029932 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.939135075 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.970979929 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.971000910 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.971091032 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.971103907 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.971189976 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.973839998 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.973859072 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.973912001 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:39.973920107 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:39.973973036 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.030661106 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.030683041 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.030755997 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.030771017 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.030813932 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.032504082 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.032517910 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.032587051 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.032593012 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.032653093 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.056768894 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.056793928 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.056900978 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.056915045 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.056977987 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.057434082 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.057451010 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.057507038 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.057513952 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.057555914 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.057965994 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.057982922 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.058053017 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.058060884 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.058209896 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.059057951 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.059072971 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.059111118 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.059118032 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.059148073 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.059161901 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.073890924 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.074153900 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.074167013 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.074502945 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.074812889 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.074876070 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.074961901 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.120501995 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121175051 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121200085 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121289015 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.121315956 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121666908 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121685028 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121743917 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.121753931 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.121767044 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.121810913 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.122385025 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.122400999 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.122456074 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.122464895 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.122718096 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.144365072 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.144385099 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.144596100 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.144608974 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.144663095 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.144798994 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.144814968 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.144867897 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.144876957 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.145049095 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.145662069 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.145678043 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.145737886 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.145744085 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.145953894 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.146025896 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.146049976 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.146095991 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.146104097 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.146464109 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.146838903 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.146853924 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.146914959 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.146920919 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.147231102 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.147744894 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.147761106 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.147824049 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.147830009 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.148031950 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.149877071 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.149893999 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.149950027 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.149955988 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.150202990 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.195225954 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.195245981 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.195267916 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.195314884 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.195323944 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.195344925 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.195370913 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.218317032 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.218333960 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.218522072 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.218544960 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.218607903 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.218714952 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.218729019 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.218784094 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.218791008 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219021082 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.219054937 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219068050 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219115019 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.219122887 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219326973 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.219511986 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219527006 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219583035 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.219589949 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.219789028 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.224445105 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.224459887 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.224519968 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.224528074 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.224725962 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.224742889 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.224795103 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.224802017 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.225071907 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.225219011 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.225230932 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.225289106 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.225296021 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.225511074 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.232683897 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.232702017 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.232779026 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.232785940 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.232846975 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.232865095 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.232903957 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.232911110 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.232933044 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.232954025 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.233086109 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.233099937 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.233150005 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.233156919 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.233266115 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.233289957 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.233326912 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.233336926 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.233355045 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.233378887 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.234143019 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.234157085 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.234209061 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.234216928 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.234407902 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.234518051 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.234539032 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.234596014 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.234602928 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.234818935 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.237611055 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.237857103 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.237868071 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.238270998 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.238286018 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.238360882 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.238367081 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.238734007 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.238765955 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.238836050 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.239665031 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.239756107 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.239875078 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.280499935 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.280920982 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.280939102 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.281043053 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.281050920 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.281780005 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.283020973 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.283036947 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.283099890 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.283107042 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.283561945 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.285077095 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.285089016 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.295972109 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.295989990 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.296089888 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.296116114 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.296562910 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.296564102 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.296572924 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.296591997 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.296623945 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.296632051 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.296664953 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.296680927 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.302643061 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.302656889 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.302722931 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.302751064 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.302988052 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.303415060 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.303428888 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.303491116 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.303498983 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.303692102 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.304358006 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.304373026 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.304425001 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.304431915 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.304526091 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.304837942 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.304852009 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.304908037 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.304915905 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.305155039 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.305474043 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.305489063 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.305546045 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.305552959 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.305742979 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.319386005 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319407940 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319499016 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.319505930 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319700956 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319720030 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319869041 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.319869041 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.319876909 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319969893 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.319983959 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320049047 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320058107 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320271969 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320322037 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320337057 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320384979 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320390940 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320420027 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320436954 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320476055 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320487022 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320502043 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320534945 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320842028 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320853949 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320918083 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.320925951 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320981026 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.320995092 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.321036100 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.321042061 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.321069002 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.321090937 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.321544886 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.321558952 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.321618080 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.321624994 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.321816921 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.333079100 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.336271048 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.336621046 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.336647034 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.337625027 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.337702036 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.337970018 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.338030100 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.338114977 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.345542908 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.345568895 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.345655918 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.345669031 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.346204042 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.366693020 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.366709948 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.366770029 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.366780996 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.366811991 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.366833925 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.367799044 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.367815971 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.367891073 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.367898941 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.367995024 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.369358063 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.369375944 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.369429111 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.369435072 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.369460106 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.369472980 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.370486021 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.370500088 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.370560884 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.370568037 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.370618105 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.381068945 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.381095886 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.387377024 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.387429953 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.387463093 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.387490034 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.387511969 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.387516975 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.387562990 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.387974024 CEST	49836	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.388003111 CEST	443	49836	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.391165018 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.391201973 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.391266108 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.391457081 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.391463041 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.396698952 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.397712946 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.397794962 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.397866011 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.397866011 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.397883892 CEST	443	49838	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.398463964 CEST	49838	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.398864031 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.398891926 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.398960114 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.399243116 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:40.399250031 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:40.407268047 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.407288074 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.407382011 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.407401085 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.407784939 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.407901049 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.407917976 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.407970905 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.407978058 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.408194065 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.408214092 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.408236027 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.408273935 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.408281088 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.408301115 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.408325911 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.408909082 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.408926964 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.408992052 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.408999920 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.409183025 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.409454107 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.409471035 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.409526110 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.409533024 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.409710884 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.409965038 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.409981966 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.410044909 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.410051107 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.410239935 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.410360098 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.410376072 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.410429001 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.410434961 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.410456896 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.410480976 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.411031961 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.411070108 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.411088943 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.411098003 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.411120892 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.411135912 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.411230087 CEST	49835	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.411242008 CEST	443	49835	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.413829088 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.413861990 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.413995981 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.414124966 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.414139986 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.429052114 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.449232101 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.449438095 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.450587034 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.450742960 CEST	49839	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.450759888 CEST	443	49839	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.452140093 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:40.452157974 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.452555895 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:40.452713013 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:40.452725887 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.453459024 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.453479052 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.453547001 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.453556061 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.454140902 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.454164028 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.454168081 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.454184055 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.454195023 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.454224110 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.454247952 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.455020905 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.455034971 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.455096960 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.455104113 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.455498934 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.455936909 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.455955982 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.456017971 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.456023932 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.456389904 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.458587885 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.458602905 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.458664894 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.458669901 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.459047079 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.459369898 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.459384918 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.459440947 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.459448099 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.459810019 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.460352898 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.460370064 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.460432053 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.460437059 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.460787058 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.536907911 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.537153006 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.537168026 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.538414955 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.538486004 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.538724899 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.538784981 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.538849115 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.538856030 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.563889027 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.564119101 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.564126968 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.565119028 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.565196037 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.565433025 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.565491915 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.565582991 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.570749998 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.570770979 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.570864916 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.570874929 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571115971 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571140051 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571176052 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.571182013 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571196079 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.571228027 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.571531057 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571549892 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571614027 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.571619987 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571870089 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571892977 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571923971 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.571929932 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.571959972 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.571989059 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.572021961 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.572078943 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.572078943 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.572612047 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.572617054 CEST	443	49837	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.572633982 CEST	49837	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.573987007 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.575596094 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.575608015 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.576562881 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.576638937 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.576814890 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.577022076 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.577075005 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.577224016 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.577230930 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.577306986 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.577313900 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.577558994 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.577943087 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.578011036 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.578116894 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.588059902 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.608500004 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.620178938 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.620179892 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.620183945 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.624497890 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.668047905 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.701409101 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.701442003 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.701474905 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.701494932 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.701505899 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.701549053 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.701555967 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.701715946 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.701715946 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.703450918 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.704109907 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.704189062 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.704803944 CEST	49841	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.704817057 CEST	443	49841	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.734194994 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.734308958 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.734425068 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.735404015 CEST	49840	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.735418081 CEST	443	49840	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.738259077 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.738280058 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.738382101 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.738558054 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.738570929 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.787517071 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.787544966 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.787585020 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.787650108 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.787656069 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.787707090 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.788014889 CEST	49842	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.788024902 CEST	443	49842	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.791085005 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.791110992 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.791188002 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.791352987 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:40.791367054 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:40.932986021 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.933696032 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:40.933722019 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.934050083 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.934494972 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:40.934555054 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.934629917 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:40.976515055 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:40.986215115 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:41.055685997 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.055969000 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.055985928 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.056874990 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.056946039 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.057195902 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.057285070 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.057347059 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.057352066 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.057367086 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.066787958 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:41.066842079 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:41.067116022 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:41.067332029 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.067372084 CEST	49847	443	192.168.2.16	68.67.179.87
Aug 30, 2024 19:06:41.067385912 CEST	443	49847	68.67.179.87	192.168.2.16
Aug 30, 2024 19:06:41.067768097 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.067789078 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.068079948 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.068593025 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.068650007 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.069065094 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.069499016 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.069523096 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.069603920 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.069819927 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.069833994 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.098053932 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.098062038 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.112504959 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.166134119 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.166397095 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.166409016 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.166693926 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.166987896 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.167045116 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.167181969 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.177012920 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.177985907 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.178106070 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.179050922 CEST	49845	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.179064035 CEST	443	49845	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.183047056 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.183109999 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.183181047 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.183984995 CEST	49844	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.184000969 CEST	443	49844	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.185620070 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.185656071 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.185750008 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.185935974 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.185949087 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.197982073 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.198004961 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.198039055 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.198052883 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.198065996 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.198097944 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.198112011 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.198148012 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.198177099 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.212496042 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.289628029 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.289653063 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.289772987 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.289788008 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.290196896 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.291004896 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.291019917 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.291079044 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.291085958 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.291333914 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.379508972 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.379580021 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.379599094 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.379776001 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.379776001 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.380039930 CEST	49843	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.380057096 CEST	443	49843	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.395965099 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.396220922 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.396248102 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.396550894 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.396830082 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.396891117 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.396954060 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.441584110 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.441922903 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.441935062 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.442226887 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.442497015 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.442553043 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.442630053 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.444498062 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.488497972 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.510874987 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.510905981 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.510997057 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.511163950 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:41.511174917 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:41.516094923 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.516159058 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.516215086 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.516567945 CEST	49848	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.516583920 CEST	443	49848	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.518764973 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.518784046 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.518863916 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.519009113 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.519017935 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.563040972 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.563065052 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.563077927 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.563170910 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.563186884 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.563339949 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.650958061 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.650974989 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.651210070 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.651222944 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.651276112 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.653372049 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.653387070 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.653464079 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.653471947 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.653516054 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.706593037 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.706888914 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.706898928 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.707187891 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.707483053 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.707540989 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.707626104 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.739751101 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.739767075 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.739891052 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.739901066 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.740087032 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.741014004 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.741029024 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.741096973 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.741106987 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.741158009 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.741190910 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.741242886 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.741256952 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.741290092 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.741509914 CEST	49849	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.741524935 CEST	443	49849	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.744790077 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.744815111 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.744890928 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.745281935 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.745291948 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.752500057 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.756386995 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.756628036 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.756640911 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.757141113 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.757441998 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.757577896 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.757584095 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.757654905 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:41.807090998 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:41.811156988 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.811180115 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.811196089 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.811315060 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:41.811338902 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:41.811391115 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.227639914 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.227663994 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.227699995 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.227739096 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.227751017 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.227787971 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.227819920 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.227885962 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.227890968 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.227916956 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.227956057 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.227982044 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.228003979 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228022099 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228079081 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.228085995 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228132963 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.228445053 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228467941 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228487015 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228523970 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.228532076 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.228557110 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.228579998 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.229186058 CEST	49851	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.229199886 CEST	443	49851	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.236644030 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.236663103 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.236747980 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.236752033 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.236800909 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.237097979 CEST	49850	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.237109900 CEST	443	49850	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.239120960 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.239137888 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.239208937 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.239217997 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.239264011 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.242007971 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.242027044 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.242078066 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.242084980 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.242115021 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.242145061 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.244751930 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.244770050 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.244827986 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.244836092 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.244884014 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.246907949 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.246926069 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.246978998 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.246987104 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.247019053 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.247036934 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.248878002 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.248897076 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.248960972 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.248967886 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.248996019 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.249025106 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.250097990 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.250114918 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.250186920 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.250195026 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.250242949 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.272845984 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.272866964 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.272938967 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.272947073 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273147106 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273147106 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273257971 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273273945 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273391008 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273397923 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273448944 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273519993 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273555994 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273575068 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273578882 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273588896 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.273623943 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273731947 CEST	49846	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.273741961 CEST	443	49846	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.300733089 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.300772905 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.300849915 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.301048040 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.301062107 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.337924957 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.337964058 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.338066101 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.338232994 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.338248014 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.341064930 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.341274023 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:42.341289997 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.341620922 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.341918945 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:42.341979027 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.342060089 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:42.342092037 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:42.342127085 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.417239904 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.417526007 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.417551994 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.417870045 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.418174982 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.418236017 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.418324947 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.432797909 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.433152914 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.433181047 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.433473110 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.433888912 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.433945894 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.434196949 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.450047970 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.450463057 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.450515985 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:42.450851917 CEST	49852	443	192.168.2.16	20.42.73.24
Aug 30, 2024 19:06:42.450871944 CEST	443	49852	20.42.73.24	192.168.2.16
Aug 30, 2024 19:06:42.464502096 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.476504087 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.535681009 CEST	49857	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:42.535713911 CEST	443	49857	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:42.535783052 CEST	49857	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:42.536264896 CEST	49857	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:42.536279917 CEST	443	49857	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:42.547024965 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.547044992 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.547107935 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.547135115 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.548074961 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.548110962 CEST	443	49854	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.548162937 CEST	49854	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.550190926 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.550223112 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.550309896 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.550478935 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.550488949 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.559432030 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.559499025 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.559513092 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.559565067 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.559587002 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.559603930 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.559637070 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.618419886 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:42.618458033 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:42.618550062 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:42.618714094 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:42.618727922 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:42.644886017 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.644908905 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.645112991 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.645133972 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.645200014 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.649768114 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.649784088 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.649871111 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.649892092 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.649940968 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.726584911 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.726634026 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.726659060 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.726775885 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.726775885 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.727375984 CEST	49853	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.727392912 CEST	443	49853	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.731528997 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.731547117 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.731611967 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.731805086 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:42.731813908 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:42.812582970 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.812623024 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.812715054 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.812895060 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.812913895 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.858669043 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.858997107 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.859020948 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.859391928 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.859733105 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.859808922 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.859857082 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.901998043 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.902235985 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.902252913 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.903142929 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.903215885 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.903223991 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.903299093 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.904110909 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.904165983 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.904320955 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.904326916 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:42.904508114 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.915045977 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.946065903 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:42.969345093 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.969434023 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.969496012 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.970330000 CEST	49855	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.970345974 CEST	443	49855	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.972086906 CEST	49862	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.972125053 CEST	443	49862	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.972223997 CEST	49862	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.972398996 CEST	49862	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:42.972413063 CEST	443	49862	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:42.991467953 CEST	443	49857	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:42.991741896 CEST	49857	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:42.991758108 CEST	443	49857	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:42.992047071 CEST	443	49857	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:42.992348909 CEST	49857	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:42.992408991 CEST	443	49857	157.240.241.1	192.168.2.16
Aug 30, 2024 19:06:43.028038979 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:43.028461933 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:43.028536081 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:43.029118061 CEST	49856	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:43.029133081 CEST	443	49856	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:43.030332088 CEST	49863	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:43.030350924 CEST	443	49863	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:43.030432940 CEST	49863	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:43.030633926 CEST	49863	443	192.168.2.16	13.107.42.14
Aug 30, 2024 19:06:43.030651093 CEST	443	49863	13.107.42.14	192.168.2.16
Aug 30, 2024 19:06:43.042073965 CEST	49857	443	192.168.2.16	157.240.241.1
Aug 30, 2024 19:06:43.190299988 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.190601110 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.190613031 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.191493988 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.191584110 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.191854954 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.191904068 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.192028999 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.192034960 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.234157085 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.289537907 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.289835930 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.289858103 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.290883064 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.290967941 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.292198896 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.292258024 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.292403936 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.292413950 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.318347931 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.318366051 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.318387985 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.318396091 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.318406105 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.318424940 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.318429947 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.318494081 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.342082977 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.369168043 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.369466066 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.369492054 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.369796991 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.370126009 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.370181084 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.370286942 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.376528025 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.376739025 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.376746893 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.377032042 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.377310991 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.377361059 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.377429008 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.403609991 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.403625965 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.403712988 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.403719902 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.403762102 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.406229019 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.406245947 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.406311035 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.406316996 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.406378031 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.416505098 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.420501947 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.454071045 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.454490900 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.454557896 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.455239058 CEST	49859	443	192.168.2.16	20.114.189.70
Aug 30, 2024 19:06:43.455251932 CEST	443	49859	20.114.189.70	192.168.2.16
Aug 30, 2024 19:06:43.480858088 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.480916977 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.481000900 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.481790066 CEST	49861	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.481806993 CEST	443	49861	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.483582973 CEST	49864	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.483620882 CEST	443	49864	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.483716011 CEST	49864	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.483906031 CEST	49864	443	192.168.2.16	150.171.28.10
Aug 30, 2024 19:06:43.483920097 CEST	443	49864	150.171.28.10	192.168.2.16
Aug 30, 2024 19:06:43.490463018 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.490479946 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.490581989 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.490603924 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.490657091 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.491291046 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.491307020 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.491364002 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.491369963 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.491442919 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.493002892 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493022919 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493074894 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.493089914 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493149996 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493165970 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493241072 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.493247032 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493290901 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.493334055 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.493379116 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.494147062 CEST	49860	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.494159937 CEST	443	49860	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.495073080 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.495086908 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.495157957 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.495167017 CEST	443	49858	13.107.246.40	192.168.2.16
Aug 30, 2024 19:06:43.495207071 CEST	49858	443	192.168.2.16	13.107.246.40
Aug 30, 2024 19:06:43.496018887 CEST	49865	443	192.168.2.16	13.107.246.40

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 19:05:53.765618086 CEST	192.168.2.16	1.1.1.1	0x8521	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:53.765754938 CEST	192.168.2.16	1.1.1.1	0x67f6	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Aug 30, 2024 19:05:54.036230087 CEST	192.168.2.16	1.1.1.1	0xc959	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:54.036360979 CEST	192.168.2.16	1.1.1.1	0xc82	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Aug 30, 2024 19:05:56.528342009 CEST	192.168.2.16	1.1.1.1	0xfff2	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.528582096 CEST	192.168.2.16	1.1.1.1	0x6bbf	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Aug 30, 2024 19:05:56.529124975 CEST	192.168.2.16	1.1.1.1	0xb8eb	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.529300928 CEST	192.168.2.16	1.1.1.1	0xd434	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Aug 30, 2024 19:05:56.538192987 CEST	192.168.2.16	1.1.1.1	0x4df5	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.538321018 CEST	192.168.2.16	1.1.1.1	0xfae2	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Aug 30, 2024 19:07:47.500638008 CEST	192.168.2.16	1.1.1.1	0x56b9	Standard query (0)	enviasept.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 19:05:53.772281885 CEST	1.1.1.1	192.168.2.16	0x8521	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:53.772582054 CEST	1.1.1.1	192.168.2.16	0x67f6	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:54.043188095 CEST	1.1.1.1	192.168.2.16	0xc959	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:54.043188095 CEST	1.1.1.1	192.168.2.16	0xc959	No error (0)	googlehosted.l.googleusercontent.com		142.250.184.225	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:54.043900013 CEST	1.1.1.1	192.168.2.16	0xc82	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:55.277431965 CEST	1.1.1.1	192.168.2.16	0xf9ce	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:55.277431965 CEST	1.1.1.1	192.168.2.16	0xf9ce	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:55.278225899 CEST	1.1.1.1	192.168.2.16	0x1dee	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:55.765089035 CEST	1.1.1.1	192.168.2.16	0x27ce	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:55.765089035 CEST	1.1.1.1	192.168.2.16	0x27ce	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:55.765496969 CEST	1.1.1.1	192.168.2.16	0x62e4	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:55.777972937 CEST	1.1.1.1	192.168.2.16	0x8ebc	No error (0)	shed.dual-low.s-part-0036.t-0009.t-msedge.net	s-part-0036.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:55.777972937 CEST	1.1.1.1	192.168.2.16	0x8ebc	No error (0)	s-part-0036.t-0009.t-msedge.net		13.107.246.64	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.536143064 CEST	1.1.1.1	192.168.2.16	0xfff2	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.536143064 CEST	1.1.1.1	192.168.2.16	0xfff2	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.536158085 CEST	1.1.1.1	192.168.2.16	0x6bbf	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Aug 30, 2024 19:05:56.536951065 CEST	1.1.1.1	192.168.2.16	0xb8eb	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.536951065 CEST	1.1.1.1	192.168.2.16	0xb8eb	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.537118912 CEST	1.1.1.1	192.168.2.16	0xd434	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Aug 30, 2024 19:05:56.546073914 CEST	1.1.1.1	192.168.2.16	0xfae2	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Aug 30, 2024 19:05:56.546221018 CEST	1.1.1.1	192.168.2.16	0x4df5	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.546221018 CEST	1.1.1.1	192.168.2.16	0x4df5	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:56.782923937 CEST	1.1.1.1	192.168.2.16	0x8503	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:56.782938004 CEST	1.1.1.1	192.168.2.16	0x718a	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:56.782938004 CEST	1.1.1.1	192.168.2.16	0x718a	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:58.817730904 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:58.817730904 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:05:59.829435110 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:05:59.829435110 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:06:00.832716942 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:06:00.832716942 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:06:02.833936930 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:06:02.833936930 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:06:06.846379042 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 19:06:06.846379042 CEST	1.1.1.1	192.168.2.16	0x54b2	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 30, 2024 19:07:47.639139891 CEST	1.1.1.1	192.168.2.16	0x56b9	No error (0)	enviasept.duckdns.org		181.235.3.0	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49712	142.250.184.225	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:54 UTC	594	OUT	GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:54 UTC	565	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135751 X-GUploader-UploadID: AHxI1nNUBD35fFMx44qWl-R3Lt-IV-t58DGzXe9tjI6oL7Q-T1Ru7muR00BQdD53ePczU1ELNg X-Goog-Hash: crc32c=IDdmTg== Server: UploadServer Date: Thu, 29 Aug 2024 19:15:10 GMT Expires: Fri, 29 Aug 2025 19:15:10 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016 Content-Type: application/x-chrome-extension Age: 78644 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 17:05:54 UTC	825	IN	Data Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17 Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.\|ws+LT>&&Pjanss9ga:SY>J:9
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2 Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z\|pQ"k<`ZT\|uKC1Yg4ewWe5
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b\|wt7nvtD<C}\|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](\|
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3 Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu\|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49 Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61 Data Ascii: =%2n$hgffa,_@uYk\|9.Y1+x8aBP\|].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=eZkLS65mj}0"$MmDhPa
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3 Data Ascii: nh"\|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF\|V1lvgf&3]1g>Lc(s.u,2
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90 Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
2024-08-30 17:05:54 UTC	1390	IN	Data Raw: 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97 Data Ascii: N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49721	13.107.246.64	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:56 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:56 UTC	583	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:56 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT ETag: 0x8DCB31E67C22927 x-ms-request-id: 66f87118-601e-001a-2116-f94768000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170556Z-16579567576c4hpgz3uh2pbn5g00000003m000000000krq8 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-08-30 17:05:56 UTC	15801	IN	Data Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-08-30 17:05:56 UTC	16384	IN	Data Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 Data Ascii: JEqb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
2024-08-30 17:05:56 UTC	16384	IN	Data Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 Data Ascii: /M5?Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|c
2024-08-30 17:05:56 UTC	16384	IN	Data Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
2024-08-30 17:05:56 UTC	5254	IN	Data Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49723	172.64.41.3	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:56 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-08-30 17:05:56 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-08-30 17:05:57 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 30 Aug 2024 17:05:57 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bb65e5bc8a54346-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 17:05:57 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom#)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49724	172.64.41.3	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:56 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-08-30 17:05:56 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-08-30 17:05:57 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 30 Aug 2024 17:05:57 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bb65e5bac795e7a-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 17:05:57 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f8 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49725	162.159.61.3	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:57 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-08-30 17:05:57 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-08-30 17:05:57 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 30 Aug 2024 17:05:57 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8bb65e5bdc21199d-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 17:05:57 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 a5 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49726	13.107.246.64	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:57 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:57 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:57 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 36e51072-001e-0067-6b60-fadba0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170557Z-16579567576xfl5xzh7yws029s00000003s0000000002q2b Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:05:57 UTC	15800	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 Data Ascii: 8}u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5Qa
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 Data Ascii: Vu,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35Q
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 Data Ascii: >6jg~B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 Data Ascii: .kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~C
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c Data Ascii: &{M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vH
2024-08-30 17:05:57 UTC	16384	IN	Data Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49735	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:59 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:59 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-16579567576h9nndaeer0cv35w00000003f000000000s8hw Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:05:59 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49730	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:59 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:59 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: dea807c8-f01e-005b-3b60-fa6f7b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-16579567576kv75wmks9m65qec00000003xg000000003t62 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:05:59 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49732	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:59 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:59 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 27316467-401e-0006-7b60-fa9f7f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-16579567576c4hpgz3uh2pbn5g00000003rg000000003e6u Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:05:59 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49733	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:59 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:59 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 32a19201-701e-002c-2560-faea3a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-16579567576fh7f86y3uqsyhx000000003eg00000000uss1 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:05:59 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49731	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:59 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:59 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-165795675767hwjqv3v00bvq3400000003s000000000dab1 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-08-30 17:05:59 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49734	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:05:59 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:05:59 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: 186c9d45-001e-0045-69fe-fab596000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-16579567576l8zffr7mt4xy2un000000038000000000rm6y Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-08-30 17:05:59 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49737	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:05:59 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:00 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:00 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 1fe24a7d-301e-0020-18fe-fa04cb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240830T170559Z-16579567576h9nndaeer0cv35w00000003fg00000000nxkv Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-08-30 17:06:00 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49749	152.195.19.97	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:13 UTC	620	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725642355&P2=404&P3=2&P4=CzW9%2f7XJJfdozRLr7mPNPKGHA2mKupVjHXqUY%2b9ldeUh4cR7DxQV3xYWv2HUu2%2fEnPqXCGckOty%2f18FhCFGiqA%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: Rh74H+8DIzBRr3vjTwywZa Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:13 UTC	632	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 4964104 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Fri, 30 Aug 2024 17:06:13 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-08-30 17:06:13 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49760	23.52.161.218	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:21 UTC	763	OUT	GET /fwlink/?linkid=2132659&form=MT004A&OCID=MT004A HTTP/1.1 Host: go.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:21 UTC	456	IN	HTTP/1.1 302 Moved Temporarily Content-Length: 0 Server: Kestrel Location: https://www.microsoft.com/edge/welcome?form=MT00LJ Request-Context: appId=cid-v1:9b037ab9-fa5a-4c09-81bd-41ffa859f01e X-Response-Cache-Status: True Expires: Fri, 30 Aug 2024 17:06:21 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 30 Aug 2024 17:06:21 GMT Connection: close Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49762	23.52.162.42	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:22 UTC	742	OUT	GET /edge/welcome?form=MT00LJ HTTP/1.1 Host: www.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:22 UTC	987	IN	HTTP/1.1 302 Moved Temporarily Content-Length: 112 Content-Type: text/html; charset=utf-8 Location: /edge/welcome?form=MT00LJ&ch=1 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 Accept-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-Prefers-Color-Scheme Critical-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-Prefers-Color-Scheme x-azure-ref: 20240830T170622Z-154dcd767c9hnfwz2g7mr7hx240000000byg000000002t5c Expires: Fri, 30 Aug 2024 17:06:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 30 Aug 2024 17:06:22 GMT Connection: close TLS_version: tls1.3 ms-cv: CASMicrosoftCV26f5989a.0 ms-cv-esi: CASMicrosoftCV26f5989a.0 X-RTag: RT
2024-08-30 17:06:22 UTC	112	IN	Data Raw: 3c 70 3e 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 66 6f 72 6d 3d 4d 54 30 30 4c 4a 26 61 6d 70 3b 63 68 3d 31 22 3e 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 66 6f 72 6d 3d 4d 54 30 30 4c 4a 26 61 6d 70 3b 63 68 3d 31 3c 2f 61 3e 3c 2f 70 3e Data Ascii: <p>Found. Redirecting to <a href="/edge/welcome?form=MT00LJ&ch=1">/edge/welcome?form=MT00LJ&ch=1</a></p>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.16	49761	23.52.161.218	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:22 UTC	763	OUT	GET /fwlink/?linkid=2132659&form=MT004A&OCID=MT004A HTTP/1.1 Host: go.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:22 UTC	456	IN	HTTP/1.1 302 Moved Temporarily Content-Length: 0 Server: Kestrel Location: https://www.microsoft.com/edge/welcome?form=MT00LJ Request-Context: appId=cid-v1:9b037ab9-fa5a-4c09-81bd-41ffa859f01e X-Response-Cache-Status: True Expires: Fri, 30 Aug 2024 17:06:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 30 Aug 2024 17:06:22 GMT Connection: close Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.16	49766	23.33.238.58	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:22 UTC	435	OUT	GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1 Host: www.bing.com Connection: keep-alive Cookie: ANON=; MUID=;_RwBf=; Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:22 UTC	701	IN	HTTP/1.1 200 OK Content-Length: 636095 Content-Type: application/json Last-Modified: Fri, 30 Aug 2024 13:55:10 GMT ETag: 0x8DCC8FB5D1DAFA3 x-ms-request-id: 34e130e2-e01e-00c0-16fe-fae45e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 8393FBE6E8904865B4C76E8C64EE99EB Ref B: TEB31EDGE0309 Ref C: 2024-08-30T17:06:22Z Date: Fri, 30 Aug 2024 17:06:22 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.5dee2117.1725037582.675f224
2024-08-30 17:06:22 UTC	16384	IN	Data Raw: 7b 22 6e 75 6d 62 65 72 4f 66 48 61 73 68 46 75 6e 63 74 69 6f 6e 73 22 3a 38 2c 22 73 68 69 66 74 42 61 73 65 22 3a 38 2c 22 62 6c 6f 6f 6d 46 69 6c 74 65 72 41 72 72 61 79 53 69 7a 65 22 3a 33 37 36 36 33 39 37 2c 22 70 72 69 6d 65 42 61 73 65 73 22 3a 5b 35 33 38 31 2c 35 33 38 31 2c 35 33 38 31 2c 35 33 38 31 5d 2c 22 73 75 70 70 6f 72 74 65 64 44 6f 6d 61 69 6e 73 22 3a 22 4a 55 6d 49 37 34 34 57 53 55 62 7a 39 55 52 77 4c 43 49 49 54 6e 50 73 45 63 41 6c 53 52 2f 2b 68 71 33 48 2b 48 2f 4e 79 6e 62 33 6f 79 34 37 5a 6f 4e 6f 57 59 35 5a 2f 68 73 41 7a 42 56 44 55 31 6c 2b 69 6b 58 52 61 55 4b 6a 6a 79 51 5a 41 67 41 46 78 30 56 71 44 59 59 6f 67 77 76 48 57 48 68 35 2b 47 5a 75 45 32 37 4b 62 5a 71 59 6b 30 50 79 6e 52 73 54 73 58 75 4b 37 63 78 4e Data Ascii: {"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3766397,"primeBases":[5381,5381,5381,5381],"supportedDomains":"JUmI744WSUbz9URwLCIITnPsEcAlSR/+hq3H+H/Nynb3oy47ZoNoWY5Z/hsAzBVDU1l+ikXRaUKjjyQZAgAFx0VqDYYogwvHWHh5+GZuE27KbZqYk0PynRsTsXuK7cxN
2024-08-30 17:06:22 UTC	8192	IN	Data Raw: 37 62 66 2f 62 78 4a 45 33 66 64 58 33 32 52 55 4f 70 66 58 37 6f 64 52 5a 79 47 73 79 6c 67 78 48 59 50 48 49 6a 51 30 67 61 4d 49 35 74 67 32 42 57 51 62 32 7a 47 44 6c 32 6d 54 55 4e 4c 69 67 49 32 32 38 59 73 67 4a 32 54 68 39 7a 65 46 6d 4e 67 39 7a 54 50 79 54 30 61 76 79 65 45 61 49 55 79 45 78 62 71 69 37 32 6a 30 30 76 32 61 63 48 37 6d 48 38 58 53 68 33 50 50 67 63 41 68 73 47 7a 76 4a 30 61 72 72 50 4c 4c 4f 64 67 67 41 67 51 46 53 4f 66 4a 6c 73 6b 35 6d 6a 33 33 6a 75 49 43 2f 6c 33 70 65 31 51 45 32 46 74 33 57 6b 34 51 49 73 78 6f 54 66 76 32 4f 38 2b 50 2b 64 6d 39 7a 2b 38 37 78 44 34 47 41 45 44 43 67 53 4c 71 4c 4f 30 72 34 2f 65 31 72 4f 4b 6a 31 70 41 67 47 6a 70 51 49 2b 57 65 7a 6f 35 31 69 6f 7a 69 43 2f 44 50 62 2b 79 41 78 2f 47 Data Ascii: 7bf/bxJE3fdX32RUOpfX7odRZyGsylgxHYPHIjQ0gaMI5tg2BWQb2zGDl2mTUNLigI228YsgJ2Th9zeFmNg9zTPyT0avyeEaIUyExbqi72j00v2acH7mH8XSh3PPgcAhsGzvJ0arrPLLOdggAgQFSOfJlsk5mj33juIC/l3pe1QE2Ft3Wk4QIsxoTfv2O8+P+dm9z+87xD4GAEDCgSLqLO0r4/e1rOKj1pAgGjpQI+Wezo51ioziC/DPb+yAx/G
2024-08-30 17:06:22 UTC	16384	IN	Data Raw: 42 42 77 4f 76 73 45 76 4a 78 65 79 30 4a 77 4a 5a 39 4d 59 71 32 6b 6a 72 51 79 75 5a 79 61 74 33 4f 45 6b 70 6d 4a 52 54 6b 4c 76 54 76 4c 4e 71 68 49 58 53 75 45 36 70 33 71 47 78 6f 64 52 4e 35 41 68 6f 57 70 58 32 51 46 73 44 43 64 62 51 6e 49 56 72 36 68 73 4d 53 49 6a 69 30 6f 6f 6c 65 74 6a 51 62 39 6d 67 76 4d 6f 52 6e 2b 55 68 42 43 67 64 61 4d 43 47 65 72 42 67 62 30 4b 72 4b 6d 64 77 51 34 4d 4e 38 6c 35 4a 46 5a 4f 30 4d 6e 6d 6c 39 67 4e 43 67 58 46 67 69 77 4c 5a 4c 59 6f 52 50 71 49 54 67 2b 66 7a 76 66 57 69 37 32 59 49 69 48 37 4a 35 58 72 33 37 72 39 59 2f 4a 54 55 6f 6f 4b 61 52 35 59 66 45 4a 47 2b 57 37 4a 63 72 76 70 65 56 6c 6e 64 62 74 32 30 45 72 48 43 66 66 71 71 6d 52 51 56 52 63 6d 6b 62 5a 5a 4d 41 34 49 43 77 36 45 5a 58 46 Data Ascii: BBwOvsEvJxey0JwJZ9MYq2kjrQyuZyat3OEkpmJRTkLvTvLNqhIXSuE6p3qGxodRN5AhoWpX2QFsDCdbQnIVr6hsMSIji0ooletjQb9mgvMoRn+UhBCgdaMCGerBgb0KrKmdwQ4MN8l5JFZO0Mnml9gNCgXFgiwLZLYoRPqITg+fzvfWi72YIiH7J5Xr37r9Y/JTUooKaR5YfEJG+W7JcrvpeVlndbt20ErHCffqqmRQVRcmkbZZMA4ICw6EZXF
2024-08-30 17:06:23 UTC	8192	IN	Data Raw: 66 79 58 54 5a 47 34 54 77 69 6f 49 36 52 2b 4b 53 50 4d 4b 33 53 41 34 34 30 50 75 71 6c 4e 70 35 70 69 6e 36 67 41 38 78 64 4c 6d 46 55 43 48 37 50 44 48 67 5a 74 53 6b 6d 6c 72 71 6f 61 50 54 67 51 6f 6a 44 45 61 4d 71 5a 6b 58 58 55 35 61 38 4e 4a 6e 50 5a 52 43 49 39 45 56 5a 34 41 65 7a 4f 4d 4f 46 46 4f 4b 62 71 37 7a 75 55 6f 2f 2f 6a 32 50 4a 32 6a 55 49 6c 66 6c 73 50 6b 6e 44 4c 57 4e 6e 69 70 30 61 6b 67 6a 36 4a 71 66 6f 53 50 32 66 45 57 34 77 4c 49 2f 35 52 36 71 62 64 4d 45 52 67 33 79 55 71 33 48 75 43 42 7a 5a 33 70 52 70 75 30 69 32 34 78 62 59 76 4e 37 64 33 73 58 64 31 54 6c 2b 38 63 50 45 43 67 51 52 45 63 69 54 2f 6e 34 42 58 50 48 44 6f 59 73 6a 2b 49 37 35 4b 45 56 42 50 48 49 70 2b 75 64 2b 70 4b 5a 31 4a 4d 42 6f 5a 6a 37 46 4f Data Ascii: fyXTZG4TwioI6R+KSPMK3SA440PuqlNp5pin6gA8xdLmFUCH7PDHgZtSkmlrqoaPTgQojDEaMqZkXXU5a8NJnPZRCI9EVZ4AezOMOFFOKbq7zuUo//j2PJ2jUIlflsPknDLWNnip0akgj6JqfoSP2fEW4wLI/5R6qbdMERg3yUq3HuCBzZ3pRpu0i24xbYvN7d3sXd1Tl+8cPECgQREciT/n4BXPHDoYsj+I75KEVBPHIp+ud+pKZ1JMBoZj7FO
2024-08-30 17:06:23 UTC	15760	IN	Data Raw: 56 33 4e 4b 64 6c 4d 50 75 48 63 35 79 39 41 46 41 71 6e 33 42 67 6e 42 33 46 68 31 51 59 4c 35 46 67 2f 6e 4e 6f 48 72 6c 49 76 63 34 34 46 52 59 72 52 51 4d 4d 32 45 4c 4e 72 55 65 55 48 54 59 6c 34 44 66 51 6b 65 37 59 65 46 73 35 69 77 74 61 37 4c 76 78 6a 61 55 43 59 75 2b 51 4c 78 6e 46 48 6e 53 6d 4d 4b 37 30 34 47 72 61 74 45 50 51 42 36 6b 6a 30 4f 42 49 41 61 39 4c 4b 49 6e 4f 74 53 6e 35 64 6c 42 6a 42 46 6c 6a 4e 44 2b 73 4e 2f 49 58 30 6e 38 7a 78 47 68 55 58 2f 64 52 4d 55 6c 48 66 6c 69 49 73 37 38 53 7a 4e 30 57 57 53 69 67 46 45 73 57 38 43 71 31 6e 37 64 70 51 50 39 4e 4f 33 41 2b 4a 38 4f 50 6c 34 51 6a 58 31 4e 76 47 7a 55 4a 79 48 52 58 63 67 52 65 58 6d 71 72 53 73 68 78 4a 6a 48 36 7a 67 6f 42 51 6e 4e 59 63 54 73 76 68 70 42 59 61 Data Ascii: V3NKdlMPuHc5y9AFAqn3BgnB3Fh1QYL5Fg/nNoHrlIvc44FRYrRQMM2ELNrUeUHTYl4DfQke7YeFs5iwta7LvxjaUCYu+QLxnFHnSmMK704GratEPQB6kj0OBIAa9LKInOtSn5dlBjBFljND+sN/IX0n8zxGhUX/dRMUlHfliIs78SzN0WWSigFEsW8Cq1n7dpQP9NO3A+J8OPl4QjX1NvGzUJyHRXcgReXmqrSshxJjH6zgoBQnNYcTsvhpBYa
2024-08-30 17:06:23 UTC	16384	IN	Data Raw: 4d 6d 37 68 52 6f 6b 42 49 64 4c 51 43 30 47 50 6f 30 32 52 67 54 33 46 47 36 44 44 41 71 55 52 6a 76 65 43 71 38 71 73 53 4f 5a 48 61 31 53 74 47 52 5a 69 61 48 77 41 36 73 47 4b 39 67 39 5a 65 72 6d 6c 63 41 31 65 31 30 6b 52 67 49 6a 50 6a 45 7a 48 7a 69 7a 30 42 32 54 68 72 38 71 66 50 2f 55 46 4b 45 53 6e 42 45 46 4d 72 69 62 56 72 4f 57 30 4c 62 49 6c 45 59 34 6b 76 47 69 79 4b 41 74 36 52 6a 55 6e 57 61 69 37 49 51 42 58 67 6e 68 35 76 42 6d 53 49 79 43 46 34 6a 66 35 57 49 36 62 42 53 44 41 41 67 69 37 66 34 4e 42 35 65 4d 4e 30 49 4c 76 4d 56 49 70 59 77 44 4a 46 57 67 6b 4c 61 49 4f 31 39 4d 53 48 6c 78 44 67 76 6c 54 38 45 78 52 45 2f 50 4d 41 78 49 4a 73 52 4a 52 4b 45 41 59 32 38 37 50 67 6c 5a 58 53 6b 41 31 71 52 6c 5a 6d 76 34 5a 65 57 6b Data Ascii: Mm7hRokBIdLQC0GPo02RgT3FG6DDAqURjveCq8qsSOZHa1StGRZiaHwA6sGK9g9ZermlcA1e10kRgIjPjEzHziz0B2Thr8qfP/UFKESnBEFMribVrOW0LbIlEY4kvGiyKAt6RjUnWai7IQBXgnh5vBmSIyCF4jf5WI6bBSDAAgi7f4NB5eMN0ILvMVIpYwDJFWgkLaIO19MSHlxDgvlT8ExRE/PMAxIJsRJRKEAY287PglZXSkA1qRlZmv4ZeWk
2024-08-30 17:06:23 UTC	16384	IN	Data Raw: 4f 59 73 37 48 77 58 73 70 67 51 6f 6c 4c 70 6b 45 6b 44 48 35 44 6f 78 4d 64 4e 6c 2b 58 47 48 69 48 68 6d 6d 4f 4d 57 71 58 57 46 4f 69 74 55 36 55 76 58 51 65 4d 48 4f 45 7a 69 31 62 45 78 38 4e 74 50 51 4a 53 33 50 32 75 77 73 56 30 43 41 48 30 72 68 61 74 42 66 34 69 2b 31 2b 71 5a 56 36 72 33 78 4b 52 54 43 5a 30 42 59 69 6d 67 52 42 4f 69 30 64 36 32 56 4a 49 4c 36 31 49 37 4d 53 4f 54 6e 66 76 34 48 32 72 4a 44 56 69 75 72 68 6e 6f 2f 69 6d 38 45 68 36 47 4e 74 59 44 72 45 71 48 4f 6c 41 4a 65 56 56 78 6c 58 2f 34 56 62 4f 6d 69 61 48 68 43 6a 57 4d 78 34 53 61 77 39 4c 47 42 6c 6b 42 66 54 4e 34 44 37 32 2b 6b 75 4d 5a 74 5a 45 33 62 7a 68 4b 51 43 52 65 47 75 6c 4b 4a 2b 2f 53 39 64 55 77 4a 73 72 6b 6f 51 53 6d 30 59 37 42 34 47 50 6d 38 4f 4d Data Ascii: OYs7HwXspgQolLpkEkDH5DoxMdNl+XGHiHhmmOMWqXWFOitU6UvXQeMHOEzi1bEx8NtPQJS3P2uwsV0CAH0rhatBf4i+1+qZV6r3xKRTCZ0BYimgRBOi0d62VJIL61I7MSOTnfv4H2rJDViurhno/im8Eh6GNtYDrEqHOlAJeVVxlX/4VbOmiaHhCjWMx4Saw9LGBlkBfTN4D72+kuMZtZE3bzhKQCReGulKJ+/S9dUwJsrkoQSm0Y7B4GPm8OM
2024-08-30 17:06:23 UTC	8192	IN	Data Raw: 6a 68 69 2f 4a 78 68 49 72 42 69 42 34 67 41 45 53 41 51 79 51 31 79 55 30 59 53 48 36 6c 4c 64 32 52 54 45 42 4b 35 77 45 67 32 31 61 58 78 67 7a 42 36 77 36 63 4a 45 76 51 41 51 41 50 79 31 67 4d 57 53 49 6d 73 52 69 69 5a 62 6f 67 70 54 64 45 67 46 76 62 43 33 31 4a 51 7a 2b 46 4a 57 59 57 67 59 71 43 78 59 74 53 32 31 55 59 6e 62 65 76 36 39 74 61 33 56 35 64 41 34 7a 47 53 4c 79 30 49 6f 44 63 51 54 48 36 58 36 2f 4d 51 59 39 4c 45 6d 2b 68 78 4f 49 55 36 67 7a 77 51 51 69 73 71 46 78 42 64 79 76 45 56 78 56 51 6c 6e 65 52 32 78 4c 43 79 41 42 67 42 45 7a 43 69 71 54 55 76 4a 4a 4b 55 4d 43 75 6b 2b 6e 6e 52 66 35 61 31 34 42 6b 68 39 64 68 30 6a 4d 61 33 55 45 5a 35 73 49 35 48 63 77 57 6c 67 34 4a 5a 45 41 65 6b 65 39 4c 49 53 46 6a 39 61 34 6c 5a Data Ascii: jhi/JxhIrBiB4gAESAQyQ1yU0YSH6lLd2RTEBK5wEg21aXxgzB6w6cJEvQAQAPy1gMWSImsRiiZbogpTdEgFvbC31JQz+FJWYWgYqCxYtS21UYnbev69ta3V5dA4zGSLy0IoDcQTH6X6/MQY9LEm+hxOIU6gzwQQisqFxBdyvEVxVQlneR2xLCyABgBEzCiqTUvJJKUMCuk+nnRf5a14Bkh9dh0jMa3UEZ5sI5HcwWlg4JZEAeke9LISFj9a4lZ
2024-08-30 17:06:23 UTC	16384	IN	Data Raw: 58 55 56 52 42 78 72 69 45 56 36 43 53 36 73 44 77 67 6c 78 69 72 6b 49 4b 42 7a 46 45 75 4c 51 66 49 39 37 47 33 6d 44 41 52 51 72 75 6e 4f 68 4c 68 39 42 69 44 48 77 72 6d 49 51 53 48 4b 39 44 69 32 78 78 77 76 6d 37 70 66 61 72 73 77 41 47 42 4c 49 32 33 6a 73 7a 32 55 6e 50 73 68 6d 72 67 65 41 43 68 59 52 44 37 51 6a 58 6c 71 78 47 75 38 30 30 2f 58 62 64 73 36 73 31 2b 32 2b 64 65 34 44 77 67 73 72 43 46 4f 78 4a 4c 43 69 53 67 33 6b 4d 41 43 4f 6a 64 58 67 67 35 58 44 49 50 4f 42 7a 65 71 38 2b 76 4d 54 64 62 6f 44 73 6f 41 67 44 43 51 32 41 45 67 51 62 4d 69 73 46 50 6a 49 34 2b 54 4d 4c 34 43 6e 61 31 58 48 49 64 42 70 77 46 36 31 49 51 48 4b 79 51 77 49 36 46 43 6f 36 42 48 32 4c 62 78 4e 61 4f 6b 4b 4f 50 32 4a 75 6f 56 67 4b 50 41 77 50 2f 59 Data Ascii: XUVRBxriEV6CS6sDwglxirkIKBzFEuLQfI97G3mDARQrunOhLh9BiDHwrmIQSHK9Di2xxwvm7pfarswAGBLI23jsz2UnPshmrgeAChYRD7QjXlqxGu800/Xbds6s1+2+de4DwgsrCFOxJLCiSg3kMACOjdXgg5XDIPOBzeq8+vMTdboDsoAgDCQ2AEgQbMisFPjI4+TML4Cna1XHIdBpwF61IQHKyQwI6FCo6BH2LbxNaOkKOP2JuoVgKPAwP/Y
2024-08-30 17:06:23 UTC	8192	IN	Data Raw: 4b 72 72 6f 68 74 6a 41 46 6b 47 65 6f 44 37 45 61 55 50 4b 69 76 41 4f 52 49 48 43 45 49 6e 58 6d 68 79 66 61 5a 2b 4f 30 4a 66 6b 6a 45 64 4a 67 77 31 6b 63 59 34 6b 41 34 44 32 65 4a 7a 67 55 69 6b 34 71 43 48 38 37 63 50 48 69 4d 43 43 43 46 4b 44 76 44 43 50 5a 43 39 78 76 34 38 36 53 70 4e 6b 42 5a 48 75 42 43 59 6b 51 2b 38 59 4c 78 2f 43 69 35 74 2b 33 47 54 32 65 48 4d 2f 37 43 69 79 62 55 68 71 47 49 30 70 63 66 43 55 5a 54 5a 73 52 62 50 47 4e 42 39 48 79 5a 49 69 55 74 56 53 79 58 37 32 6d 36 76 70 75 6a 2b 75 35 74 4b 58 37 54 5a 41 69 49 65 62 53 57 6f 41 57 6a 66 31 35 37 67 42 5a 44 2f 4c 50 37 71 4b 51 6b 4c 77 78 38 33 53 53 35 79 32 39 49 68 31 52 50 76 66 54 4b 61 54 41 51 54 57 6c 77 52 67 4d 46 35 62 6a 79 6a 78 57 4c 5a 6a 45 30 6b Data Ascii: KrrohtjAFkGeoD7EaUPKivAORIHCEInXmhyfaZ+O0JfkjEdJgw1kcY4kA4D2eJzgUik4qCH87cPHiMCCCFKDvDCPZC9xv486SpNkBZHuBCYkQ+8YLx/Ci5t+3GT2eHM/7CiybUhqGI0pcfCUZTZsRbPGNB9HyZIiUtVSyX72m6vpuj+u5tKX7TZAiIebSWoAWjf157gBZD/LP7qKQkLwx83SS5y29Ih1RPvfTKaTAQTWlwRgMF5bjyjxWLZjE0k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.16	49767	23.52.162.42	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:23 UTC	867	OUT	GET /edge/welcome?form=MT00LJ HTTP/1.1 Host: www.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version: "117.0.2045.47" sec-ch-ua-arch: "x86" sec-ch-ua-bitness: "64" sec-ch-prefers-color-scheme: light Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:23 UTC	744	IN	HTTP/1.1 302 Moved Temporarily Content-Length: 146 Content-Type: text/html; charset=utf-8 Location: /en-gb/edge/welcome?ep=0&es=139&form=MT00LJ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170623Z-154dcd767c9tx9zlwgknp9ttrg0000000bz000000000k41t Expires: Fri, 30 Aug 2024 17:06:23 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 30 Aug 2024 17:06:23 GMT Connection: close TLS_version: tls1.3 ms-cv: CASMicrosoftCV11779450.0 ms-cv-esi: CASMicrosoftCV11779450.0 X-RTag: RT
2024-08-30 17:06:23 UTC	146	IN	Data Raw: 3c 70 3e 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 65 6e 2d 67 62 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 61 6d 70 3b 65 73 3d 31 33 39 26 61 6d 70 3b 66 6f 72 6d 3d 4d 54 30 30 4c 4a 22 3e 2f 65 6e 2d 67 62 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 61 6d 70 3b 65 73 3d 31 33 39 26 61 6d 70 3b 66 6f 72 6d 3d 4d 54 30 30 4c 4a 3c 2f 61 3e 3c 2f 70 3e Data Ascii: <p>Found. Redirecting to <a href="/en-gb/edge/welcome?ep=0&es=139&form=MT00LJ">/en-gb/edge/welcome?ep=0&es=139&form=MT00LJ</a></p>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.16	49768	142.251.35.164	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:23 UTC	943	OUT	GET /url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ng HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:24 UTC	1125	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:24 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 Set-Cookie: NID=517=LtsArCytBiwAD9VVJEXlIlr_UQ0jYEIbEDUXZ4lWg_cVRWXCgtsjooyIoueHoMZ9bNf_13biGQn4-dEiSKCB1-xHZcj6nlg8x4b1mbY8_gpITjTdSaNv2qh4i8ssS3D32wiNgIPnRD1fT5cl1L4SlsPZgqJiVgPcc7WGjAtY7aEzv5KsSwjZ2Q; expires=Sat, 01-Mar-2025 17:06:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-30 17:06:24 UTC	265	IN	Data Raw: 37 30 36 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 20 4e 6f 74 69 63 65 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 2c 64 69 76 2c 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 7d 64 69 76 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 3a 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 36 38 31 64 61 38 Data Ascii: 706<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8
2024-08-30 17:06:24 UTC	1390	IN	Data Raw: 7b 63 6f 6c 6f 72 3a 23 36 38 31 64 61 38 7d 61 3a 61 63 74 69 76 65 7b 63 6f 6c 6f 72 3a 23 65 61 34 33 33 35 7d 64 69 76 2e 6d 79 6d 47 6f 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 67 53 35 6a 58 62 29 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 67 53 35 6a 58 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 64 69 76 2e 61 58 67 61 47 62 7b 70 61 64 64 69 6e 67 3a 30 2e 35 65 6d 20 30 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 7d 64 69 76 2e 66 54 6b 37 76 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 35 70 78 7d 3c Data Ascii: {color:#681da8}a:active{color:#ea4335}div.mymGo{border-top:1px solid var(--gS5jXb);border-bottom:1px solid var(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}<
2024-08-30 17:06:24 UTC	150	IN	Data Raw: 63 3d 22 22 3b 62 26 26 28 63 3d 61 28 62 29 29 3b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 2f 75 72 6c 3f 73 61 3d 54 26 75 72 6c 3d 22 2b 63 2b 22 26 6f 69 3d 22 2b 61 28 6f 69 29 2b 22 26 63 74 3d 22 2b 61 28 63 74 29 3b 72 65 74 75 72 6e 21 31 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 62 72 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: c="";b&&(c=a(b));(new Image).src="/url?sa=T&url="+c+"&oi="+a(oi)+"&ct="+a(ct);return!1};}).call(this);})();</script><br><br><br></div></body></html>
2024-08-30 17:06:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.16	49770	23.52.162.42	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:24 UTC	885	OUT	GET /en-gb/edge/welcome?ep=0&es=139&form=MT00LJ HTTP/1.1 Host: www.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.2045.47" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-bitness: "64" sec-ch-prefers-color-scheme: light Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:25 UTC	2305	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 ETag: "23a85-CUgJABkMWzfwQYyzBsefM9IRgjs" Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 Content-Security-Policy: default-src 'self' https://edgestatic.azureedge.net https://.microsoft.com; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.aspnetcdn.com https://az725175.vo.msecnd.net https://.microsoft.com https://mem.gfx.ms https://edgestatic.azureedge.net https://js.monitor.azure.com https://mwf-service.akamaized.net https://.clarity.ms https://.bing.com http://.bing.com https://.adnxs.com https://connect.facebook.net https://snap.licdn.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net https://edgestatic.azureedge.net; font-src 'self' data: https://.microsoft.com http://c.s-microsoft.com https://c.s-microsoft.com https://edgestatic.azureedge.net; connect-src 'self' http://.microsoft.com https://.microsoft.com ht [TRUNCATED] x-azure-ref: 20240830T170624Z-17bfd4cd76ckhshp8yhu5bu0ys00000002h0000000004er7 Date: Fri, 30 Aug 2024 17:06:25 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding TLS_version: tls1.3 ms-cv: CASMicrosoftCVd890d8cb.0 ms-cv-esi: CASMicrosoftCVd890d8cb.0 X-RTag: RT
2024-08-30 17:06:25 UTC	14079	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 6e 2d 68 65 61 64 2d 73 73 72 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 25 37 42 25 32 32 6c 61 6e 67 25 32 32 3a 25 37 42 25 32 32 73 73 72 25 32 32 3a 25 32 32 65 6e 25 32 32 25 37 44 2c 25 32 32 64 69 72 25 32 32 3a 25 37 42 25 32 32 73 73 72 25 32 32 3a 25 32 32 6c 74 72 25 32 32 25 37 44 25 37 44 22 3e 0a 20 20 3c 68 65 61 64 20 3e 0a 20 20 20 20 3c 6d 65 74 61 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 73 73 72 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 73 73 72 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 Data Ascii: 00006000<!doctype html><html data-n-head-ssr lang="en" dir="ltr" data-n-head="%7B%22lang%22:%7B%22ssr%22:%22en%22%7D,%22dir%22:%7B%22ssr%22:%22ltr%22%7D%7D"> <head > <meta data-n-head="ssr" charset="utf-8"><meta data-n-head="ssr" name="viewport"
2024-08-30 17:06:25 UTC	10509	IN	Data Raw: 31 38 6e 2d 61 6c 74 2d 65 6e 2d 67 62 22 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 67 62 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 61 6d 70 3b 65 73 3d 31 33 39 26 61 6d 70 3b 66 6f 72 6d 3d 4d 54 30 30 4c 4a 22 20 68 72 65 66 6c 61 6e 67 3d 22 65 6e 2d 67 62 22 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 73 73 72 22 20 64 61 74 61 2d 68 69 64 3d 22 69 31 38 6e 2d 61 6c 74 2d 65 6e 2d 69 6e 22 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 69 6e 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 61 Data Ascii: 18n-alt-en-gb" rel="alternate" href="https://www.microsoft.com/en-gb/edge/welcome?ep=0&es=139&form=MT00LJ" hreflang="en-gb"><link data-n-head="ssr" data-hid="i18n-alt-en-in" rel="alternate" href="https://www.microsoft.com/en-in/edge/welcome?ep=0&a
2024-08-30 17:06:25 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2d 68 69 64 3d 22 69 31 38 6e 2d 61 6c 74 2d 6d 6c 22 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6d 6c 2d 69 6e 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 61 6d 70 3b 65 73 3d 31 33 39 26 61 6d 70 3b 66 6f 72 6d 3d 4d 54 30 30 4c 4a 22 20 68 72 65 66 6c 61 6e 67 3d 22 6d 6c 22 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 6e 2d 68 65 61 64 3d 22 73 73 72 22 20 64 61 74 61 2d 68 69 64 3d 22 69 31 38 6e 2d 61 6c 74 2d 6d 6c 2d 69 6e 22 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6d 6c 2d 69 6e 2f 65 64 67 65 2f 77 65 6c Data Ascii: 00006000-hid="i18n-alt-ml" rel="alternate" href="https://www.microsoft.com/ml-in/edge/welcome?ep=0&es=139&form=MT00LJ" hreflang="ml"><link data-n-head="ssr" data-hid="i18n-alt-ml-in" rel="alternate" href="https://www.microsoft.com/ml-in/edge/wel
2024-08-30 17:06:25 UTC	8204	IN	Data Raw: 33 30 20 31 34 22 20 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 73 65 72 76 65 22 20 68 65 69 67 68 74 3d 22 31 34 22 20 77 69 64 74 68 3d 22 33 38 22 3e 3c 74 69 74 6c 65 3e 43 61 6c 69 66 6f 72 6e 69 61 20 43 6f 6e 73 75 6d 65 72 20 50 72 69 76 61 63 79 20 41 63 74 20 28 43 43 50 41 29 20 4f 70 74 2d 4f 75 74 20 49 63 6f 6e 3c 2f 74 69 74 6c 65 3e 20 3c 70 61 74 68 20 64 3d 22 4d 37 2e 34 20 31 32 2e 38 68 36 2e 38 6c 33 2e 31 2d 31 31 2e 36 48 37 2e 34 43 34 2e 32 20 31 2e 32 20 31 2e 36 20 33 2e 38 20 31 2e 36 20 37 73 32 2e 36 20 35 2e 38 20 35 2e 38 20 35 2e 38 7a 22 20 73 74 79 6c 65 3d 22 66 69 6c 6c 2d 72 75 6c 65 3a 65 76 65 6e 6f 64 64 3b 63 6c 69 70 2d 72 75 6c 65 3a 65 76 65 6e 6f 64 64 3b 66 69 6c 6c 3a 23 66 66 66 3b 22 3e 3c 2f 70 61 74 68 Data Ascii: 30 14" xml:space="preserve" height="14" width="38"><title>userfornia Consumer Privacy Act (CCPA) Opt-Out Icon</title> <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff;"></path
2024-08-30 17:06:25 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 6e 73 69 6f 6e 3a 72 2c 66 69 6c 65 49 64 3a 22 61 39 32 36 64 66 62 37 37 65 31 63 34 37 62 36 38 31 61 34 62 62 38 64 35 65 61 31 36 63 65 64 22 2c 70 75 62 6c 69 63 55 72 6c 3a 22 68 74 74 70 73 3a 5c 75 30 30 32 46 5c 75 30 30 32 46 65 64 67 65 73 74 61 74 69 63 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 5c 75 30 30 32 46 73 68 61 72 65 64 5c 75 30 30 32 46 63 6d 73 5c 75 30 30 32 46 6c 72 73 31 63 36 39 61 31 6a 5c 75 30 30 32 46 73 65 63 74 69 6f 6e 2d 69 6d 61 67 65 73 5c 75 30 30 32 46 61 39 32 36 64 66 62 37 37 65 31 63 34 37 62 36 38 31 61 34 62 62 38 64 35 65 61 31 36 63 65 64 2e 70 6e 67 22 2c 77 69 64 74 68 3a 33 37 32 31 2c 68 65 69 67 68 74 3a 32 30 37 38 7d 2c 66 72 61 6d 65 3a 22 73 68 61 64 6f 77 22 2c 61 6c Data Ascii: 00004000nsion:r,fileId:"a926dfb77e1c47b681a4bb8d5ea16ced",publicUrl:"https:\u002F\u002Fedgestatic.azureedge.net\u002Fshared\u002Fcms\u002Flrs1c69a1j\u002Fsection-images\u002Fa926dfb77e1c47b681a4bb8d5ea16ced.png",width:3721,height:2078},frame:"shadow",al
2024-08-30 17:06:25 UTC	12	IN	Data Raw: 65 6c 3a 61 2c 63 6f 6d 70 6c 0d 0a Data Ascii: el:a,compl
2024-08-30 17:06:25 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 65 74 65 64 4c 61 62 65 6c 3a 61 2c 64 69 73 61 62 6c 65 57 68 65 6e 43 6f 6d 70 6c 65 74 65 3a 63 2c 65 72 72 6f 72 4c 61 62 65 6c 3a 61 2c 64 69 73 61 62 6c 65 41 63 74 69 6f 6e 43 6f 6d 70 6c 65 74 69 6f 6e 3a 63 2c 64 69 73 70 6c 61 79 4d 6f 64 65 3a 61 2c 70 6f 70 75 70 3a 7b 63 6f 6c 6f 72 53 63 68 65 6d 65 3a 61 2c 62 61 63 6b 67 72 6f 75 6e 64 3a 62 2c 68 65 61 64 69 6e 67 3a 22 45 78 70 65 72 69 65 6e 63 65 20 63 6c 65 61 72 65 72 20 61 6e 64 20 63 72 69 73 70 65 72 20 67 72 61 70 68 69 63 73 22 2c 64 65 73 63 72 69 70 74 69 6f 6e 3a 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 e2 80 99 73 20 65 78 63 6c 75 73 69 76 65 20 43 6c 61 72 69 74 79 20 42 6f 6f 73 74 20 66 65 61 74 75 72 65 20 6d 61 6b 65 73 20 58 62 6f 78 Data Ascii: 00004000etedLabel:a,disableWhenComplete:c,errorLabel:a,disableActionCompletion:c,displayMode:a,popup:{colorScheme:a,background:b,heading:"Experience clearer and crisper graphics",description:"Microsoft Edges exclusive Clarity Boost feature makes Xbox
2024-08-30 17:06:25 UTC	12	IN	Data Raw: 61 67 65 53 74 79 6c 65 3a 61 0d 0a Data Ascii: ageStyle:a
2024-08-30 17:06:25 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2c 6d 65 64 69 61 41 63 74 69 6f 6e 4d 65 73 73 61 67 65 3a 61 2c 6d 65 64 69 61 41 63 74 69 6f 6e 55 72 6c 4e 65 77 54 61 62 3a 61 7d 2c 6d 65 64 69 61 41 63 74 69 6f 6e 73 3a 5b 5d 7d 2c 61 63 74 69 6f 6e 73 3a 5b 7b 74 79 70 65 3a 6b 2c 6c 61 62 65 6c 3a 6d 2c 62 75 74 74 6f 6e 56 61 72 69 61 6e 74 3a 64 2c 65 63 69 64 41 63 74 69 6f 6e 3a 65 2c 69 63 6f 6e 3a 62 2c 69 63 6f 6e 53 69 7a 65 3a 61 2c 6b 6e 6f 77 6e 43 75 73 74 6f 6d 41 63 74 69 6f 6e 49 64 3a 61 2c 63 75 73 74 6f 6d 41 63 74 69 6f 6e 49 64 3a 61 2c 61 63 63 65 73 73 69 62 6c 65 4c 61 62 65 6c 3a 61 2c 69 6e 50 72 6f 67 72 65 73 73 4c 61 62 65 6c 3a 61 2c 63 6f 6d 70 6c 65 74 65 64 4c 61 62 65 6c 3a 61 2c 64 69 73 61 62 6c 65 57 68 65 6e 43 6f 6d 70 6c 65 74 Data Ascii: 00004000,mediaActionMessage:a,mediaActionUrlNewTab:a},mediaActions:[]},actions:[{type:k,label:m,buttonVariant:d,ecidAction:e,icon:b,iconSize:a,knownCustomActionId:a,customActionId:a,accessibleLabel:a,inProgressLabel:a,completedLabel:a,disableWhenComplet
2024-08-30 17:06:25 UTC	12	IN	Data Raw: 66 62 30 62 62 65 63 65 36 38 0d 0a Data Ascii: fb0bbece68

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.16	49769	142.251.35.164	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:24 UTC	1392	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.2045.47" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMNADA%2520LABORAL-%2520JUZGADO%252002%2520CIVIL%2520DEL%2520CIRCUITO%2520RAMA%2520JUDICIAL.zip&sa=D&source=editors&ust=1724962362279560&usg=AOvVaw0U5nPV2SS_MZdPX2GRB-ng Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: NID=517=LtsArCytBiwAD9VVJEXlIlr_UQ0jYEIbEDUXZ4lWg_cVRWXCgtsjooyIoueHoMZ9bNf_13biGQn4-dEiSKCB1-xHZcj6nlg8x4b1mbY8_gpITjTdSaNv2qh4i8ssS3D32wiNgIPnRD1fT5cl1L4SlsPZgqJiVgPcc7WGjAtY7aEzv5KsSwjZ2Q
2024-08-30 17:06:24 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 30 Aug 2024 16:33:36 GMT Expires: Sat, 07 Sep 2024 16:33:36 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 1968 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-30 17:06:24 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-08-30 17:06:24 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-08-30 17:06:24 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-08-30 17:06:24 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-08-30 17:06:24 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.16	49771	13.107.5.80	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:24 UTC	484	OUT	POST /undersideproactive/api/v1/trigger HTTP/1.1 Host: services.bingapis.com Connection: keep-alive Content-Length: 435 X-UDSD-Features: udscomseaodp, Content-Type: application/json Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:24 UTC	435	OUT	Data Raw: 7b 22 64 6f 6d 61 69 6e 73 22 3a 5b 7b 22 63 6f 6e 66 69 64 65 6e 63 65 22 3a 31 2e 30 2c 22 6e 61 6d 65 22 3a 22 4e 6f 74 69 66 79 53 65 61 72 63 68 50 61 67 65 22 7d 2c 7b 22 63 6f 6e 66 69 64 65 6e 63 65 22 3a 31 2e 30 2c 22 6e 61 6d 65 22 3a 22 53 65 61 72 63 68 50 61 67 65 22 7d 5d 2c 22 69 64 54 79 70 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 73 6f 75 72 63 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 72 6c 3f 71 3d 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 39 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 31 35 63 30 63 64 36 65 2d 38 31 63 38 2d 34 39 31 39 2d 38 64 65 64 2d 62 31 32 38 61 63 39 30 37 35 65 31 2f 32 25 32 35 32 30 44 45 4d 4e Data Ascii: {"domains":[{"confidence":1.0,"name":"NotifySearchPage"},{"confidence":1.0,"name":"SearchPage"}],"idType":"Unknown","sourceUrl":"","url":"https://www.google.com/url?q=https://store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%2520DEMN
2024-08-30 17:06:25 UTC	414	IN	HTTP/1.1 404 Not Found X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AE5D832E16FA4546A15AEF64B10F2C6D Ref B: EWR311000106025 Ref C: 2024-08-30T17:06:24Z Date: Fri, 30 Aug 2024 17:06:24 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.16	49774	13.107.5.80	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:26 UTC	452	OUT	POST /undersideproactive/api/v1/trigger HTTP/1.1 Host: services.bingapis.com Connection: keep-alive Content-Length: 197 Content-Type: application/json Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:26 UTC	197	OUT	Data Raw: 7b 22 64 6f 6d 61 69 6e 73 22 3a 5b 7b 22 63 6f 6e 66 69 64 65 6e 63 65 22 3a 31 2e 30 2c 22 6e 61 6d 65 22 3a 22 55 6e 64 65 72 73 69 64 65 43 68 61 74 41 72 74 69 63 6c 65 50 61 67 65 51 75 65 73 74 69 6f 6e 22 7d 5d 2c 22 69 64 54 79 70 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 73 6f 75 72 63 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 67 62 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 65 73 3d 31 33 39 26 66 6f 72 6d 3d 4d 54 30 30 4c 4a 22 2c 22 75 73 65 72 49 64 22 3a 22 22 7d Data Ascii: {"domains":[{"confidence":1.0,"name":"UndersideChatArticlePageQuestion"}],"idType":"Unknown","sourceUrl":"","url":"https://www.microsoft.com/en-gb/edge/welcome?ep=0&es=139&form=MT00LJ","userId":""}
2024-08-30 17:06:27 UTC	414	IN	HTTP/1.1 404 Not Found X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 5C50BC5B15634B3CBEE8CA08377ED475 Ref B: EWR311000104025 Ref C: 2024-08-30T17:06:26Z Date: Fri, 30 Aug 2024 17:06:26 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.16	49777	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:26 UTC	600	OUT	GET /shared/edgeweb/css/930c813.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:26 UTC	786	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:26 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 290046 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"46cfe-1919ac7a7c9" Last-Modified: Wed, 28 Aug 2024 20:57:41 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170626Z-16579567576rhxz5kgqdm3tfq000000003v0000000002hut x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:26 UTC	15598	IN	Data Raw: 2e 63 6f 6d 6d 6f 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 38 31 30 70 78 29 7b 2e 63 6f 6d 6d 6f 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 2d 2d 6d 6f 62 69 6c 65 2d 68 69 64 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 38 31 30 70 78 29 7b 2e 63 6f 6d 6d 6f Data Ascii: .common-background-image{background-repeat:no-repeat;background-size:contain;bottom:0;left:0;position:absolute;right:0;top:0}@media screen and (max-width:810px){.common-background-image--mobile-hide{display:none}}@media screen and (min-width:810px){.commo
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 63 6b 2d 74 65 78 74 2d 2d 66 69 6e 65 70 72 69 6e 74 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 2d 68 6f 76 65 72 29 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 2d 68 6f 76 65 72 29 7d 2e 6d 69 6e 69 2d 62 6c 6f 63 6b 2d 74 65 78 74 2d 2d 66 69 6e 65 70 72 69 6e 74 20 61 3a 61 63 74 69 76 65 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 2d 61 63 74 69 76 65 29 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a Data Ascii: ck-text--fineprint a:hover{color:var(--theme-link-hover);-webkit-text-decoration:underline;text-decoration:underline;text-decoration-color:var(--theme-link-hover)}.mini-block-text--fineprint a:active{color:var(--theme-link-active);-webkit-text-decoration:
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 6e 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 68 6f 76 65 72 2d 67 72 61 64 69 65 6e 74 2d 62 6f 72 64 65 72 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 6c 65 67 61 63 79 2d 62 6c 75 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 6c 69 67 68 74 2d 67 72 61 64 69 65 6e 74 2d 74 6f 2d 73 6f 6c 69 64 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 6d 75 6c 74 69 6c 69 6e 65 2d 66 6c 65 78 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 6d 75 6c 74 69 6c 69 6e 65 2d 6e 61 72 72 6f 77 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 Data Ascii: n:focus-visible,.common-button--hover-gradient-border:focus-visible,.common-button--legacy-blue:focus-visible,.common-button--light-gradient-to-solid:focus-visible,.common-button--multiline-flex:focus-visible,.common-button--multiline-narrow:focus-visible
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 6c 65 67 61 63 79 2d 62 6c 75 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 36 65 63 65 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 79 65 6c 6c 6f 77 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 65 63 38 34 36 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 79 65 6c 6c 6f 77 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 65 64 32 36 63 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 79 65 6c 6c 6f 77 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 61 62 36 33 64 3b 63 6f 6c 6f Data Ascii: lor:#fff!important}.common-button--legacy-blue{background-color:#006ece}.common-button--yellow{background-color:#fec846;color:#000}.common-button--yellow:hover{background-color:#fed26c;color:#000}.common-button--yellow:active{background-color:#eab63d;colo
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 65 64 67 65 73 74 61 74 69 63 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 2f 73 68 61 72 65 64 2f 65 64 67 65 77 65 62 2f 69 6d 67 2f 62 61 64 67 65 2d 61 6e 64 72 6f 69 64 2e 30 65 63 62 61 62 62 2e 73 76 67 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 64 6f 77 6e 6c 6f 61 64 2d 6d 73 73 74 6f 72 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 65 64 67 65 73 74 61 74 69 63 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 2f 73 68 61 72 65 64 2f 65 64 67 65 77 65 62 2f 69 6d 67 2f 62 61 64 67 65 2d 6d 73 73 74 6f 72 65 2e 33 31 63 65 35 38 66 2e 73 76 67 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 77 68 61 74 73 61 70 70 7b 62 61 63 6b 67 72 6f 75 6e Data Ascii: mage:url(https://edgestatic.azureedge.net/shared/edgeweb/img/badge-android.0ecbabb.svg)}.common-button--download-msstore{background-image:url(https://edgestatic.azureedge.net/shared/edgeweb/img/badge-msstore.31ce58f.svg)}.common-button--whatsapp{backgroun
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 33 3a 68 6f 76 65 72 20 73 70 61 6e 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 30 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 33 3a 68 6f 76 65 72 20 73 70 61 6e 3a 61 66 74 65 72 7b 6f 70 61 63 69 74 79 3a 30 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2d 2e 32 35 65 6d 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 74 65 6d 70 2d 73 65 63 6f 6e 64 61 72 79 2d 33 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 61 63 64 62 39 30 30 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 61 63 64 62 39 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 70 Data Ascii: lor:#fff}.common-button--temp-next-3:hover span{transform:translateX(0)}.common-button--temp-next-3:hover span:after{opacity:0;transform:translateX(-.25em)}.common-button--temp-secondary-3{background-color:#2acdb900;border-color:#2acdb9;border-radius:100p
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 20 30 6d 73 2c 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 2e 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 20 30 6d 73 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 31 30 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 32 35 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 31 30 3a 61 63 74 69 76 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 31 30 3a 68 6f 76 65 72 7b 62 6f 72 Data Ascii: ier(.165,.84,.44,1) 0ms,border-color .4s cubic-bezier(.165,.84,.44,1) 0ms}.common-button--temp-next-10 .common-button__content{display:inline-block;font-size:.925em;font-weight:600}.common-button--temp-next-10:active,.common-button--temp-next-10:hover{bor
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 2c 30 2c 2e 30 31 36 38 37 35 29 29 20 64 72 6f 70 2d 73 68 61 64 6f 77 28 30 20 32 2e 35 70 78 20 31 32 2e 35 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 33 37 35 29 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 34 70 78 2c 31 2e 30 35 32 36 33 31 35 37 38 39 76 77 2c 31 36 70 78 29 3b 6d 61 78 2d 77 69 64 74 68 3a 32 34 65 6d 3b 70 61 64 64 69 6e 67 3a 31 2e 37 35 65 6d 20 31 2e 35 65 6d 20 32 65 6d 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 61 63 74 69 6f 6e 2d 69 6d 70 6f 72 74 5f 5f 73 75 63 63 65 73 73 2d 70 6f 70 75 70 3a 61 66 74 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 29 20 23 30 30 30 30 20 23 30 30 30 30 20 23 30 30 30 30 3b 62 6f 72 64 65 72 2d 73 Data Ascii: ,0,.016875)) drop-shadow(0 2.5px 12.5px rgba(0,0,0,.0375));font-size:clamp(14px,1.0526315789vw,16px);max-width:24em;padding:1.75em 1.5em 2em;text-align:center}.action-import__success-popup:after{border-color:var(--theme-page-fg) #0000 #0000 #0000;border-s
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 6a 65 63 74 2d 70 6f 73 69 74 69 6f 6e 3a 63 65 6e 74 65 72 20 63 65 6e 74 65 72 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 69 6d 61 67 65 2d 2d 73 74 72 65 74 63 68 2d 74 6f 2d 66 69 6c 6c 20 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 69 6d 61 67 65 5f 5f 66 72 61 6d 65 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 69 6d 61 67 65 2d 2d 73 74 72 65 74 63 68 2d 74 6f 2d 66 69 6c 6c 20 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 69 6d 61 67 65 5f 5f 66 72 61 6d 65 20 69 6d 67 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 65 64 69 61 2d 69 Data Ascii: ject-position:center center}.media-item-image--stretch-to-fill .media-item-image__frame{height:100%;position:relative;width:100%}.media-item-image--stretch-to-fill .media-item-image__frame img{height:100%;left:0;position:absolute;top:0;width:100%}.media-i
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 68 74 3a 31 2e 31 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 63 6f 6d 70 61 72 65 2d 72 6f 77 5f 5f 64 65 73 63 72 69 70 74 69 6f 6e 2c 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 63 6f 6d 70 61 72 65 2d 72 6f 77 5f 5f 64 65 73 63 72 69 70 74 69 6f 6e 5f 73 70 61 63 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 35 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 3b 6f 70 61 63 69 74 79 3a 2e 37 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 63 6f 6d 70 61 72 65 2d 72 6f 77 5f 5f 64 65 73 63 72 69 70 74 69 6f 6e 5f 73 70 61 63 65 72 7b 68 65 69 67 68 74 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 2d 63 6f 6d 70 61 72 65 2d 72 6f 77 5f 5f 6c 61 62 65 6c Data Ascii: ht:1.1}.media-item-compare-row__description,.media-item-compare-row__description_spacer{font-size:.85em;margin-top:.5em;opacity:.7;text-align:left}.media-item-compare-row__description_spacer{height:0;margin:0;overflow:hidden}.media-item-compare-row__label

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.16	49779	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:26 UTC	581	OUT	GET /shared/edgeweb/6905b6f.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:26 UTC	797	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:26 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 7040 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1b80-1919ac7a894" Last-Modified: Wed, 28 Aug 2024 20:57:41 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170626Z-16579567576qxwrndb60my3nes00000003p000000000ccs5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:26 UTC	7040	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 64 61 74 61 29 7b 66 6f 72 28 76 61 72 20 63 2c 64 2c 74 3d 64 61 74 61 5b 30 5d 2c 6f 3d 64 61 74 61 5b 31 5d 2c 6c 3d 64 61 74 61 5b 32 5d 2c 69 3d 30 2c 68 3d 5b 5d 3b 69 3c 74 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 64 3d 74 5b 69 5d 2c 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 72 2c 64 29 26 26 72 5b 64 5d 26 26 68 2e 70 75 73 68 28 72 5b 64 5d 5b 30 5d 29 2c 72 5b 64 5d 3d 30 3b 66 6f 72 28 63 20 69 6e 20 6f 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6f 2c 63 29 26 26 28 65 5b 63 5d 3d 6f 5b 63 5d 29 3b 66 6f 72 28 6d 26 26 6d 28 64 61 74 61 29 Data Ascii: !function(e){function c(data){for(var c,d,t=data[0],o=data[1],l=data[2],i=0,h=[];i<t.length;i++)d=t[i],Object.prototype.hasOwnProperty.call(r,d)&&r[d]&&h.push(r[d][0]),r[d]=0;for(c in o)Object.prototype.hasOwnProperty.call(o,c)&&(e[c]=o[c]);for(m&&m(data)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.16	49778	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:26 UTC	581	OUT	GET /shared/edgeweb/f0e85b6.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:26 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:26 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 309375 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"4b87f-1919ac7a7d8" Last-Modified: Wed, 28 Aug 2024 20:57:41 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170626Z-16579567576l8zffr7mt4xy2un00000003e0000000003b10 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:26 UTC	15584	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 5d 2c 5b 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 2c 6e 2c 72 2c 6f 2c 63 2c 66 2c 6c 29 7b 76 61 72 20 68 2c 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 3f 74 2e 6f 70 74 69 6f 6e 73 3a 74 3b 69 66 28 65 26 26 28 64 2e 72 65 6e 64 65 72 3d 65 2c 64 2e 73 74 61 74 69 63 52 65 6e 64 65 72 46 6e 73 3d 6e 2c 64 2e 5f 63 6f 6d 70 69 6c 65 64 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],[function(t,e,n){"use strict";function r(t,e,n,r,o,c,f,l){var h,d="function"==typeof t?t.options:t;if(e&&(d.render=e,d.staticRenderFns=n,d._compiled
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 3d 74 5b 6e 5d 3b 65 5b 6e 5d 3d 72 3f 5b 5d 2e 63 6f 6e 63 61 74 28 72 2c 6f 29 3a 6f 7d 7d 65 6c 73 65 3b 72 65 74 75 72 6e 20 64 61 74 61 7d 66 75 6e 63 74 69 6f 6e 20 5f 65 28 74 2c 65 2c 6e 2c 72 29 7b 65 3d 65 7c 7c 7b 24 73 74 61 62 6c 65 3a 21 6e 7d 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 74 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 7b 76 61 72 20 73 6c 6f 74 3d 74 5b 69 5d 3b 63 28 73 6c 6f 74 29 3f 5f 65 28 73 6c 6f 74 2c 65 2c 6e 29 3a 73 6c 6f 74 26 26 28 73 6c 6f 74 2e 70 72 6f 78 79 26 26 28 73 6c 6f 74 2e 66 6e 2e 70 72 6f 78 79 3d 21 30 29 2c 65 5b 73 6c 6f 74 2e 6b 65 79 5d 3d 73 6c 6f 74 2e 66 6e 29 7d 72 65 74 75 72 6e 20 72 26 26 28 65 2e 24 6b 65 79 3d 72 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 4f 65 28 74 2c 65 29 7b 66 6f 72 28 76 61 Data Ascii: =t[n];e[n]=r?[].concat(r,o):o}}else;return data}function _e(t,e,n,r){e=e\|\|{$stable:!n};for(var i=0;i<t.length;i++){var slot=t[i];c(slot)?_e(slot,e,n):slot&&(slot.proxy&&(slot.fn.proxy=!0),e[slot.key]=slot.fn)}return r&&(e.$key=r),e}function Oe(t,e){for(va
2024-08-30 17:06:26 UTC	16384	IN	Data Raw: 6e 20 65 3f 46 28 6f 2c 65 29 3a 6f 7d 48 6e 2e 64 61 74 61 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 3f 57 6e 28 74 2c 65 2c 6e 29 3a 65 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 65 3f 74 3a 57 6e 28 74 2c 65 29 7d 2c 58 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 48 6e 5b 74 5d 3d 47 6e 7d 29 29 2c 51 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 48 6e 5b 74 2b 22 73 22 5d 3d 4b 6e 7d 29 29 2c 48 6e 2e 77 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 72 29 7b 69 66 28 74 3d 3d 3d 76 74 26 26 28 74 3d 76 6f 69 64 20 30 29 2c 65 3d 3d 3d 76 74 26 26 28 65 3d 76 6f 69 64 20 30 29 2c 21 65 29 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 Data Ascii: n e?F(o,e):o}Hn.data=function(t,e,n){return n?Wn(t,e,n):e&&"function"!=typeof e?t:Wn(t,e)},X.forEach((function(t){Hn[t]=Gn})),Q.forEach((function(t){Hn[t+"s"]=Kn})),Hn.watch=function(t,e,n,r){if(t===vt&&(t=void 0),e===vt&&(e=void 0),!e)return Object.creat
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 3d 65 3f 6e 75 6c 6c 3a 6f 2c 68 3d 65 3f 76 6f 69 64 20 30 3a 6f 3b 69 66 28 76 28 6e 29 29 56 65 28 6e 2c 72 2c 5b 66 5d 2c 72 2c 22 74 65 6d 70 6c 61 74 65 20 72 65 66 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 6c 73 65 7b 76 61 72 20 64 3d 74 2e 64 61 74 61 2e 72 65 66 49 6e 46 6f 72 2c 79 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 6e 2c 6d 3d 51 74 28 6e 29 2c 77 3d 72 2e 24 72 65 66 73 3b 69 66 28 79 7c 7c 6d 29 69 66 28 64 29 7b 76 61 72 20 78 3d 79 3f 77 5b 6e 5d 3a 6e 2e 76 61 6c 75 65 3b 65 3f 63 28 78 29 26 26 43 28 78 2c 6f 29 3a 63 28 78 29 3f 78 2e 69 6e 63 6c 75 64 65 73 28 6f 29 7c 7c 78 2e 70 75 73 68 28 6f 29 3a 79 3f 28 77 5b 6e 5d 3d 5b 6f 5d 2c 47 72 28 72 2c 6e 2c 77 Data Ascii: =e?null:o,h=e?void 0:o;if(v(n))Ve(n,r,[f],r,"template ref function");else{var d=t.data.refInFor,y="string"==typeof n\|\|"number"==typeof n,m=Qt(n),w=r.$refs;if(y\|\|m)if(d){var x=y?w[n]:n.value;e?c(x)&&C(x,o):c(x)?x.includes(o)\|\|x.push(o):y?(w[n]=[o],Gr(r,n,w
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 29 7b 66 3d 21 31 3b 62 72 65 61 6b 7d 64 3d 64 2e 6e 65 78 74 53 69 62 6c 69 6e 67 7d 69 66 28 21 66 7c 7c 64 29 72 65 74 75 72 6e 21 31 7d 65 6c 73 65 20 78 28 65 2c 63 2c 6e 29 3b 69 66 28 6c 28 64 61 74 61 29 29 7b 76 61 72 20 79 3d 21 31 3b 66 6f 72 28 76 61 72 20 77 20 69 6e 20 64 61 74 61 29 69 66 28 21 49 28 77 29 29 7b 79 3d 21 30 2c 4f 28 65 2c 6e 29 3b 62 72 65 61 6b 7d 21 79 26 26 64 61 74 61 2e 63 6c 61 73 73 26 26 73 6e 28 64 61 74 61 2e 63 6c 61 73 73 29 7d 7d 65 6c 73 65 20 74 2e 64 61 74 61 21 3d 3d 65 2e 74 65 78 74 26 26 28 74 2e 64 61 74 61 3d 65 2e 74 65 78 74 29 3b 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 2c 63 29 7b 69 66 28 21 66 28 65 29 29 7b 76 61 72 20 64 2c 76 3d 21 31 2c 6d 3d Data Ascii: ){f=!1;break}d=d.nextSibling}if(!f\|\|d)return!1}else x(e,c,n);if(l(data)){var y=!1;for(var w in data)if(!I(w)){y=!0,O(e,n);break}!y&&data.class&&sn(data.class)}}else t.data!==e.text&&(t.data=e.text);return!0}return function(t,e,r,c){if(!f(e)){var d,v=!1,m=
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 72 65 74 75 72 6e 20 72 2e 24 64 65 73 74 72 6f 79 28 29 7d 29 29 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 74 2c 65 2c 70 61 74 68 2c 6e 2c 72 29 7b 76 61 72 20 6f 3d 21 70 61 74 68 2e 6c 65 6e 67 74 68 2c 63 3d 74 2e 5f 6d 6f 64 75 6c 65 73 2e 67 65 74 4e 61 6d 65 73 70 61 63 65 28 70 61 74 68 29 3b 69 66 28 6e 2e 6e 61 6d 65 73 70 61 63 65 64 26 26 28 74 2e 5f 6d 6f 64 75 6c 65 73 4e 61 6d 65 73 70 61 63 65 4d 61 70 5b 63 5d 2c 74 2e 5f 6d 6f 64 75 6c 65 73 4e 61 6d 65 73 70 61 63 65 4d 61 70 5b 63 5d 3d 6e 29 2c 21 6f 26 26 21 72 29 7b 76 61 72 20 66 3d 45 28 65 2c 70 61 74 68 2e 73 6c 69 63 65 28 30 2c 2d 31 29 29 2c 6c 3d 70 61 74 68 5b 70 61 74 68 2e 6c 65 6e 67 74 68 2d 31 5d 3b 74 2e 5f 77 69 74 68 43 6f 6d 6d 69 74 28 28 66 75 6e 63 74 69 6f 6e 28 Data Ascii: return r.$destroy()})))}function S(t,e,path,n,r){var o=!path.length,c=t._modules.getNamespace(path);if(n.namespaced&&(t._modulesNamespaceMap[c],t._modulesNamespaceMap[c]=n),!o&&!r){var f=E(e,path.slice(0,-1)),l=path[path.length-1];t._withCommit((function(
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 29 63 6f 6e 74 69 6e 75 65 3b 72 65 74 75 72 6e 7b 76 61 6c 75 65 3a 64 2e 61 72 67 2c 64 6f 6e 65 3a 72 2e 64 6f 6e 65 7d 7d 22 74 68 72 6f 77 22 3d 3d 3d 64 2e 74 79 70 65 26 26 28 6f 3d 5f 2c 72 2e 6d 65 74 68 6f 64 3d 22 74 68 72 6f 77 22 2c 72 2e 61 72 67 3d 64 2e 61 72 67 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 24 28 74 2c 6e 29 7b 76 61 72 20 72 3d 6e 2e 6d 65 74 68 6f 64 2c 6f 3d 74 2e 69 74 65 72 61 74 6f 72 5b 72 5d 3b 69 66 28 6f 3d 3d 3d 65 29 72 65 74 75 72 6e 20 6e 2e 64 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 2c 22 74 68 72 6f 77 22 3d 3d 3d 72 26 26 74 2e 69 74 65 72 61 74 6f 72 2e 72 65 74 75 72 6e 26 26 28 6e 2e 6d 65 74 68 6f 64 3d 22 72 65 74 75 72 6e 22 2c 6e 2e 61 72 67 3d 65 2c 24 28 74 2c 6e 29 2c 22 74 68 72 6f 77 22 3d 3d 3d 6e 2e 6d Data Ascii: )continue;return{value:d.arg,done:r.done}}"throw"===d.type&&(o=_,r.method="throw",r.arg=d.arg)}}}function $(t,n){var r=n.method,o=t.iterator[r];if(o===e)return n.delegate=null,"throw"===r&&t.iterator.return&&(n.method="return",n.arg=e,$(t,n),"throw"===n.m
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 76 61 72 20 65 3d 68 28 76 28 74 68 69 73 29 29 3b 64 28 74 29 3b 76 61 72 20 6e 3d 6c 28 78 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 2c 65 2e 6c 65 6e 67 74 68 29 29 2c 72 3d 68 28 74 29 3b 72 65 74 75 72 6e 20 77 28 65 2c 6e 2c 6e 2b 72 2e 6c 65 6e 67 74 68 29 3d 3d 3d 72 7d 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 35 32 29 2c 6f 3d 6e 28 32 34 32 29 2c 63 3d 6e 28 36 32 29 2c 66 3d 6e 28 38 35 29 2c 6c 3d 6e 28 31 30 35 29 2c 68 3d 6e 28 35 39 29 2c 64 3d 6e 28 37 32 29 2c 76 3d 6e 28 31 31 38 29 2c 79 3d 6e 28 32 34 33 29 2c 6d 3d 6e 28 32 30 31 29 3b 6f 28 22 6d 61 74 63 68 22 2c 28 66 75 6e 63 Data Ascii: var e=h(v(this));d(t);var n=l(x(arguments.length>1?arguments[1]:void 0,e.length)),r=h(t);return w(e,n,n+r.length)===r}})},function(t,e,n){"use strict";var r=n(52),o=n(242),c=n(62),f=n(85),l=n(105),h=n(59),d=n(72),v=n(118),y=n(243),m=n(201);o("match",(func
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 33 36 3b 3b 6a 2b 3d 33 36 29 7b 76 61 72 20 43 3d 6a 3c 3d 63 3f 31 3a 6a 3e 3d 63 2b 32 36 3f 32 36 3a 6a 2d 63 3b 69 66 28 6b 3c 43 29 62 72 65 61 6b 3b 76 61 72 20 54 3d 6b 2d 43 2c 52 3d 33 36 2d 43 3b 6e 2e 70 75 73 68 28 53 28 45 28 43 2b 54 25 52 2c 30 29 29 29 2c 6b 3d 4f 28 54 2f 52 29 7d 6e 2e 70 75 73 68 28 53 28 45 28 6b 2c 30 29 29 29 2c 63 3d 75 28 69 2c 61 2c 70 3d 3d 68 29 2c 69 3d 30 2c 2b 2b 70 7d 7d 7d 63 61 74 63 68 28 74 29 7b 5f 2e 65 28 74 29 7d 66 69 6e 61 6c 6c 79 7b 5f 2e 66 28 29 7d 2b 2b 69 2c 2b 2b 6f 7d 72 65 74 75 72 6e 20 6e 2e 6a 6f 69 6e 28 22 22 29 7d 28 74 29 3a 74 7d 29 29 2e 6a 6f 69 6e 28 22 2e 22 29 3b 72 65 74 75 72 6e 20 72 2b 6f 7d 28 74 29 7d 76 61 72 20 6b 3d 2f 23 2f 67 2c 6a 3d 2f 26 2f 67 2c 43 3d 2f 5c 2f Data Ascii: 36;;j+=36){var C=j<=c?1:j>=c+26?26:j-c;if(k<C)break;var T=k-C,R=36-C;n.push(S(E(C+T%R,0))),k=O(T/R)}n.push(S(E(k,0))),c=u(i,a,p==h),i=0,++p}}}catch(t){_.e(t)}finally{_.f()}++i,++o}return n.join("")}(t):t})).join(".");return r+o}(t)}var k=/#/g,j=/&/g,C=/\/
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 2c 6c 3d 72 28 74 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 6c 7c 7c 63 28 6e 3d 72 28 6c 29 5b 66 5d 29 3f 65 3a 6f 28 6e 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 31 30 33 29 2c 6f 3d 6e 28 32 34 29 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 22 46 75 6e 63 74 69 6f 6e 22 3d 3d 3d 72 28 74 29 29 72 65 74 75 72 6e 20 6f 28 74 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 34 32 29 2c 6f 3d 6e 28 31 36 31 29 2c 63 3d 6e 28 34 37 29 2c 66 3d 6e 28 31 39 30 29 2c 6c 3d 6e 28 32 39 Data Ascii: ion(t,e){var n,l=r(t).constructor;return void 0===l\|\|c(n=r(l)[f])?e:o(n)}},function(t,e,n){"use strict";var r=n(103),o=n(24);t.exports=function(t){if("Function"===r(t))return o(t)}},function(t,e,n){"use strict";var r=n(42),o=n(161),c=n(47),f=n(190),l=n(29

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.16	49781	206.168.190.239	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:27 UTC	856	OUT	GET /download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20DEMNADA%20LABORAL-%20JUZGADO%2002%20CIVIL%20DEL%20CIRCUITO%20RAMA%20JUDICIAL.zip HTTP/1.1 Host: store9.gofile.io Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:27 UTC	663	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Alt-Svc: h3=":443"; ma=2592000 Content-Disposition: attachment; filename*=UTF-8''2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL.REV Content-Length: 2997803 Content-Type: application/zip Date: Fri, 30 Aug 2024 17:06:27 GMT Last-Modified: Thu, 29 Aug 2024 19:11:30 GMT Server: Caddy Connection: close
2024-08-30 17:06:27 UTC	523	IN	Data Raw: 50 4b 03 04 14 00 00 00 00 00 4e 71 1d 59 00 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 32 20 44 45 4d 4e 41 44 41 20 4c 41 42 4f 52 41 4c 2d 20 4a 55 5a 47 41 44 4f 20 30 32 20 43 49 56 49 4c 20 44 45 4c 20 43 49 52 43 55 49 54 4f 20 52 41 4d 41 20 4a 55 44 49 43 49 41 4c 2f 50 4b 03 04 2e 00 01 00 0c 00 66 6e 1d 59 60 63 8e bf 87 0d 14 00 e8 2b 31 00 55 00 00 00 32 20 44 45 4d 4e 41 44 41 20 4c 41 42 4f 52 41 4c 2d 20 4a 55 5a 47 41 44 4f 20 30 32 20 43 49 56 49 4c 20 44 45 4c 20 43 49 52 43 55 49 54 4f 20 52 41 4d 41 20 4a 55 44 49 43 49 41 4c 2f 31 20 44 45 4d 41 4e 41 44 41 20 4c 41 42 4f 52 41 4c 2e 65 78 65 98 43 13 d3 3b 84 8e 5f f2 29 a6 fb 84 9f 01 8f 51 32 5d 4a 4f f7 e2 7e 4c 93 13 6c b4 97 10 cf ee 04 f0 66 fc 5e 7e 7d 4b a7 20 f5 d5 77 69 Data Ascii: PKNqY?2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/PK.fnY`c+1U2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL/1 DEMANADA LABORAL.exeC;_)Q2]JO~Llf^~}K wi
2024-08-30 17:06:27 UTC	2372	IN	Data Raw: d2 37 ea 46 48 0f f5 fe 03 1c da 87 fc fb f9 86 ab be a4 f3 cf a8 41 d7 ff 1d 21 4a 6f df af 86 10 46 07 b6 0e 2f 95 f6 81 f6 43 11 d0 5b 0f 36 ca ac 93 6a 72 3b 0e 91 40 5d f6 70 6f 70 dd 48 91 e2 e0 5d 02 ff 44 41 12 d3 50 8b f4 1a 9d d0 06 42 47 8f c9 de 87 c5 5e 40 35 90 92 78 ab 4e cd 1b 22 4e 45 6e b9 b4 dd d0 73 c4 37 65 75 74 d7 bb 88 86 41 c1 24 5f 9e 79 7e 76 52 23 f8 8f 66 40 91 91 81 48 1f e1 7f 6c 9a 8e d2 0d 33 e6 3d 85 35 99 8c 35 11 1c a3 d1 12 e2 98 da 15 d0 4a 7d b5 57 8c ca 78 98 8a 09 34 a2 5e 7d a8 57 ae f0 1a 26 5d 02 e4 8b 50 3b 56 b6 b6 91 fc d2 8a d0 0c 7d 5c 90 8d ec 80 28 92 83 f0 1f 0a 6e 2f b7 cc 4c ea 15 80 d3 dd a2 8d 0e 1f 60 a8 cf 12 60 af bf 81 51 d2 f3 1d 6a 3b 5e 53 ca dc 31 6d b4 fb 23 a1 ba a4 e1 33 aa 75 84 98 00 e1 Data Ascii: 7FHA!JoF/C[6jr;@]popH]DAPBG^@5xN"NEns7eutA$_y~vR#f@Hl3=55J}Wx4^}W&]P;V}\(n/L``Qj;^S1m#3u
2024-08-30 17:06:27 UTC	538	IN	Data Raw: 57 6f 2b d7 98 c0 60 e3 08 31 ef 59 9b 09 3f a1 35 69 5b c4 0f a1 c8 17 96 20 d6 dd ee fa 39 3f e9 3a 6c 11 87 07 21 3f a1 8d b4 48 b9 ab 37 21 9a 90 0f cf 51 9e 25 85 53 0c e5 77 48 d6 19 ca 85 a0 ed 60 bb 3a f1 4e 0f 4a fc b4 83 e1 23 8d 2f 44 35 8d 11 fe 54 48 0a bb 2d 19 bc a1 83 6c 81 1d 3e 04 46 ed 56 90 db 88 cf 20 19 13 c3 f6 5d 8a 1a d3 53 df 72 29 2b b6 b0 82 e3 1c 8d ab 3b 7c ec ce 80 b3 07 90 8c 66 c1 30 f3 bf 45 f8 04 5e bb ad 72 8a 03 b6 06 1c a5 cd 16 b8 22 1d fc ee 93 74 0b b1 fa 6d 97 c7 d7 5d 4b dd 1e 4b 60 6e 2d 8e 3f f2 c2 12 6a 32 63 91 55 8a 33 a7 9d f2 89 dd 8d fe 5a 08 42 a3 bb e7 31 12 e6 d4 f3 45 5f 28 7e 6a a1 e6 a8 73 7e a1 8a fe 8a 88 80 2e cf 96 d2 c1 f0 f7 65 ee 27 6a d2 f2 26 ed ce c8 b3 aa c1 0e c6 a5 6d 66 67 46 5f d8 45 Data Ascii: Wo+`1Y?5i[ 9?:l!?H7!Q%SwH`:NJ#/D5TH-l>FV ]Sr)+;\|f0E^r"tm]KK`n-?j2cU3ZB1E_(~js~.e'j&mfgF_E
2024-08-30 17:06:27 UTC	4744	IN	Data Raw: 6f fa 3c 6e b0 b8 59 f7 6a 00 8f e9 93 10 72 71 21 bd 1b 5c 30 43 6a dc 49 46 8e ff e1 37 1e 5d 91 b4 ae 94 ef 98 7e 68 84 7c c8 68 50 91 3a 65 aa 6f ab 6c 43 76 63 58 a9 0e 41 ff 5b 0e af 41 ae 57 7b 73 b6 e2 dd 18 1e 53 d4 32 09 4e 30 af bf 43 07 36 e8 04 8c 81 63 a8 1f 0f 8b 9f 72 ee 3f c5 65 77 20 ed 44 5b e0 a3 a3 ed 4b 12 fc 26 27 b2 dd 3e 47 df ea 17 cd 54 0f 01 29 6c b1 fb 4d 14 b4 6d 0b 74 9f b4 93 43 2d 98 1a 7e 3c 51 03 c0 8d 06 23 a6 7e 7a c1 58 17 ba cb 45 63 97 de 1a e9 0f 81 93 7e 9b 00 5f 4b f1 d6 11 08 bf 76 e7 90 65 80 e4 ad 22 32 40 87 c2 08 81 7a f0 b1 e3 85 e9 51 7a a7 93 40 90 ee 3c 72 f3 73 15 88 c3 6e 1e 41 7c d4 5b a9 a2 8a 15 90 74 8b a2 93 5a 5a 27 fe b8 01 4e b7 f1 2b 10 3f e6 13 52 2f 26 88 08 e5 4a 60 74 8a 7e 91 02 80 a7 c5 Data Ascii: o<nYjrq!\0CjIF7]~h\|hP:eolCvcXA[AW{sS2N0C6cr?ew D[K&'>GT)lMmtC-~<Q#~zXEc~_Kve"2@zQz@<rsnA\|[tZZ'N+?R/&J`t~
2024-08-30 17:06:27 UTC	5930	IN	Data Raw: 0a ec bc 34 24 89 7e f2 19 f2 b7 d3 9b 73 3a 8a 5d fc 9b 0c 31 ae f2 e0 cb d3 7d bd 19 97 e1 80 47 92 ad a8 c2 de 5e e6 8c 2f 07 f6 e3 3f 03 6c 1c 06 79 f4 36 82 ae a9 4e 22 82 cc ef 6e 9e c4 d8 bb 05 0c cf 01 50 7d 21 d0 6d 75 12 4f a4 4f 7a 9d cd 75 40 53 bd f7 47 0e 9a be b7 49 99 72 47 49 56 2d e9 7b f8 81 e9 48 09 58 c6 1c c1 e2 fc 35 27 78 1d 6e 26 56 7e 78 44 83 0d d9 ae 02 04 3e ba 88 64 10 c3 e1 6b b3 c5 47 f4 51 d6 fe c7 17 45 66 1b e6 96 e9 8a 7a 5d 20 e7 e9 5e 63 59 3d 80 f6 7c 9a e8 57 b6 cf 68 bd e1 4a b9 64 19 5e 56 bc a7 3a 11 33 45 0f 28 39 84 57 39 db 53 62 fc ee aa 2a 87 3a 9c e4 e4 38 40 bb 56 82 fc 29 d6 c2 34 cf 36 3c 29 69 14 fa e1 28 ec 9a db 5f d7 c1 94 2d 51 86 6d c6 92 00 72 0f ec e0 74 1e 50 6c 4e 32 52 07 30 2b b0 36 fb ab 66 Data Ascii: 4$~s:]1}G^/?ly6N"nP}!muOOzu@SGIrGIV-{HX5'xn&V~xD>dkGQEfz] ^cY=\|WhJd^V:3E(9W9Sb*:8@V)46<)i(_-QmrtPlN2R0+6f
2024-08-30 17:06:27 UTC	7116	IN	Data Raw: 2f b8 d3 dd 78 c8 ef df 24 93 f7 c8 d0 0d 34 f7 9e 74 4d ff 12 7a df c7 82 d2 0a 28 ff 0f ec 9e a1 67 9d 09 db 8a 40 79 9d 5e f2 35 e5 cf 72 cf ad 36 25 2f ad 6d ee 85 9f 5c d0 f0 a4 d7 92 09 00 d4 4d 99 b4 f8 7b ba 23 79 26 1d fb 6c e5 11 48 fd a9 03 4b 90 5b a1 41 c0 50 35 18 29 6d 31 67 76 9f 52 74 c3 25 b6 cf d9 3d 35 15 f9 40 41 7b d5 e7 bc 5d f9 24 da 0d 24 bb a7 0c ac 34 fb ce 43 12 2b a3 62 a8 8a 74 c1 ed 0b dd ca 27 1d 8e a0 b4 6a cc 45 13 99 5b d0 0b 8f 42 2e 7d 10 03 7f b3 c0 de f3 2c c2 75 ec 2b 29 9f 61 4a be 32 8d 9f 66 97 f9 43 2e 2c dd 72 68 da db 44 9a a3 e8 62 c8 b0 82 e0 3d d4 cc b1 86 ce e9 0e 90 05 fe ec d0 a9 a0 73 24 2b 91 08 08 3c 2d b1 07 bd 4c b3 18 86 61 32 ae 35 3a 2a 44 f0 2e a3 95 d8 11 b4 7a 01 9e ad e9 af 1d 2d b9 4e 18 aa Data Ascii: /x$4tMz(g@y^5r6%/m\M{#y&lHK[AP5)m1gvRt%=5@A{]$$4C+bt'jE[B.},u+)aJ2fC.,rhDb=s$+<-La25:*D.z-N
2024-08-30 17:06:27 UTC	8302	IN	Data Raw: d2 4e d7 75 f4 40 23 16 f6 0d d2 f3 32 c2 02 4e b9 bf 0e ed 97 7a d1 66 15 8e b3 fa fc 69 1d a8 13 84 6a fa 8a b2 04 62 0e b7 48 e0 1f fd b1 db 68 a1 8b d2 6a 7e 54 7f 84 37 08 aa 2e 1d f0 63 0d 19 5f 87 1a 60 dd 97 d0 e6 71 8d aa ca 7a 43 19 f8 97 1f 1f 5f 0d 85 e1 f8 8b f0 25 3f 6c 02 21 ba e8 a2 ce f0 18 8e 3f 31 36 b2 3a c8 55 63 e4 15 4b 69 58 e1 dc 3e 11 c1 63 02 39 4e 87 6a 49 53 ad 4e 4c 6d 11 1e 23 6a ac 49 85 2e f0 7c 52 d5 85 e7 4a 7f 7b c8 cd 05 fc 47 35 0c a7 42 e6 80 10 97 28 59 2d ab 70 be aa 65 25 90 5d 9e f6 0a 7f 25 9d a3 28 28 2d f9 22 b2 9b 4c aa 6c 4d 49 49 4a 3a 06 8f ca 41 56 3c 06 cb d6 c6 95 b5 26 c7 f6 bf 1c 02 64 a4 6c 9d ca 50 0d 86 7d 60 20 ba c0 33 7c d5 7c ff e4 ee 49 46 b3 1d 24 0f 6e 45 13 cc 82 b3 85 ed 67 38 8d 5e 84 81 Data Ascii: Nu@#2NzfijbHhj~T7.c_`qzC_%?l!?16:UcKiX>c9NjISNLm#jI.\|RJ{G5B(Y-pe%]%((-"LlMIIJ:AV<&dlP}` 3\|\|IF$nEg8^
2024-08-30 17:06:27 UTC	3755	IN	Data Raw: cd 58 8e af 64 38 d5 10 d0 cf 13 65 fc f4 d6 ae 78 10 e6 02 ba 5f e7 d3 5c 50 f8 03 a9 54 f3 87 76 be 12 80 c1 01 c6 ee 4b fe 6d fa 78 30 5c 8b 46 3e 54 37 ab 24 13 c0 a2 04 0c 6b 42 b7 37 2d f1 da bb e3 a0 40 ba 80 a8 71 34 e5 cd 9d 2a 02 ca 1e 0f 4d 0d 79 13 d3 3f ba 05 ce 87 fe 56 e1 ea 9d 16 b1 29 bf 4f 4b 3e 0e d6 1b bc 72 63 17 fe 3a ba 2e 94 50 59 9c bd 8a 8e 15 d3 de 59 54 e2 83 23 16 a9 bc fb 20 be 49 1f 9a 54 96 d1 ba 0d 20 55 e7 e6 f5 16 28 12 dc 71 af 1c a6 a1 e2 46 5b 97 89 12 6b 26 9a 35 fe 8b 59 fc 42 ad b4 0f cd 68 62 b0 23 c8 71 3b a3 9e 76 35 1b 44 c9 9b 52 53 65 31 e5 3d 34 f3 60 cf c9 11 8c fb 65 2a 49 62 e2 a3 10 66 da e0 bb ee 38 b5 ce 9f 6f 26 85 d7 31 95 0b ce ae 39 b3 c6 e3 c2 ec 39 df 2d 06 0b 78 41 2b 96 f6 c6 3f 3c 40 6b e8 e8 Data Ascii: Xd8ex_\PTvKmx0\F>T7$kB7-@q4My?V)OK>rc:.PYYT# IT U(qF[k&5YBhb#q;v5DRSe1=4`eIbf8o&199-xA+?<@k
2024-08-30 17:06:27 UTC	10674	IN	Data Raw: 58 77 87 74 4b d8 29 c5 5f 86 92 53 20 d4 1e 3e 3e 63 97 5d 62 e3 a6 87 9b 7a 0e c4 c9 4a d7 4e d0 47 17 28 bb fa b1 3d ca 8f d4 c2 b3 35 f7 2f 16 36 db c9 33 a6 62 95 7d 6d c0 ad 30 32 b6 57 22 29 d7 68 61 29 39 ce c8 7c a3 2e df fb e4 f5 5f 26 4d 88 06 4e fe d5 b7 15 25 6e ab c5 a7 f7 ad 29 90 4f 3c 73 9e 9b 64 b4 0a d7 e6 49 f7 03 2e 58 e0 93 90 c6 ee 59 91 c8 d4 5e b8 8e 3e 35 21 cc c9 b8 b6 32 fc f1 7b f5 cc 99 39 0b 08 3c 20 eb e5 0b 74 7c bb a8 5e 8e 66 17 ac 11 89 d2 bb 48 d9 eb a1 a0 8d a6 d1 2a 40 02 e1 a1 b3 2d 5e 2c 86 3e 87 93 ca 2f 8b f7 1c af 71 76 25 1b ea 15 f4 6f 35 81 92 fc 26 9c 24 0f a3 17 08 5a df 0b 11 69 ae e5 04 21 bc f3 fc 01 97 31 65 da a2 86 cc bb 8c 1c 04 ff 0c db 16 3f b3 95 6c 85 a3 f9 6b 01 5f 9b d8 23 ac fb 7b f1 63 c0 0b Data Ascii: XwtK)_S >>c]bzJNG(=5/63b}m02W")ha)9\|._&MN%n)O<sdI.XY^>5!2{9< t\|^fH*@-^,>/qv%o5&$Zi!1e?lk_#{c
2024-08-30 17:06:27 UTC	11860	IN	Data Raw: e7 df c7 46 39 ba 56 4c f0 5c c1 bc 7a fd d4 8b 14 c1 4f 9b 9c f6 62 8d fa 1e d6 30 01 4c b1 a9 46 f2 50 36 e2 f3 1f e5 a3 df 4f 5e 16 d9 7e b6 a3 9f 60 12 1f f6 6d 37 cc ef f0 d6 0c 6c a7 52 04 d5 14 ef 16 80 44 99 1d 08 09 92 20 13 c4 2b f1 11 6e 93 aa 56 79 7b 50 45 e6 42 da 28 a6 59 fd 34 0f 80 32 fe 85 04 b6 ec bd f2 1d 6a 09 84 62 28 17 80 ba 2b 21 6a e2 30 bc e4 32 40 12 e4 83 14 7b e0 fd 98 83 05 80 06 ab bc 9a d4 ae d5 62 76 08 60 b3 4e f1 35 31 a6 da 01 10 8e a8 6d fc bd a8 83 60 a7 e9 15 9e fb ec af fc 1e 01 26 db ca f1 0e dc 19 87 59 9a c1 6e 4a d5 e4 d3 44 e6 f5 0f f5 fd 6a 30 a5 5f d5 9b 31 a2 ec 2d 2f 39 81 4a 35 ae 07 55 1f 45 e5 50 b5 41 be f5 b7 ba b9 b7 e8 c3 2a 68 ee 78 74 62 66 32 64 81 99 f4 b8 41 48 f7 02 9d e7 d3 c4 f9 82 98 05 d6 Data Ascii: F9VL\zOb0LFP6O^~`m7lRD +nVy{PEB(Y42jb(+!j02@{bv`N51m`&YnJDj0_1-/9J5UEPA*hxtbf2dAH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.16	49780	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:27 UTC	600	OUT	GET /shared/edgeweb/css/e850146.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:27 UTC	785	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:27 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 91456 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"16540-19180c426dd" Last-Modified: Fri, 23 Aug 2024 19:43:44 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170627Z-16579567576s4v5z9ks8mdk6fw00000003k000000000nx5z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:27 UTC	15599	IN	Data Raw: 2e 73 65 61 72 63 68 2d 62 6f 78 5f 5f 6e 6f 72 65 73 75 6c 74 73 7b 63 6f 6c 6f 72 3a 74 68 65 6d 65 2d 76 61 72 28 70 61 67 65 2d 66 67 29 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 31 65 6d 20 2e 37 35 65 6d 20 31 2e 31 35 65 6d 7d 2e 73 65 61 72 63 68 2d 62 6f 78 5f 5f 6e 6f 72 65 73 75 6c 74 73 20 73 70 61 6e 7b 63 6f 6c 6f 72 3a 74 68 65 6d 65 2d 76 61 72 28 6c 69 6e 6b 29 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 2e 32 35 65 6d 7d 2e 73 65 61 72 63 68 2d 62 6f 78 5f 5f 6e 6f 72 65 73 75 6c 74 73 20 73 76 67 7b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 2e 31 35 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 2e 31 65 6d 7d 2e 73 65 61 72 63 68 2d 62 6f 78 5f 5f 6e 6f 72 65 73 75 6c 74 73 Data Ascii: .search-box__noresults{color:theme-var(page-fg);display:block;padding:1em .75em 1.15em}.search-box__noresults span{color:theme-var(link);margin-inline-start:.25em}.search-box__noresults svg{margin-inline-start:.15em;margin-top:-.1em}.search-box__noresults
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 2c 5b 64 69 73 61 62 6c 65 64 5d 7b 63 75 72 73 6f 72 3a 6e 6f 74 2d 61 6c 6c 6f 77 65 64 7d 5b 61 72 69 61 2d 68 69 64 64 65 6e 3d 66 61 6c 73 65 5d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 69 6e 69 74 69 61 6c 7d 5b 61 72 69 61 2d 68 69 64 64 65 6e 3d 66 61 6c 73 65 5d 5b 68 69 64 64 65 6e 5d 3a 6e 6f 74 28 3a 66 6f 63 75 73 29 7b 63 6c 69 70 3a 72 65 63 74 28 30 2c 30 2c 30 2c 30 29 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 34 70 78 2c 31 2e 30 35 32 36 33 31 35 37 38 39 76 77 2c 31 36 70 78 29 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 33 36 36 70 78 29 7b 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2d 31 7d 7d Data Ascii: ,[disabled]{cursor:not-allowed}[aria-hidden=false][hidden]{display:initial}[aria-hidden=false][hidden]:not(:focus){clip:rect(0,0,0,0);position:absolute}html{font-size:clamp(14px,1.0526315789vw,16px)}@media screen and (max-width:1366px){html{font-size:-1}}
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d 73 65 63 74 69 6f 6e 5f 5f 62 61 63 6b 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 29 7d 2e 65 75 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d 73 65 63 74 69 6f 6e 5f 5f 72 65 61 64 65 72 7b 67 72 69 64 2d 61 72 65 61 3a 72 65 61 64 65 72 7d 2e 65 75 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d 73 65 63 74 69 6f 6e 5f 5f 69 6e 66 6f 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 67 61 70 3a 31 2e 35 65 6d 3b 67 72 69 64 2d 61 72 65 61 3a 69 6e 66 6f 7d 2e 65 75 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d 73 65 63 74 69 6f 6e 5f 5f 6c 61 6e 67 7b 67 72 69 64 2d 61 72 65 61 3a 6c 61 6e 67 7d 2e 65 75 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d 73 65 63 Data Ascii: la-download-section__back:hover{color:var(--theme-link)}.eula-download-section__reader{grid-area:reader}.eula-download-section__info{display:flex;flex-direction:column;gap:1.5em;grid-area:info}.eula-download-section__lang{grid-area:lang}.eula-download-sec
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 3a 39 30 25 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 62 6c 6f 63 6b 2d 65 6d 62 65 64 2d 7a 6f 6f 6d 2d 68 65 72 6f 5f 5f 62 72 6f 77 73 65 72 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 25 3b 62 6f 74 74 6f 6d 3a 33 25 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6c 65 66 74 3a 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 32 25 3b 74 6f 70 3a 33 25 7d 2e 62 6c 6f 63 6b 2d 65 6d 62 65 64 2d 7a 6f 6f 6d 2d 68 65 72 6f 5f 5f 62 72 6f 77 73 65 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 62 6c 6f 63 6b 2d 65 6d 62 65 64 2d 7a 6f 6f 6d 2d 68 65 72 6f 5f 5f 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 69 74 65 6d Data Ascii: :90%;z-index:1}.block-embed-zoom-hero__browser:before{border-radius:2%;bottom:3%;content:"";display:block;left:2%;position:absolute;right:2%;top:3%}.block-embed-zoom-hero__browser img{position:relative;width:100%}.block-embed-zoom-hero__content{align-item
2024-08-30 17:06:27 UTC	16384	IN	Data Raw: 30 32 20 2e 65 6d 62 65 64 2d 73 65 61 72 63 68 2d 61 64 76 61 6e 63 65 64 5f 5f 63 6f 70 69 6c 6f 74 3e 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 35 35 25 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 76 61 72 28 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 72 67 62 29 2c 2e 31 35 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 76 61 72 28 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 72 67 62 29 2c 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 34 70 78 20 35 2e 35 70 78 20 2d 31 2e 35 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 34 38 29 2c 30 20 39 70 78 20 31 33 2e 35 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 31 33 29 2c 30 20 33 Data Ascii: 02 .embed-search-advanced__copilot>button{background-size:55%;border-bottom:1px solid rgba(var(--theme-page-fg-rgb),.15);border:1px solid rgba(var(--theme-page-fg-rgb),.15);box-shadow:0 4px 5.5px -1.5px rgba(0,0,0,.048),0 9px 13.5px 0 rgba(0,0,0,.013),0 3
2024-08-30 17:06:27 UTC	10321	IN	Data Raw: 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6c 65 66 74 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2e 31 65 6d 3b 77 69 64 74 68 3a 30 7d 2e 72 65 74 61 69 6c 65 72 2d 67 72 69 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 34 70 78 2c 31 2e 30 35 32 36 33 31 35 37 38 39 76 77 2c 31 36 70 78 29 7d 2e 72 65 74 61 69 6c 65 72 2d 67 72 69 64 5f 5f 67 72 69 64 7b 67 72 69 64 2d 67 61 70 3a 32 35 70 78 3b 64 69 73 70 6c 61 79 3a 67 72 69 64 3b 67 72 69 64 2d 61 75 74 6f 2d 72 6f 77 73 3a 61 75 74 6f 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 72 65 70 65 61 74 28 61 75 74 6f 2d 66 69 6c 6c 2c 6d 69 6e 6d 61 78 28 6d 61 78 28 31 38 30 70 78 2c 31 36 2e 36 36 36 36 36 36 36 36 36 37 25 29 2c Data Ascii: ock;height:0;left:100%;position:absolute;top:.1em;width:0}.retailer-grid{font-size:clamp(14px,1.0526315789vw,16px)}.retailer-grid__grid{grid-gap:25px;display:grid;grid-auto-rows:auto;grid-template-columns:repeat(auto-fill,minmax(max(180px,16.6666666667%),

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.16	49785	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:27 UTC	600	OUT	GET /shared/edgeweb/css/1cfb7d6.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:27 UTC	783	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:27 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 6977 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1b41-190efe72564" Last-Modified: Fri, 26 Jul 2024 16:37:01 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170627Z-16579567576vpzq62mgx0my8kw00000003vg00000000bk36 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:27 UTC	6977	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6e 61 6d 65 73 3a 78 6c 20 6c 67 20 6d 64 20 73 6d 20 6d 6f 62 69 6c 65 20 78 73 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 69 7a 65 73 3a 31 39 32 30 70 78 20 31 36 30 30 70 78 20 31 33 36 36 70 78 20 31 30 32 34 70 78 20 38 31 30 70 78 20 36 34 30 70 78 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 39 32 30 70 78 29 7b 3a 72 6f 6f 74 7b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 3a 78 6c 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 74 72 3a 22 78 6c 22 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 77 69 64 74 68 3a 31 39 32 30 70 78 3b 2d 2d 69 73 2d 6d 6f 62 69 6c 65 3a 66 61 6c 73 65 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d Data Ascii: :root{--breakpoint-names:xl lg md sm mobile xs;--breakpoint-sizes:1920px 1600px 1366px 1024px 810px 640px}@media screen and (max-width:1920px){:root{--breakpoint:xl;--breakpoint-str:"xl";--breakpoint-width:1920px;--is-mobile:false}}@media screen and (max-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.16	49784	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:27 UTC	600	OUT	GET /shared/edgeweb/css/e71f445.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:27 UTC	784	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:27 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 19176 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"4ae8-19180c4299d" Last-Modified: Fri, 23 Aug 2024 19:43:45 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170627Z-16579567576pgh4h94c7qn0kuc00000003hg00000000vp3k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:27 UTC	15600	IN	Data Raw: 2e 63 6d 73 2d 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 63 63 32 39 32 62 3b 62 6f 74 74 6f 6d 3a 30 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 70 61 64 64 69 6e 67 3a 35 70 78 20 33 36 70 78 20 35 70 78 20 38 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 72 69 67 68 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 39 7d 2e 63 6d 73 2d 62 75 74 74 6f 6e 20 2e 63 6d 73 2d 62 75 74 74 6f 6e 2d 73 61 76 65 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 2d 32 70 78 7d 2e 63 6d 73 2d 62 75 74 74 6f 6e 20 2e 63 6d 73 2d 62 75 74 74 6f 6e 2d 63 6c 6f 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c Data Ascii: .cms-button{background:#cc292b;bottom:0;color:#fff;cursor:pointer;height:30px;padding:5px 36px 5px 8px;position:fixed;right:0;z-index:9999}.cms-button .cms-button-saved{font-size:.7em;position:relative;top:-2px}.cms-button .cms-button-close{background-col
2024-08-30 17:06:27 UTC	3576	IN	Data Raw: 5b 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 5d 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 5b 61 72 69 61 2d 64 69 73 61 62 6c 65 64 3d 74 72 75 65 5d 2c 5b 64 69 73 61 62 6c 65 64 5d 7b 63 75 72 73 6f 72 3a 6e 6f 74 2d 61 6c 6c 6f 77 65 64 7d 5b 61 72 69 61 2d 68 69 64 64 65 6e 3d 66 61 6c 73 65 5d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 69 6e 69 74 69 61 6c 7d 5b 61 72 69 61 2d 68 69 64 64 65 6e 3d 66 61 6c 73 65 5d 5b 68 69 64 64 65 6e 5d 3a 6e 6f 74 28 3a 66 6f 63 75 73 29 7b 63 6c 69 70 3a 72 65 63 74 28 30 2c 30 2c 30 2c 30 29 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 34 70 78 2c 31 2e 30 35 32 36 33 31 35 37 38 39 76 77 2c 31 36 70 78 29 7d 40 6d 65 64 69 Data Ascii: [aria-controls]{cursor:pointer}[aria-disabled=true],[disabled]{cursor:not-allowed}[aria-hidden=false][hidden]{display:initial}[aria-hidden=false][hidden]:not(:focus){clip:rect(0,0,0,0);position:absolute}html{font-size:clamp(14px,1.0526315789vw,16px)}@medi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.16	49786	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	600	OUT	GET /shared/edgeweb/css/63e3356.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:28 UTC	689	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:28 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 553 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"229-18c5b54eda3" Last-Modified: Tue, 12 Dec 2023 00:02:21 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170628Z-16579567576phhfj0h0z9mnmag00000003h000000000evfh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:28 UTC	553	IN	Data Raw: 2e 65 75 6c 61 2d 70 6f 70 75 70 5f 5f 64 69 61 6c 6f 67 20 2e 61 70 70 2d 70 6f 70 75 70 2d 6c 61 79 6f 75 74 20 2e 61 70 70 2d 70 6f 70 75 70 2d 67 72 61 70 68 69 63 2d 69 6d 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 30 25 7d 62 6f 64 79 2e 73 6c 69 64 65 73 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 2e 73 6c 69 64 65 73 20 2e 73 6c 69 64 65 73 2d 70 61 67 65 7b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 3b 77 69 64 74 68 3a 31 30 30 76 77 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a Data Ascii: .eula-popup__dialog .app-popup-layout .app-popup-graphic-image{background-position:50%}body.slides{overflow-x:hidden!important;width:100%!important}body.slides .slides-page{height:100vh;left:0;position:fixed;top:0;width:100vw}@media screen and (max-width:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.16	49787	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	600	OUT	GET /shared/edgeweb/css/27610ae.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:28 UTC	783	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:28 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 8645 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"21c5-1918202f039" Last-Modified: Sat, 24 Aug 2024 01:31:56 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170628Z-16579567576qxwrndb60my3nes00000003h000000000vpe9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:28 UTC	8645	IN	Data Raw: 2e 63 6f 6d 6d 6f 6e 2d 74 65 78 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6d 6d 6f 6e 2d 66 65 65 64 62 61 63 6b 2d 70 72 6f 6d 70 74 7b 64 69 73 70 6c 61 79 3a 67 72 69 64 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 2e 35 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 31 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 20 30 6d 73 7d 2e 63 6f 6d 6d 6f 6e 2d 66 65 65 64 62 61 63 6b 2d 70 72 6f 6d 70 74 3e 2a 7b 67 72 69 64 2d 61 72 65 61 3a 31 2f 31 7d 2e 63 6f 6d 6d 6f 6e 2d 66 65 65 64 62 61 63 6b 2d 70 72 6f 6d 70 74 5f 5f 70 72 6f 6d 70 74 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 63 6f 6d 6d 6f 6e 2d 66 65 65 64 62 61 63 6b 2d 70 72 6f 6d 70 74 5f 5f 6d 65 Data Ascii: .common-text{text-align:inherit}.common-feedback-prompt{display:grid;min-height:1.5em;transition:opacity .15s cubic-bezier(.165,.84,.44,1) 0ms}.common-feedback-prompt>*{grid-area:1/1}.common-feedback-prompt__prompt{display:flex}.common-feedback-prompt__me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.16	49788	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	600	OUT	GET /shared/edgeweb/css/1a34b6b.css HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:28 UTC	786	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:28 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 134772 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"20e74-1918202f079" Last-Modified: Sat, 24 Aug 2024 01:31:56 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170628Z-16579567576l4p9bs8an1npq1n00000003ag00000000vfzw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:28 UTC	15598	IN	Data Raw: 2e 70 78 2d 73 6c 69 64 65 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 66 61 64 65 2d 65 6e 74 65 72 2d 61 63 74 69 76 65 2c 2e 70 78 2d 73 6c 69 64 65 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 66 61 64 65 2d 6c 65 61 76 65 2d 61 63 74 69 76 65 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 3b 74 72 61 6e 73 69 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 7d 2e 70 78 2d 73 6c 69 64 65 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 66 61 64 65 2d 65 6e 74 65 72 2c 2e 70 78 2d 73 6c 69 64 65 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 66 61 64 65 2d 65 6e 74 65 72 2d 66 72 6f 6d 2c 2e 70 78 2d 73 6c 69 64 65 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 66 61 64 65 2d 6c 65 61 76 65 2d 74 6f 7b 6f 70 61 Data Ascii: .px-slide-transition-fade-enter-active,.px-slide-transition-fade-leave-active{transition:opacity 1s cubic-bezier(.165,.84,.44,1);transition-delay:0}.px-slide-transition-fade-enter,.px-slide-transition-fade-enter-from,.px-slide-transition-fade-leave-to{opa
2024-08-30 17:06:28 UTC	16384	IN	Data Raw: 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 76 61 72 28 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 72 67 62 29 2c 2e 31 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 65 6d 3b 66 6c 65 78 3a 31 3b 68 65 69 67 68 74 3a 2e 33 33 65 6d 3b 6d 61 78 2d 77 69 64 74 68 3a 31 34 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 73 6c 69 64 65 2d 63 68 65 63 6b 2d 6c 69 73 74 2d 70 72 6f 67 72 65 73 73 5f 5f 62 61 72 2d 70 72 6f 67 72 65 73 73 3e 73 70 61 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 62 6c 75 65 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 69 6e 68 65 72 69 74 3b 64 69 73 70 6c 61 Data Ascii: kground-color:rgba(var(--theme-page-fg-rgb),.1);border-radius:1em;flex:1;height:.33em;max-width:14em;overflow:hidden;position:relative;width:100%}.slide-check-list-progress__bar-progress>span{background-color:var(--theme-blue);border-radius:inherit;displa
2024-08-30 17:06:28 UTC	16384	IN	Data Raw: 73 6c 69 64 65 2d 70 61 67 65 2d 62 61 6e 6e 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 2d 61 72 65 61 2d 74 69 74 6c 65 7b 67 72 69 64 2d 61 72 65 61 3a 6c 65 66 74 7d 2e 73 6c 69 64 65 2d 70 61 67 65 2d 62 61 6e 6e 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 2d 61 72 65 61 2d 6d 65 64 69 61 7b 67 72 69 64 2d 61 72 65 61 3a 72 69 67 68 74 7d 2e 73 6c 69 64 65 2d 70 61 67 65 2d 62 61 6e 6e 65 72 5f 5f 61 63 74 69 6f 6e 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 73 6c 69 64 65 2d 70 61 67 65 2d 62 61 6e 6e 65 72 5f 5f 63 6f 6e 74 65 6e 74 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2c 2e 73 6c 69 64 65 2d 70 61 67 65 2d 62 61 6e 6e 65 72 5f 5f 63 6f 6e 74 Data Ascii: slide-page-banner__content--area-title{grid-area:left}.slide-page-banner__content--area-media{grid-area:right}.slide-page-banner__action{height:100%;position:relative;width:100%;z-index:1}.slide-page-banner__content .common-button,.slide-page-banner__cont
2024-08-30 17:06:28 UTC	16384	IN	Data Raw: 66 66 34 66 62 29 3b 2d 2d 74 68 65 6d 65 2d 65 6d 2d 67 72 61 64 69 65 6e 74 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 39 30 64 65 67 2c 23 37 32 30 39 64 34 2c 23 32 38 33 32 64 34 20 33 33 25 2c 23 30 30 61 35 62 32 29 3b 2d 2d 74 68 65 6d 65 2d 65 6d 2d 67 72 61 64 69 65 6e 74 2d 70 69 6e 6b 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 39 30 64 65 67 2c 23 65 64 37 30 37 37 2c 23 39 61 33 34 65 37 20 36 36 25 29 3b 2d 2d 74 68 65 6d 65 2d 6e 65 77 2d 74 61 67 2d 62 67 3a 23 66 65 63 38 34 36 3b 2d 2d 74 68 65 6d 65 2d 6e 65 77 2d 74 61 67 2d 62 67 2d 72 67 62 3a 32 35 34 2c 32 30 30 2c 37 30 3b 2d 2d 74 68 65 6d 65 2d 6e 65 77 2d 74 61 67 2d 62 67 2d 6c 69 67 68 74 65 72 3a 23 66 65 64 37 37 39 3b 2d 2d 74 68 65 6d 65 2d 6e 65 77 2d 74 Data Ascii: ff4fb);--theme-em-gradient:linear-gradient(90deg,#7209d4,#2832d4 33%,#00a5b2);--theme-em-gradient-pink:linear-gradient(90deg,#ed7077,#9a34e7 66%);--theme-new-tag-bg:#fec846;--theme-new-tag-bg-rgb:254,200,70;--theme-new-tag-bg-lighter:#fed779;--theme-new-t
2024-08-30 17:06:28 UTC	16384	IN	Data Raw: 2d 74 68 65 6d 65 2d 70 61 67 65 2d 62 67 2d 64 61 72 6b 65 72 3a 23 31 30 30 66 30 66 3b 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 3a 23 66 66 66 3b 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 72 67 62 3a 32 35 35 2c 32 35 35 2c 32 35 35 3b 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 6c 69 67 68 74 65 72 3a 23 66 66 66 3b 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 64 61 72 6b 65 72 3a 23 65 36 65 36 65 36 3b 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 3a 23 38 32 64 64 66 64 3b 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 2d 72 67 62 3a 31 33 30 2c 32 32 31 2c 32 35 33 3b 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 2d 6c 69 67 68 74 65 72 3a 23 62 34 65 62 66 65 3b 2d 2d 74 68 65 6d 65 2d 6c 69 6e 6b 2d 64 61 72 6b 65 72 3a 23 35 30 63 66 66 63 3b 2d 2d 74 68 65 Data Ascii: -theme-page-bg-darker:#100f0f;--theme-page-fg:#fff;--theme-page-fg-rgb:255,255,255;--theme-page-fg-lighter:#fff;--theme-page-fg-darker:#e6e6e6;--theme-link:#82ddfd;--theme-link-rgb:130,221,253;--theme-link-lighter:#b4ebfe;--theme-link-darker:#50cffc;--the
2024-08-30 17:06:28 UTC	16384	IN	Data Raw: 2e 31 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 20 30 6d 73 2c 62 6f 78 2d 73 68 61 64 6f 77 20 2e 31 35 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 20 30 6d 73 7d 2e 62 6c 6f 63 6b 2d 63 61 72 64 2d 6c 69 73 74 2d 63 61 72 64 2d 2d 68 69 67 68 6c 69 67 68 74 2d 6e 65 78 74 2d 79 65 6c 6c 6f 77 2e 62 6c 6f 63 6b 2d 63 61 72 64 2d 6c 69 73 74 2d 63 61 72 64 2d 2d 65 6e 61 62 6c 65 64 3a 6e 6f 74 28 2e 62 6c 6f 63 6b 2d 63 61 72 64 2d 6c 69 73 74 2d 63 61 72 64 2d 2d 63 6f 6d 70 6c 65 74 65 64 29 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 33 70 78 20 72 67 62 61 28 76 61 72 28 2d 2d 74 68 65 6d 65 2d 79 65 6c 6c 6f 77 2d 72 67 62 29 2c 2e 36 36 29 2c Data Ascii: .15s cubic-bezier(.165,.84,.44,1) 0ms,box-shadow .15s cubic-bezier(.165,.84,.44,1) 0ms}.block-card-list-card--highlight-next-yellow.block-card-list-card--enabled:not(.block-card-list-card--completed){box-shadow:0 0 0 3px rgba(var(--theme-yellow-rgb),.66),
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 73 63 72 6f 6c 6c 65 72 5f 5f 62 6c 6f 63 6b 73 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 73 74 72 65 74 63 68 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 6c 6c 2d 63 68 61 6e 67 65 3a 74 72 61 6e 73 66 6f 72 6d 2c 61 75 74 6f 7d 2e 62 6c 6f 63 6b 2d 68 6f 72 69 7a 6f 6e 74 61 6c 2d 73 63 72 6f 6c 6c 65 72 5f 5f 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 67 72 69 64 3b 66 6c 65 78 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 34 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 62 6c 6f 63 6b 2d 68 6f 72 69 7a 6f 6e 74 61 6c 2d 73 63 72 6f 6c 6c 65 72 5f 5f 69 6e 6e 65 72 2d 62 6c 6f 63 6b 7b 77 69 6c 6c 2d 63 68 61 6e 67 65 3a 74 72 61 6e 73 66 6f Data Ascii: scroller__blocks{align-items:stretch;display:flex;max-height:100%;position:relative;will-change:transform,auto}.block-horizontal-scroller__block{display:grid;flex:none;margin-right:4em;width:100%}.block-horizontal-scroller__inner-block{will-change:transfo
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 3a 23 30 30 37 36 37 66 3b 2d 2d 74 68 65 6d 65 2d 67 72 65 65 6e 3a 23 30 61 64 38 38 66 3b 2d 2d 74 68 65 6d 65 2d 67 72 65 65 6e 2d 72 67 62 3a 31 30 2c 32 31 36 2c 31 34 33 3b 2d 2d 74 68 65 6d 65 2d 67 72 65 65 6e 2d 6c 69 67 68 74 65 72 3a 23 32 30 66 35 61 39 3b 2d 2d 74 68 65 6d 65 2d 67 72 65 65 6e 2d 64 61 72 6b 65 72 3a 23 30 38 61 37 36 66 3b 2d 2d 74 68 65 6d 65 2d 79 65 6c 6c 6f 77 3a 23 66 65 63 38 34 36 3b 2d 2d 74 68 65 6d 65 2d 79 65 6c 6c 6f 77 2d 72 67 62 3a 32 35 34 2c 32 30 30 2c 37 30 3b 2d 2d 74 68 65 6d 65 2d 79 65 6c 6c 6f 77 2d 6c 69 67 68 74 65 72 3a 23 66 65 64 37 37 39 3b 2d 2d 74 68 65 6d 65 2d 79 65 6c 6c 6f 77 2d 64 61 72 6b 65 72 3a 23 66 65 62 39 31 33 3b 2d 2d 74 68 65 6d 65 2d 6c 69 67 68 74 2d 67 72 61 79 3a 23 66 32 Data Ascii: :#00767f;--theme-green:#0ad88f;--theme-green-rgb:10,216,143;--theme-green-lighter:#20f5a9;--theme-green-darker:#08a76f;--theme-yellow:#fec846;--theme-yellow-rgb:254,200,70;--theme-yellow-lighter:#fed779;--theme-yellow-darker:#feb913;--theme-light-gray:#f2
2024-08-30 17:06:29 UTC	4486	IN	Data Raw: 6e 64 61 72 79 20 6d 65 64 69 61 22 20 22 2e 20 6d 65 64 69 61 22 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 31 66 72 20 32 66 72 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 72 6f 77 73 3a 6d 69 6e 6d 61 78 28 30 2c 2e 35 66 72 29 20 61 75 74 6f 20 61 75 74 6f 20 61 75 74 6f 20 6d 69 6e 6d 61 78 28 30 2c 2e 35 66 72 29 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 38 31 30 70 78 29 7b 2e 68 6f 6d 65 2d 62 6c 6f 63 6b 2d 2d 6c 61 79 6f 75 74 2d 73 69 64 65 62 79 73 69 64 65 2d 77 69 64 65 20 2e 68 6f 6d 65 2d 62 6c 6f 63 6b 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 67 72 69 64 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 61 72 65 61 73 3a 22 2e 22 20 22 6d 65 64 69 61 22 20 Data Ascii: ndary media" ". media";grid-template-columns:1fr 2fr;grid-template-rows:minmax(0,.5fr) auto auto auto minmax(0,.5fr)}@media screen and (max-width:810px){.home-block--layout-sidebyside-wide .home-block__content{display:grid;grid-template-areas:"." "media"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.16	49791	4.152.133.8	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	607	OUT	POST /api/browser/edge/navigate/3 HTTP/1.1 Host: nav-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1726 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiMmNVa1pyd29xVjkxTFhrRm8vNU9FQT09IiwgImhhc2giOiJQYlArNHZOeFJhZz0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:28 UTC	1726	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:28 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:28 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1775 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:7b18f7b7-44a8-4212-9aac-12b29c628ff9
2024-08-30 17:06:28 UTC	1775	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 73 74 6f 72 65 39 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 31 35 63 30 63 64 36 65 2d 38 31 63 38 2d 34 39 31 39 2d 38 64 65 64 2d 62 31 32 38 61 63 39 30 37 35 65 31 2f 32 25 32 30 64 65 6d 6e 61 64 61 25 32 30 6c 61 62 6f 72 61 6c 2d 25 32 30 6a 75 7a 67 61 64 6f 25 32 30 30 32 25 32 30 63 69 76 69 6c 25 32 30 64 65 6c 25 32 30 63 69 72 63 75 69 74 6f 25 32 30 72 61 6d 61 25 32 30 6a 75 64 69 63 69 61 6c 2e 7a 69 70 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20demnada%20laboral-%20juzgado%2002%20civil%20del%20circuito%20rama%20judicial.zip","inheritance":"none"},"maxAge":100800000000,"serverConte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.16	49789	4.152.133.8	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	607	OUT	POST /api/browser/edge/navigate/3 HTTP/1.1 Host: nav-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1726 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiMmdhVFBSTUp4UVNmV3ZpMEVtaVp3dz09IiwgImhhc2giOiJORUJvUFlRcEJraz0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:28 UTC	1726	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:28 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:28 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1775 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:7b18f7b7-44a8-4212-9aac-12b29c628ff9
2024-08-30 17:06:28 UTC	1775	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 73 74 6f 72 65 39 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 31 35 63 30 63 64 36 65 2d 38 31 63 38 2d 34 39 31 39 2d 38 64 65 64 2d 62 31 32 38 61 63 39 30 37 35 65 31 2f 32 25 32 30 64 65 6d 6e 61 64 61 25 32 30 6c 61 62 6f 72 61 6c 2d 25 32 30 6a 75 7a 67 61 64 6f 25 32 30 30 32 25 32 30 63 69 76 69 6c 25 32 30 64 65 6c 25 32 30 63 69 72 63 75 69 74 6f 25 32 30 72 61 6d 61 25 32 30 6a 75 64 69 63 69 61 6c 2e 7a 69 70 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20demnada%20laboral-%20juzgado%2002%20civil%20del%20circuito%20rama%20judicial.zip","inheritance":"none"},"maxAge":100800000000,"serverConte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.16	49790	52.159.108.190	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	606	OUT	POST /api/browser/edge/download/3 HTTP/1.1 Host: dl-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1741 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiY0pPNlFMVStBcnVUTGxnOE9VYWpsQT09IiwgImhhc2giOiJTWWhzbUNDVVZvOD0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:28 UTC	1741	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:29 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1774 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
2024-08-30 17:06:29 UTC	1774	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 73 74 6f 72 65 39 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 31 35 63 30 63 64 36 65 2d 38 31 63 38 2d 34 39 31 39 2d 38 64 65 64 2d 62 31 32 38 61 63 39 30 37 35 65 31 2f 32 25 32 30 64 65 6d 6e 61 64 61 25 32 30 6c 61 62 6f 72 61 6c 2d 25 32 30 6a 75 7a 67 61 64 6f 25 32 30 30 32 25 32 30 63 69 76 69 6c 25 32 30 64 65 6c 25 32 30 63 69 72 63 75 69 74 6f 25 32 30 72 61 6d 61 25 32 30 6a 75 64 69 63 69 61 6c 2e 7a 69 70 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20demnada%20laboral-%20juzgado%2002%20civil%20del%20circuito%20rama%20judicial.zip","inheritance":"none"},"maxAge":100800000000,"serverConte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.16	49792	52.159.108.190	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:28 UTC	606	OUT	POST /api/browser/edge/download/3 HTTP/1.1 Host: dl-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1741 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSjVacEdUMkhYNzUxSk84M0FMQjJ4Zz09IiwgImhhc2giOiJJc08yeDc1eGEwYz0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:28 UTC	1741	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:29 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:28 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1774 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
2024-08-30 17:06:29 UTC	1774	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 73 74 6f 72 65 39 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 31 35 63 30 63 64 36 65 2d 38 31 63 38 2d 34 39 31 39 2d 38 64 65 64 2d 62 31 32 38 61 63 39 30 37 35 65 31 2f 32 25 32 30 64 65 6d 6e 61 64 61 25 32 30 6c 61 62 6f 72 61 6c 2d 25 32 30 6a 75 7a 67 61 64 6f 25 32 30 30 32 25 32 30 63 69 76 69 6c 25 32 30 64 65 6c 25 32 30 63 69 72 63 75 69 74 6f 25 32 30 72 61 6d 61 25 32 30 6a 75 64 69 63 69 61 6c 2e 7a 69 70 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"store9.gofile.io/download/direct/15c0cd6e-81c8-4919-8ded-b128ac9075e1/2%20demnada%20laboral-%20juzgado%2002%20civil%20del%20circuito%20rama%20judicial.zip","inheritance":"none"},"maxAge":100800000000,"serverConte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.16	49793	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:29 UTC	581	OUT	GET /shared/edgeweb/848e665.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:29 UTC	802	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 1778403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1b22e3-1919ac7ac2e" Last-Modified: Wed, 28 Aug 2024 20:57:42 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170629Z-16579567576w5bqfyu10zdac7g00000003bg00000000qt8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:29 UTC	15582	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 38 39 5d 2c 5b 2c 2c 2c 2c 2c 2c 2c 2c 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 72 28 31 36 29 2c 6f 3d 28 72 28 31 33 29 2c 72 28 37 29 2c 72 28 33 34 29 2c 72 28 35 31 29 2c 72 28 31 37 29 2c 72 28 33 32 29 2c 72 28 31 29 2c 72 28 31 32 29 2c 72 28 33 30 29 2c 72 28 39 32 29 2c 72 28 35 38 29 2c 72 28 32 33 29 29 2c 6c 3d 5b 22 62 75 74 74 6f 6e 22 2c 22 6c 69 6e 6b 22 2c 22 6e 61 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[89],[,,,,,,,,,function(e,t,r){"use strict";var n=r(16),o=(r(13),r(7),r(34),r(51),r(17),r(32),r(1),r(12),r(30),r(92),r(58),r(23)),l=["button","link","na
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 69 5d 2c 74 29 29 29 7c 7c 65 2e 73 70 6c 69 63 65 28 69 2c 31 29 3b 72 65 74 75 72 6e 20 65 7d 2c 77 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 5f 67 73 61 70 7c 7c 6b 65 28 68 74 28 65 29 29 5b 30 5d 2e 5f 67 73 61 70 7d 2c 5f 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 72 65 74 75 72 6e 28 72 3d 65 5b 74 5d 29 26 26 46 28 72 29 3f 65 5b 74 5d 28 29 3a 4e 28 72 29 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 74 29 7c 7c 72 7d 2c 78 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 65 3d 65 2e 73 70 6c 69 74 28 22 2c 22 29 29 2e 66 6f 72 45 61 63 68 28 74 29 7c 7c 65 7d 2c 4d 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4d 61 74 Data Ascii: i],t)))\|\|e.splice(i,1);return e},we=function(e){return e._gsap\|\|ke(ht(e))[0]._gsap},_e=function(e,t,r){return(r=e[t])&&F(r)?e[t]():N(r)&&e.getAttribute&&e.getAttribute(t)\|\|r},xe=function(e,t){return(e=e.split(",")).forEach(t)\|\|e},Me=function(e){return Mat
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 6e 28 74 68 69 73 2e 5f 74 54 69 6d 65 21 3d 3d 65 7c 7c 21 74 68 69 73 2e 5f 64 75 72 26 26 21 74 7c 7c 74 68 69 73 2e 5f 69 6e 69 74 74 65 64 26 26 4d 61 74 68 2e 61 62 73 28 74 68 69 73 2e 5f 7a 54 69 6d 65 29 3d 3d 3d 50 7c 7c 21 65 26 26 21 74 68 69 73 2e 5f 69 6e 69 74 74 65 64 26 26 28 74 68 69 73 2e 61 64 64 7c 7c 74 68 69 73 2e 5f 70 74 4c 6f 6f 6b 75 70 29 29 26 26 28 74 68 69 73 2e 5f 74 73 7c 7c 28 74 68 69 73 2e 5f 70 54 69 6d 65 3d 65 29 2c 49 65 28 74 68 69 73 2c 65 2c 74 29 29 2c 74 68 69 73 7d 2c 74 2e 74 69 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3f 74 68 69 73 2e 74 6f 74 61 6c 54 69 6d 65 28 4d 61 74 68 2e 6d 69 6e 28 74 68 69 73 2e 74 6f 74 61 6c 44 75 72 Data Ascii: n(this._tTime!==e\|\|!this._dur&&!t\|\|this._initted&&Math.abs(this._zTime)===P\|\|!e&&!this._initted&&(this.add\|\|this._ptLookup))&&(this._ts\|\|(this._pTime=e),Ie(this,e,t)),this},t.time=function(e,t){return arguments.length?this.totalTime(Math.min(this.totalDur
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 65 64 2c 73 63 72 6f 6c 6c 54 72 69 67 67 65 72 22 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 75 72 5b 65 5d 3d 31 7d 29 29 3b 76 61 72 20 63 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 2c 72 2c 6e 2c 6c 29 7b 76 61 72 20 64 3b 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 72 26 26 28 6e 2e 64 75 72 61 74 69 6f 6e 3d 72 2c 72 3d 6e 2c 6e 3d 6e 75 6c 6c 29 3b 76 61 72 20 68 2c 69 2c 66 2c 76 2c 70 2c 79 2c 6b 2c 77 2c 5f 3d 28 64 3d 65 2e 63 61 6c 6c 28 74 68 69 73 2c 6c 3f 72 3a 42 65 28 72 29 29 7c 7c 74 68 69 73 29 2e 76 61 72 73 2c 78 3d 5f 2e 64 75 72 61 74 69 6f 6e 2c 4d 3d 5f 2e 64 65 6c 61 79 2c 6a 3d 5f 2e 69 6d 6d 65 64 69 61 74 65 52 65 6e 64 65 72 2c 41 3d 5f 2e 73 74 61 67 67 65 72 2c Data Ascii: ed,scrollTrigger",(function(e){return ur[e]=1}));var cr=function(e){function t(t,r,n,l){var d;"number"==typeof r&&(n.duration=r,r=n,n=null);var h,i,f,v,p,y,k,w,_=(d=e.call(this,l?r:Be(r))\|\|this).vars,x=_.duration,M=_.delay,j=_.immediateRender,A=_.stagger,
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 75 61 72 74 2c 46 74 2e 51 75 69 6e 74 2c 46 74 2e 53 74 72 6f 6e 67 2c 46 74 2e 45 6c 61 73 74 69 63 2c 46 74 2e 42 61 63 6b 2c 46 74 2e 53 74 65 70 70 65 64 45 61 73 65 2c 46 74 2e 42 6f 75 6e 63 65 2c 46 74 2e 53 69 6e 65 2c 46 74 2e 45 78 70 6f 2c 46 74 2e 43 69 72 63 3b 76 61 72 20 56 72 2c 4e 72 2c 24 72 2c 55 72 2c 48 72 2c 57 72 2c 71 72 2c 47 72 2c 4b 72 3d 7b 7d 2c 59 72 3d 31 38 30 2f 4d 61 74 68 2e 50 49 2c 51 72 3d 4d 61 74 68 2e 50 49 2f 31 38 30 2c 58 72 3d 4d 61 74 68 2e 61 74 61 6e 32 2c 4a 72 3d 2f 28 5b 41 2d 5a 5d 29 2f 67 2c 5a 72 3d 2f 28 6c 65 66 74 7c 72 69 67 68 74 7c 77 69 64 74 68 7c 6d 61 72 67 69 6e 7c 70 61 64 64 69 6e 67 7c 78 29 2f 69 2c 65 6e 3d 2f 5b 5c 73 2c 5c 28 5d 5c 53 2f 2c 74 6e 3d 7b 61 75 74 6f 41 6c 70 68 61 3a Data Ascii: uart,Ft.Quint,Ft.Strong,Ft.Elastic,Ft.Back,Ft.SteppedEase,Ft.Bounce,Ft.Sine,Ft.Expo,Ft.Circ;var Vr,Nr,$r,Ur,Hr,Wr,qr,Gr,Kr={},Yr=180/Math.PI,Qr=Math.PI/180,Xr=Math.atan2,Jr=/([A-Z])/g,Zr=/(left\|right\|width\|margin\|padding\|x)/i,en=/[\s,\(]\S/,tn={autoAlpha:
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 4f 3d 43 5b 31 5d 7c 7c 22 35 30 25 22 2c 22 74 6f 70 22 21 3d 3d 50 26 26 22 62 6f 74 74 6f 6d 22 21 3d 3d 50 26 26 22 6c 65 66 74 22 21 3d 3d 4f 26 26 22 72 69 67 68 74 22 21 3d 3d 4f 7c 7c 28 49 3d 50 2c 50 3d 4f 2c 4f 3d 49 29 2c 43 5b 30 5d 3d 44 6e 5b 50 5d 7c 7c 50 2c 43 5b 31 5d 3d 44 6e 5b 4f 5d 7c 7c 4f 2c 64 3d 43 2e 6a 6f 69 6e 28 22 20 22 29 2c 4d 2e 73 76 67 3f 57 6e 28 65 2c 64 2c 30 2c 6a 2c 30 2c 74 68 69 73 29 3a 28 28 6b 3d 70 61 72 73 65 46 6c 6f 61 74 28 64 2e 73 70 6c 69 74 28 22 20 22 29 5b 32 5d 29 7c 7c 30 29 21 3d 3d 4d 2e 7a 4f 72 69 67 69 6e 26 26 50 6e 28 74 68 69 73 2c 4d 2c 22 7a 4f 72 69 67 69 6e 22 2c 4d 2e 7a 4f 72 69 67 69 6e 2c 6b 29 2c 50 6e 28 74 68 69 73 2c 73 74 79 6c 65 2c 70 2c 47 6e 28 63 29 2c 47 6e 28 64 29 29 Data Ascii: O=C[1]\|\|"50%","top"!==P&&"bottom"!==P&&"left"!==O&&"right"!==O\|\|(I=P,P=O,O=I),C[0]=Dn[P]\|\|P,C[1]=Dn[O]\|\|O,d=C.join(" "),M.svg?Wn(e,d,0,j,0,this):((k=parseFloat(d.split(" ")[2])\|\|0)!==M.zOrigin&&Pn(this,M,"zOrigin",M.zOrigin,k),Pn(this,style,p,Gn(c),Gn(d))
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 29 7d 7d 7d 2c 58 3d 28 72 28 38 39 33 29 2c 4f 62 6a 65 63 74 28 78 2e 61 29 28 51 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 74 3d 65 2e 24 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 28 65 2e 5f 73 65 6c 66 2e 5f 63 7c 7c 74 29 28 22 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 22 2c 7b 63 6c 61 73 73 3a 65 2e 62 65 6d 28 29 2c 61 74 74 72 73 3a 7b 6c 61 62 65 6c 3a 65 2e 6c 61 62 65 6c 2c 61 63 63 65 73 73 69 62 6c 65 4c 61 62 65 6c 3a 65 2e 61 63 63 65 73 73 69 62 6c 65 4c 61 62 65 6c 2c 76 61 72 69 61 6e 74 3a 65 2e 63 6f 6d 70 75 74 65 64 42 75 74 74 6f 6e 56 61 72 69 61 6e 74 2c 69 63 6f 6e 3a 65 2e 69 63 6f 6e 53 72 63 2c 69 63 6f 6e 53 69 7a 65 3a 65 2e 69 63 6f 6e 53 69 7a 65 7d 2c 6f 6e 3a 7b 63 6c 69 63 Data Ascii: )}}},X=(r(893),Object(x.a)(Q,(function(){var e=this,t=e.$createElement;return(e._self._c\|\|t)("common-button",{class:e.bem(),attrs:{label:e.label,accessibleLabel:e.accessibleLabel,variant:e.computedButtonVariant,icon:e.iconSrc,iconSize:e.iconSize},on:{clic
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 73 74 65 6e 65 72 28 22 73 63 72 6f 6c 6c 22 2c 72 2c 7b 70 61 73 73 69 76 65 3a 21 30 7d 29 2c 6c 26 26 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 72 65 73 69 7a 65 22 2c 72 29 7d 29 29 3b 63 6f 6e 73 74 20 77 3d 79 26 26 66 3f 66 75 6e 63 74 69 6f 6e 28 65 6c 65 6d 65 6e 74 2c 65 29 7b 6c 65 74 20 74 2c 72 3d 6e 75 6c 6c 3b 63 6f 6e 73 74 20 6e 3d 4c 28 65 6c 65 6d 65 6e 74 29 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 29 7b 76 61 72 20 65 3b 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 74 29 2c 6e 75 6c 6c 3d 3d 28 65 3d 72 29 7c 7c 65 2e 64 69 73 63 6f 6e 6e 65 63 74 28 29 2c 72 3d 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 6c 28 68 2c 66 29 7b 76 6f 69 64 20 30 3d 3d 3d 68 26 26 28 68 3d 21 31 29 2c 76 6f 69 64 20 30 3d 3d 3d Data Ascii: stener("scroll",r,{passive:!0}),l&&e.addEventListener("resize",r)}));const w=y&&f?function(element,e){let t,r=null;const n=L(element);function o(){var e;clearTimeout(t),null==(e=r)\|\|e.disconnect(),r=null}return function l(h,f){void 0===h&&(h=!1),void 0===
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 65 6c 7c 7c 74 68 69 73 2e 61 70 70 65 61 72 61 6e 63 65 4c 65 76 65 6c 7c 7c 74 68 69 73 2e 6c 65 76 65 6c 29 3a 6e 75 6c 6c 7d 2c 74 69 74 6c 65 54 61 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6c 65 76 65 6c 3f 22 68 22 2e 63 6f 6e 63 61 74 28 74 68 69 73 2e 6c 65 76 65 6c 29 3a 22 64 69 76 22 7d 7d 2c 6d 65 74 68 6f 64 73 3a 7b 63 6c 69 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 69 73 56 61 72 69 61 6e 74 28 22 63 6c 69 63 6b 2d 6e 65 78 74 22 29 26 26 74 68 69 73 2e 24 67 6c 6f 62 61 6c 45 6d 69 74 26 26 74 68 69 73 2e 24 67 6c 6f 62 61 6c 45 6d 69 74 28 22 6e 61 76 69 67 61 74 65 2d 6e 65 78 74 22 29 7d 7d 7d 2c 63 3d 28 72 28 39 36 30 29 2c 72 28 30 29 29 2c 63 6f 6d 70 6f 6e 65 6e 74 3d 4f 62 6a 65 63 Data Ascii: el\|\|this.appearanceLevel\|\|this.level):null},titleTag:function(){return this.level?"h".concat(this.level):"div"}},methods:{click:function(){this.isVariant("click-next")&&this.$globalEmit&&this.$globalEmit("navigate-next")}}},c=(r(960),r(0)),component=Objec
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 29 2c 61 5b 30 5d 3d 49 74 28 6f 2b 31 2f 33 2c 6e 2c 67 29 2c 61 5b 31 5d 3d 49 74 28 6f 2c 6e 2c 67 29 2c 61 5b 32 5d 3d 49 74 28 6f 2d 31 2f 33 2c 6e 2c 67 29 3b 65 6c 73 65 20 61 3d 65 2e 6d 61 74 63 68 28 4b 29 7c 7c 45 74 2e 74 72 61 6e 73 70 61 72 65 6e 74 3b 61 3d 61 2e 6d 61 70 28 4e 75 6d 62 65 72 29 7d 72 65 74 75 72 6e 20 74 26 26 21 6d 26 26 28 6e 3d 61 5b 30 5d 2f 53 74 2c 67 3d 61 5b 31 5d 2f 53 74 2c 62 3d 61 5b 32 5d 2f 53 74 2c 6c 3d 28 28 63 3d 4d 61 74 68 2e 6d 61 78 28 6e 2c 67 2c 62 29 29 2b 28 64 3d 4d 61 74 68 2e 6d 69 6e 28 6e 2c 67 2c 62 29 29 29 2f 32 2c 63 3d 3d 3d 64 3f 6f 3d 73 3d 30 3a 28 68 3d 63 2d 64 2c 73 3d 6c 3e 2e 35 3f 68 2f 28 32 2d 63 2d 64 29 3a 68 2f 28 63 2b 64 29 2c 6f 3d 63 3d 3d 3d 6e 3f 28 67 2d 62 29 2f 68 Data Ascii: ),a[0]=It(o+1/3,n,g),a[1]=It(o,n,g),a[2]=It(o-1/3,n,g);else a=e.match(K)\|\|Et.transparent;a=a.map(Number)}return t&&!m&&(n=a[0]/St,g=a[1]/St,b=a[2]/St,l=((c=Math.max(n,g,b))+(d=Math.min(n,g,b)))/2,c===d?o=s=0:(h=c-d,s=l>.5?h/(2-c-d):h/(c+d),o=c===n?(g-b)/h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.16	49794	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:29 UTC	581	OUT	GET /shared/edgeweb/2097fe5.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:29 UTC	802	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 1631572 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"18e554-1919ac7accb" Last-Modified: Wed, 28 Aug 2024 20:57:42 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170629Z-16579567576vpzq62mgx0my8kw00000003r000000000xd02 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:29 UTC	15582	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 31 5d 2c 7b 31 31 37 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 29 7b 7d 2c 31 32 32 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 28 35 39 38 29 7d 2c 31 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 28 36 30 30 29 7d 2c 31 32 33 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 28 35 29 2c 6e 28 31 38 29 2c 6e 28 31 39 29 2c 6e 28 31 31 29 2c 6e 28 36 29 3b 76 61 72 20 74 3d 6e 28 33 29 3b 6e 28 37 29 2c 6e 28 35 37 29 2c 6e 28 33 34 29 2c 6e 28 31 29 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[1],{1177:function(e,o){},1228:function(e,o,n){"use strict";n(598)},1229:function(e,o,n){"use strict";n(600)},123:function(e,o,n){"use strict";n(5),n(18),n(19),n(11),n(6);var t=n(3);n(7),n(57),n(34),n(1)
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 3d 6e 28 32 35 29 2c 63 3d 6e 28 32 31 34 29 2c 6d 3d 6e 28 33 35 30 29 2c 66 3d 6e 2e 6e 28 6d 29 2c 68 3d 6e 28 31 37 39 29 2c 77 3d 6e 2e 6e 28 68 29 2c 76 3d 28 6e 28 33 35 29 2c 6e 28 34 31 29 2c 6e 28 33 35 31 29 29 2c 79 3d 6e 28 31 32 34 29 2c 6b 3d 6e 28 32 30 29 3b 6e 28 33 31 29 3b 22 73 63 72 6f 6c 6c 52 65 73 74 6f 72 61 74 69 6f 6e 22 69 6e 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 26 26 28 4f 62 6a 65 63 74 28 6b 2e 75 29 28 22 6d 61 6e 75 61 6c 22 29 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4f 62 6a 65 63 74 28 6b 2e 75 29 28 22 61 75 74 6f 22 29 7d 29 29 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 Data Ascii: =n(25),c=n(214),m=n(350),f=n.n(m),h=n(179),w=n.n(h),v=(n(35),n(41),n(351)),y=n(124),k=n(20);n(31);"scrollRestoration"in window.history&&(Object(k.u)("manual"),window.addEventListener("beforeunload",(function(){Object(k.u)("auto")})),window.addEventListene
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 3d 65 2e 6c 65 6e 67 74 68 29 3b 66 6f 72 28 76 61 72 20 6f 3d 30 2c 6e 3d 41 72 72 61 79 28 61 29 3b 6f 3c 61 3b 6f 2b 2b 29 6e 5b 6f 5d 3d 65 5b 6f 5d 3b 72 65 74 75 72 6e 20 6e 7d 76 61 72 20 47 3d 7b 7d 2c 51 3d 7b 5f 66 6c 75 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 5b 6e 2e 65 28 39 30 29 2c 6e 2e 65 28 38 32 29 5d 29 2e 74 68 65 6e 28 6e 2e 62 69 6e 64 28 6e 75 6c 6c 2c 32 30 30 39 29 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 28 6b 2e 73 29 28 65 2e 64 65 66 61 75 6c 74 7c 7c 65 29 7d 29 29 7d 2c 5f 69 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 2e 65 28 38 33 29 2e 74 68 65 6e 28 6e 2e 62 69 6e 64 28 6e 75 6c 6c Data Ascii: =e.length);for(var o=0,n=Array(a);o<a;o++)n[o]=e[o];return n}var G={},Q={_fluent:function(){return Promise.all([n.e(90),n.e(82)]).then(n.bind(null,2009)).then((function(e){return Object(k.s)(e.default\|\|e)}))},_ie:function(){return n.e(83).then(n.bind(null
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 22 2c 6c 61 6e 67 3a 22 65 6e 22 2c 66 69 6c 65 3a 22 65 6e 2d 67 62 2e 6a 73 6f 6e 22 2c 74 72 61 6e 73 6c 61 74 69 6f 6e 4c 6f 63 61 6c 65 3a 22 65 6e 2d 67 62 22 2c 74 72 61 6e 73 6c 61 74 69 6f 6e 3a 22 65 6e 22 7d 2c 7b 63 6f 64 65 3a 22 65 6e 2d 69 6e 22 2c 69 73 6f 3a 22 65 6e 2d 69 6e 22 2c 6c 61 6e 67 3a 22 65 6e 22 2c 66 69 6c 65 3a 22 65 6e 2d 67 62 2e 6a 73 6f 6e 22 2c 74 72 61 6e 73 6c 61 74 69 6f 6e 4c 6f 63 61 6c 65 3a 22 65 6e 2d 67 62 22 2c 74 72 61 6e 73 6c 61 74 69 6f 6e 3a 22 65 6e 22 7d 2c 7b 63 6f 64 65 3a 22 65 73 2d 65 73 22 2c 69 73 6f 3a 22 65 73 2d 65 73 22 2c 6c 61 6e 67 3a 22 65 73 22 2c 66 69 6c 65 3a 22 65 73 2d 65 73 2e 6a 73 6f 6e 22 2c 74 72 61 6e 73 6c 61 74 69 6f 6e 4c 6f 63 61 6c 65 3a 22 65 73 2d 65 73 22 2c 74 72 61 Data Ascii: ",lang:"en",file:"en-gb.json",translationLocale:"en-gb",translation:"en"},{code:"en-in",iso:"en-in",lang:"en",file:"en-gb.json",translationLocale:"en-gb",translation:"en"},{code:"es-es",iso:"es-es",lang:"es",file:"es-es.json",translationLocale:"es-es",tra
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 3d 3d 3d 6f 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 28 6f 3d 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 29 2c 22 4d 61 70 22 3d 3d 3d 6f 7c 7c 22 53 65 74 22 3d 3d 3d 6f 3f 41 72 72 61 79 2e 66 72 6f 6d 28 65 29 3a 22 41 72 67 75 6d 65 6e 74 73 22 3d 3d 3d 6f 7c 7c 2f 5e 28 3f 3a 55 69 7c 49 29 6e 74 28 3f 3a 38 7c 31 36 7c 33 32 29 28 3f 3a 43 6c 61 6d 70 65 64 29 3f 41 72 72 61 79 24 2f 2e 74 65 73 74 28 6f 29 3f 53 65 28 65 2c 61 29 3a 76 6f 69 64 20 30 7d 7d 28 65 29 29 7c 7c 6f 26 26 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 6c 65 6e 67 74 68 29 7b 6e 26 26 28 65 3d 6e 29 3b 76 61 72 20 74 3d 30 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 7b 73 3a 72 2c 6e 3a 66 75 6e 63 74 69 6f 6e Data Ascii: ===o&&e.constructor&&(o=e.constructor.name),"Map"===o\|\|"Set"===o?Array.from(e):"Arguments"===o\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(o)?Se(e,a):void 0}}(e))\|\|o&&e&&"number"==typeof e.length){n&&(e=n);var t=0,r=function(){};return{s:r,n:function
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 29 7b 76 61 72 20 65 3d 4f 62 6a 65 63 74 28 74 2e 61 29 28 72 65 67 65 6e 65 72 61 74 6f 72 52 75 6e 74 69 6d 65 2e 6d 61 72 6b 28 28 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 76 61 72 20 72 2c 70 61 74 68 2c 6c 2c 64 2c 63 3b 72 65 74 75 72 6e 20 72 65 67 65 6e 65 72 61 74 6f 72 52 75 6e 74 69 6d 65 2e 77 72 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 3b 3b 29 73 77 69 74 63 68 28 65 2e 70 72 65 76 3d 65 2e 6e 65 78 74 29 7b 63 61 73 65 20 30 3a 69 66 28 22 2f 22 21 3d 3d 74 2e 70 61 74 68 7c 7c 21 67 65 2e 72 6f 6f 74 52 65 64 69 72 65 63 74 29 7b 65 2e 6e 65 78 74 3d 35 3b 62 72 65 61 6b 7d 72 65 74 75 72 6e 20 72 3d 33 30 32 2c 70 61 74 68 3d 67 65 2e 72 6f 6f 74 52 65 64 69 72 65 63 74 2c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f Data Ascii: ){var e=Object(t.a)(regeneratorRuntime.mark((function e(t){var r,path,l,d,c;return regeneratorRuntime.wrap((function(e){for(;;)switch(e.prev=e.next){case 0:if("/"!==t.path\|\|!ge.rootRedirect){e.next=5;break}return r=302,path=ge.rootRedirect,"string"!=typeo
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 76 61 72 20 65 3d 5b 22 6c 69 6e 75 78 2d 72 70 6d 22 2c 22 6c 69 6e 75 78 2d 64 65 62 22 5d 2e 69 6e 63 6c 75 64 65 73 28 74 68 69 73 2e 66 65 61 74 75 72 65 64 50 6c 61 74 66 6f 72 6d 2e 69 64 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 2c 6d 65 74 68 6f 64 73 3a 55 61 28 55 61 28 7b 7d 2c 4f 62 6a 65 63 74 28 64 2e 62 29 28 7b 6f 70 65 6e 45 75 6c 61 3a 22 70 6f 70 75 70 73 2f 6f 70 65 6e 45 75 6c 61 22 2c 68 69 64 65 45 75 6c 61 3a 22 70 6f 70 75 70 73 2f 68 69 64 65 45 75 6c 61 22 7d 29 29 2c 7b 7d 2c 7b 63 6c 69 63 6b 50 6c 61 74 66 6f 72 6d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 73 4d 6f 62 69 6c 65 3f 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 65 2e 64 6f 77 6e 6c 6f 61 64 4c 69 6e 6b 2c 22 5f 62 6c 61 6e 6b 22 29 3a 74 68 69 73 2e 6f 70 65 6e 45 75 Data Ascii: var e=["linux-rpm","linux-deb"].includes(this.featuredPlatform.id);return e}}),methods:Ua(Ua({},Object(d.b)({openEula:"popups/openEula",hideEula:"popups/hideEula"})),{},{clickPlatform:function(e){e.isMobile?window.open(e.downloadLink,"_blank"):this.openEu
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 72 73 69 6f 6e 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 6f 3d 74 68 69 73 2e 6d 61 6a 6f 72 52 65 6c 65 61 73 65 73 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 6e 29 7b 72 65 74 75 72 6e 7b 69 64 3a 6f 2e 63 68 61 6e 6e 65 6c 49 64 2b 22 2d 22 2b 6f 2e 6d 61 6a 6f 72 56 65 72 73 69 6f 6e 2c 6c 61 62 65 6c 3a 65 2e 67 65 74 4d 61 6a 6f 72 52 65 6c 65 61 73 65 4e 61 6d 65 28 6f 29 2c 72 65 6c 65 61 73 65 73 3a 6f 2e 72 65 6c 65 61 73 65 73 7d 7d 29 29 3b 72 65 74 75 72 6e 20 6f 7d 2c 73 65 6c 65 63 74 65 64 56 65 72 73 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 6f 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 65 6c 65 63 74 65 64 56 65 72 73 69 6f 6e 49 64 26 26 6e 75 6c 6c 21 3d 3d 28 65 Data Ascii: rsions:function(){var e=this,o=this.majorReleases.map((function(o,n){return{id:o.channelId+"-"+o.majorVersion,label:e.getMajorReleaseName(o),releases:o.releases}}));return o},selectedVersion:function(){var e,o=this;return this.selectedVersionId&&null!==(e
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 73 73 69 6f 6e 3a 22 75 6e 69 6e 73 74 61 6c 6c 52 65 61 73 6f 6e 22 7d 5d 2c 61 74 74 72 73 3a 7b 22 61 72 69 61 2d 73 65 74 73 69 7a 65 22 3a 22 37 22 2c 69 64 3a 71 2e 69 64 2c 6e 61 6d 65 3a 22 75 6e 69 6e 73 74 61 6c 6c 2d 72 65 61 73 6f 6e 30 22 2c 74 79 70 65 3a 22 72 61 64 69 6f 22 7d 2c 64 6f 6d 50 72 6f 70 73 3a 7b 76 61 6c 75 65 3a 71 2e 76 61 6c 75 65 2c 63 68 65 63 6b 65 64 3a 65 2e 5f 71 28 65 2e 75 6e 69 6e 73 74 61 6c 6c 52 65 61 73 6f 6e 2c 71 2e 76 61 6c 75 65 29 7d 2c 6f 6e 3a 7b 63 68 61 6e 67 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 65 2e 75 6e 69 6e 73 74 61 6c 6c 52 65 61 73 6f 6e 3d 71 2e 76 61 6c 75 65 7d 7d 7d 29 2c 65 2e 5f 76 28 22 20 22 29 2c 6e 28 22 73 70 61 6e 22 2c 5b 65 2e 5f 76 28 22 5c 6e 20 20 20 20 20 20 20 20 20 20 Data Ascii: ssion:"uninstallReason"}],attrs:{"aria-setsize":"7",id:q.id,name:"uninstall-reason0",type:"radio"},domProps:{value:q.value,checked:e._q(e.uninstallReason,q.value)},on:{change:function(o){e.uninstallReason=q.value}}}),e._v(" "),n("span",[e._v("\n
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 29 2e 65 78 70 6f 72 74 73 29 2c 62 6e 3d 6e 28 37 35 31 29 2c 68 6e 3d 7b 6e 61 6d 65 3a 22 62 6c 6f 63 6b 2d 77 65 62 76 69 65 77 32 22 2c 63 6f 6d 70 6f 6e 65 6e 74 73 3a 7b 43 6f 6d 6d 6f 6e 48 65 61 64 69 6e 67 3a 69 6f 2e 61 2c 43 6f 6d 6d 6f 6e 43 61 72 64 3a 75 6f 2e 61 2c 43 6f 6d 6d 6f 6e 42 75 74 74 6f 6e 3a 73 6f 2e 61 2c 50 78 44 72 6f 70 64 6f 77 6e 3a 76 6f 2e 61 2c 57 65 62 76 69 65 77 45 75 6c 61 50 6f 70 75 70 3a 66 6e 7d 2c 6d 69 78 69 6e 73 3a 5b 5d 2c 69 31 38 6e 3a 7b 6d 65 73 73 61 67 65 73 3a 62 6e 2e 61 7d 2c 70 72 6f 70 73 3a 7b 7d 2c 64 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 73 65 6c 65 63 74 65 64 56 65 72 73 69 6f 6e 49 64 3a 6e 75 6c 6c 2c 73 65 6c 65 63 74 65 64 41 Data Ascii: l,null,null).exports),bn=n(751),hn={name:"block-webview2",components:{CommonHeading:io.a,CommonCard:uo.a,CommonButton:so.a,PxDropdown:vo.a,WebviewEulaPopup:fn},mixins:[],i18n:{messages:bn.a},props:{},data:function(){return{selectedVersionId:null,selectedA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.16	49795	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:29 UTC	581	OUT	GET /shared/edgeweb/a0bd3a0.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:29 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 100168 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"18748-1919ac7ac9b" Last-Modified: Wed, 28 Aug 2024 20:57:42 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170629Z-16579567576txfkctmnqv2e9c400000003eg000000004a94 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:29 UTC	15584	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 39 30 5d 2c 41 72 72 61 79 28 31 33 38 37 29 2e 63 6f 6e 63 61 74 28 5b 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 7d 7d 2c 2c 2c 2c 2c 2c 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 2b 22 69 6d 67 2f 61 72 72 6f 77 2d 6c 65 66 74 2e 30 61 66 30 35 39 64 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 2b 22 69 6d 67 2f 61 72 72 6f 77 2d 72 69 67 68 74 2e 39 36 62 35 36 34 64 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 65 78 70 6f 72 74 73 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[90],Array(1387).concat([function(e,t,n){e.exports={}},,,,,,,function(e,t,n){e.exports=n.p+"img/arrow-left.0af059d.svg"},function(e,t,n){e.exports=n.p+"img/arrow-right.96b564d.svg"},function(e){e.exports
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: b5 d0 bd 20 d0 bf d1 80 d0 b5 d0 b2 d0 be d0 b4 20 d0 b7 d0 b0 20 d1 87 d0 b0 d1 81 d1 82 20 d0 be d1 82 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d1 8f d1 82 d0 b0 20 d0 bd d0 b0 20 d1 82 d0 b0 d0 b7 d0 b8 20 d1 81 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 2e 20 d0 90 d0 ba d0 be 20 d0 bf d1 80 d0 b5 d0 b4 d0 bf d0 be d1 87 d0 b8 d1 82 d0 b0 d1 82 d0 b5 20 d0 b4 d0 b0 20 d0 b2 d0 b8 d0 b4 d0 b8 d1 82 d0 b5 20 d1 82 d0 be d0 b2 d0 b0 20 d1 81 d1 8a d0 b4 d1 8a d1 80 d0 b6 d0 b0 d0 bd d0 b8 d0 b5 20 d0 bd d0 b0 20 d0 b0 d0 bd d0 b3 d0 bb d0 b8 d0 b9 d1 81 d0 ba d0 b8 20 d0 b5 d0 b7 d0 b8 d0 ba 2c 20 d0 bc d0 be d0 b6 d0 b5 d1 82 d0 b5 20 d0 b4 d0 b0 20 d1 81 d0 ba d1 80 d0 b8 d0 b5 d1 82 d0 b5 20 d0 bf d1 80 d0 b5 d0 b2 d0 be d0 b4 d0 b8 d1 Data Ascii: . ,
2024-08-30 17:06:29 UTC	16384	IN	Data Raw: 6f 6e 73 22 3a 22 eb b2 88 ec 97 ad 20 ec 88 a8 ea b8 b0 ea b8 b0 22 2c 22 73 65 65 2d 74 68 69 73 2d 70 61 67 65 2d 69 6e 2d 65 6e 67 6c 69 73 68 22 3a 22 ec 9d b4 20 ed 8e 98 ec 9d b4 ec a7 80 eb a5 bc 20 ec 98 81 ec 96 b4 eb a1 9c 20 eb b3 b4 ea b8 b0 22 2c 22 73 68 6f 77 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 22 3a 22 eb b2 88 ec 97 ad 20 ed 91 9c ec 8b 9c 22 2c 22 77 65 2d 68 61 76 65 2d 75 73 65 64 2d 61 75 74 6f 6d 61 74 69 63 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 22 3a 22 ec 9d b4 20 ed 8e 98 ec 9d b4 ec a7 80 ec 9d 98 20 ec 9d bc eb b6 80 20 ec a0 95 eb b3 b4 ec 97 90 20 eb 8c 80 ed 95 b4 20 ec 9e 90 eb 8f 99 20 eb b2 88 ec 97 ad ec 9d 84 20 ec 82 ac ec 9a a9 ed 96 88 ec 8a b5 eb 8b 88 eb 8b a4 2e 20 ec 9d b4 20 ec bd 98 ed 85 90 ec b8 a0 eb a5 bc 20 Data Ascii: ons":" ","see-this-page-in-english":" ","show-translation":" ","we-have-used-automatic-translation":" .
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 82 e0 b0 9f e0 b1 86 e0 b0 82 e0 b0 9f e0 b1 8d 20 e0 b0 a8 e0 b1 81 20 e0 b0 87 e0 b0 82 e0 b0 97 e0 b1 8d e0 b0 b2 e0 b0 bf e0 b0 b7 e0 b1 8d 20 e0 b0 b2 e0 b1 8b 20 e0 b0 9a e0 b1 82 e0 b0 a1 e0 b0 be e0 b0 b2 e0 b0 a8 e0 b1 81 e0 b0 95 e0 b1 81 e0 b0 82 e0 b0 9f e0 b1 87 2c 20 e0 b0 ae e0 b1 80 e0 b0 b0 e0 b1 81 20 e0 b0 88 20 e0 b0 9f e0 b1 8b e0 b0 97 e0 b0 bf e0 b0 b2 e0 b1 8d 20 e0 b0 89 e0 b0 aa e0 b0 af e0 b1 8b e0 b0 97 e0 b0 bf e0 b0 82 e0 b0 9a e0 b0 bf 20 e0 b0 85 e0 b0 a8 e0 b1 81 e0 b0 b5 e0 b0 be e0 b0 a6 e0 b0 be e0 b0 b2 e0 b0 a8 e0 b1 81 20 e0 b0 a6 e0 b0 be e0 b0 9a e0 b0 b5 e0 b0 9a e0 b1 8d e0 b0 9a e0 b1 81 2e 22 7d 2c 22 74 68 2d 74 68 22 3a 7b 22 68 69 64 65 2d 74 72 61 6e 73 6c 61 74 69 6f 6e 73 22 3a 22 e0 b8 8b e0 b9 88 e0 b8 Data Ascii: , ."},"th-th":{"hide-translations":"
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 65 77 69 6e 64 2e 65 32 34 33 32 38 36 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 2b 22 69 6d 67 2f 72 6f 74 61 74 65 2d 63 63 77 2e 36 38 37 65 36 65 38 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 2b 22 69 6d 67 2f 72 6f 74 61 74 65 2d 63 77 2e 66 62 64 35 34 33 38 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 2b 22 69 6d 67 2f 72 73 73 2e 65 62 61 36 61 62 64 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 2b 22 69 6d 67 2f 73 61 76 65 2e 37 31 64 33 39 35 66 2e 73 76 67 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 Data Ascii: ewind.e243286.svg"},function(e,t,n){e.exports=n.p+"img/rotate-ccw.687e6e8.svg"},function(e,t,n){e.exports=n.p+"img/rotate-cw.fbd5438.svg"},function(e,t,n){e.exports=n.p+"img/rss.eba6abd.svg"},function(e,t,n){e.exports=n.p+"img/save.71d395f.svg"},function(
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 73 2e 72 65 73 69 7a 65 28 6e 75 6c 6c 2c 21 30 29 7d 2c 62 65 66 6f 72 65 44 65 73 74 72 6f 79 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 64 65 62 6f 75 6e 63 65 52 65 73 69 7a 65 26 26 74 68 69 73 2e 64 65 62 6f 75 6e 63 65 52 65 73 69 7a 65 2e 63 61 6e 63 65 6c 28 29 2c 77 69 6e 64 6f 77 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 72 65 73 69 7a 65 22 2c 74 68 69 73 2e 72 65 73 69 7a 65 48 61 6e 64 6c 65 72 29 7d 2c 6d 65 74 68 6f 64 73 3a 7b 72 65 73 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3d 74 68 69 73 2c 6f 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 31 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3b 74 68 69 73 2e Data Ascii: s.resize(null,!0)},beforeDestroy:function(){this.debounceResize&&this.debounceResize.cancel(),window.removeEventListener("resize",this.resizeHandler)},methods:{resize:function(e){var t,n=this,o=arguments.length>1&&void 0!==arguments[1]&&arguments[1];this.
2024-08-30 17:06:30 UTC	2664	IN	Data Raw: 74 73 3a 7b 7d 2c 70 72 6f 70 73 3a 7b 70 61 72 74 6e 65 72 49 64 3a 7b 74 79 70 65 3a 53 74 72 69 6e 67 2c 64 65 66 61 75 6c 74 3a 6e 75 6c 6c 7d 7d 2c 64 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 73 63 72 69 70 74 41 70 70 65 6e 64 65 64 3a 21 31 7d 7d 2c 63 72 65 61 74 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6d 6f 75 6e 74 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 70 61 72 74 6e 65 72 49 64 7c 7c 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 22 4d 69 73 73 69 6e 67 20 4c 69 6e 6b 65 64 49 6e 20 70 61 72 74 6e 65 72 20 69 64 22 29 7d 2c 63 6f 6d 70 75 74 65 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 31 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 76 61 Data Ascii: ts:{},props:{partnerId:{type:String,default:null}},data:function(){return{scriptAppended:!1}},created:function(){},mounted:function(){this.partnerId\|\|console.error("Missing LinkedIn partner id")},computed:function(e){for(var t=1;t<arguments.length;t++){va

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.16	49797	40.118.171.167	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:29 UTC	735	OUT	POST /api/browser/edge/data/toptraffic/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1121 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiTkV1TTAyRlEyWVI5ZkZMNTgwUTVUUT09IiwgImhhc2giOiJORDZ0V253MGt3ST0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "170540185939602997400506234197983529371" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:29 UTC	1121	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 4e 73 70 50 47 6c 43 51 4a 6d 46 67 65 2b 54 4b 36 55 38 36 57 57 55 4f 5a 67 41 41 45 49 6d 37 55 53 34 50 6f 65 6c 2b 44 44 56 6e 4c 31 66 37 61 54 76 67 41 46 57 37 45 61 52 4a 62 49 59 53 6d 43 62 35 4d 57 50 71 52 4f 50 2f 6c 46 4c 46 71 63 41 70 6f 34 42 62 65 67 6b 39 2b 5a 77 48 46 70 37 77 6f 4f 36 70 64 43 2b 4c 2b 38 41 6c 32 4a 2b 37 63 38 36 64 79 49 6f 4d 2b 77 41 74 65 4a 4d 43 42 79 7a 70 54 35 4f 59 76 50 71 76 Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPXNspPGlCQJmFge+TK6U86WWUOZgAAEIm7US4Poel+DDVnL1f7aTvgAFW7EaRJbIYSmCb5MWPqROP/lFLFqcApo4Bbegk9+ZwHFp7woO6pdC+L+8Al2J+7c86dyIoM+wAteJMCByzpT5OYvPqv
2024-08-30 17:06:30 UTC	252	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/octet-stream Content-Length: 460992 Connection: close Server: Kestrel ETag: "638004170464094982" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-08-30 17:06:30 UTC	16132	IN	Data Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<Z%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71 Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S\|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83 Data Ascii: S}8,cLB^}vVnz'O)E`Of1VXa\|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA7{GV1#<$/^kd*XD?A_
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54 Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8 Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7pD.&2L#R7.@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53 Data Ascii: 0/@;Y@mg@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4 Data Ascii: f}&`^r9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb\|Fq{E_I~$.pINIK%p8IqLzPL>I@@5%Ih7?Q^%I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.16	49796	40.118.171.167	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:29 UTC	724	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1121 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiTkV1TTAyRlEyWVI5ZkZMNTgwUTVUUT09IiwgImhhc2giOiJORDZ0V253MGt3ST0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:29 UTC	1121	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 4e 73 70 50 47 6c 43 51 4a 6d 46 67 65 2b 54 4b 36 55 38 36 57 57 55 4f 5a 67 41 41 45 49 6d 37 55 53 34 50 6f 65 6c 2b 44 44 56 6e 4c 31 66 37 61 54 76 67 41 46 57 37 45 61 52 4a 62 49 59 53 6d 43 62 35 4d 57 50 71 52 4f 50 2f 6c 46 4c 46 71 63 41 70 6f 34 42 62 65 67 6b 39 2b 5a 77 48 46 70 37 77 6f 4f 36 70 64 43 2b 4c 2b 38 41 6c 32 4a 2b 37 63 38 36 64 79 49 6f 4d 2b 77 41 74 65 4a 4d 43 42 79 7a 70 54 35 4f 59 76 50 71 76 Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPXNspPGlCQJmFge+TK6U86WWUOZgAAEIm7US4Poel+DDVnL1f7aTvgAFW7EaRJbIYSmCb5MWPqROP/lFLFqcApo4Bbegk9+ZwHFp7woO6pdC+L+8Al2J+7c86dyIoM+wAteJMCByzpT5OYvPqv
2024-08-30 17:06:30 UTC	248	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-08-30 17:06:30 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.16	49798	40.118.171.167	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:29 UTC	699	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1121 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiTkV1TTAyRlEyWVI5ZkZMNTgwUTVUUT09IiwgImhhc2giOiJORDZ0V253MGt3ST0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:29 UTC	1121	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 4e 73 70 50 47 6c 43 51 4a 6d 46 67 65 2b 54 4b 36 55 38 36 57 57 55 4f 5a 67 41 41 45 49 6d 37 55 53 34 50 6f 65 6c 2b 44 44 56 6e 4c 31 66 37 61 54 76 67 41 46 57 37 45 61 52 4a 62 49 59 53 6d 43 62 35 4d 57 50 71 52 4f 50 2f 6c 46 4c 46 71 63 41 70 6f 34 42 62 65 67 6b 39 2b 5a 77 48 46 70 37 77 6f 4f 36 70 64 43 2b 4c 2b 38 41 6c 32 4a 2b 37 63 38 36 64 79 49 6f 4d 2b 77 41 74 65 4a 4d 43 42 79 7a 70 54 35 4f 59 76 50 71 76 Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPXNspPGlCQJmFge+TK6U86WWUOZgAAEIm7US4Poel+DDVnL1f7aTvgAFW7EaRJbIYSmCb5MWPqROP/lFLFqcApo4Bbegk9+ZwHFp7woO6pdC+L+8Al2J+7c86dyIoM+wAteJMCByzpT5OYvPqv
2024-08-30 17:06:30 UTC	302	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:29 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-08-30 17:06:30 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-08-30 17:06:30 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.16	49801	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:31 UTC	581	OUT	GET /shared/edgeweb/e3032ae.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:31 UTC	798	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:31 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 39122 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"98d2-1919ac7adb5" Last-Modified: Wed, 28 Aug 2024 20:57:43 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170631Z-165795675762gt5gbs4b9bazh800000003e000000000e9ku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:31 UTC	15586	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 38 32 5d 2c 7b 31 34 30 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 6f 28 31 35 29 2c 72 3d 28 6f 28 31 33 29 2c 6f 28 37 29 2c 6f 28 31 37 29 2c 6f 28 31 31 29 2c 6f 28 31 29 2c 6f 28 36 29 2c 6f 28 31 34 30 31 29 29 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 72 2e 61 2e 69 73 41 63 74 69 76 65 28 65 2c 22 65 35 34 32 22 29 3f 7b 74 79 70 65 3a 22 63 75 73 74 6f 6d 22 2c 6c 61 62 65 6c 3a 22 44 6f 77 6e 6c 6f 61 64 20 45 64 67 65 22 2c 61 63 74 69 6f 6e 49 64 3a 22 64 6f 77 6e 6c 6f 61 64 22 2c 69 63 6f 6e 3a Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[82],{1400:function(e,t,o){"use strict";var n=o(15),r=(o(13),o(7),o(17),o(11),o(1),o(6),o(1401)),l=function(e){return r.a.isActive(e,"e542")?{type:"custom",label:"Download Edge",actionId:"download",icon:
2024-08-30 17:06:31 UTC	16384	IN	Data Raw: 76 67 22 3a 31 36 36 30 2c 22 2e 2f 63 61 73 74 2e 73 76 67 22 3a 31 36 36 31 2c 22 2e 2f 63 68 65 63 6b 2d 63 69 72 63 6c 65 2e 73 76 67 22 3a 31 36 36 32 2c 22 2e 2f 63 68 65 63 6b 2d 73 71 75 61 72 65 2e 73 76 67 22 3a 31 36 36 33 2c 22 2e 2f 63 68 65 63 6b 2e 73 76 67 22 3a 31 36 36 34 2c 22 2e 2f 63 68 65 76 72 6f 6e 2d 64 6f 77 6e 2e 73 76 67 22 3a 31 36 36 35 2c 22 2e 2f 63 68 65 76 72 6f 6e 2d 6c 65 66 74 2e 73 76 67 22 3a 31 36 36 36 2c 22 2e 2f 63 68 65 76 72 6f 6e 2d 72 69 67 68 74 2e 73 76 67 22 3a 31 36 36 37 2c 22 2e 2f 63 68 65 76 72 6f 6e 2d 75 70 2e 73 76 67 22 3a 31 36 36 38 2c 22 2e 2f 63 68 65 76 72 6f 6e 73 2d 64 6f 77 6e 2e 73 76 67 22 3a 31 36 36 39 2c 22 2e 2f 63 68 65 76 72 6f 6e 73 2d 6c 65 66 74 2e 73 76 67 22 3a 31 36 37 30 2c Data Ascii: vg":1660,"./cast.svg":1661,"./check-circle.svg":1662,"./check-square.svg":1663,"./check.svg":1664,"./chevron-down.svg":1665,"./chevron-left.svg":1666,"./chevron-right.svg":1667,"./chevron-up.svg":1668,"./chevrons-down.svg":1669,"./chevrons-left.svg":1670,
2024-08-30 17:06:31 UTC	7152	IN	Data Raw: 75 74 74 6f 6e 2d 62 67 2d 68 6f 76 65 72 2d 72 67 62 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 62 67 2d 68 6f 76 65 72 2d 6c 69 67 68 74 65 72 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 62 67 2d 68 6f 76 65 72 2d 64 61 72 6b 65 72 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 62 67 2d 61 63 74 69 76 65 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 62 67 2d 61 63 74 69 76 65 2d 72 67 62 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 62 67 2d 61 63 74 69 76 65 2d 6c 69 67 68 74 65 72 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 62 67 2d 61 63 74 69 76 65 2d 64 61 72 6b 65 72 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 66 67 22 2c 22 2d 2d 74 68 65 6d 65 2d 62 75 74 74 6f 6e 2d 66 67 2d 72 67 Data Ascii: utton-bg-hover-rgb","--theme-button-bg-hover-lighter","--theme-button-bg-hover-darker","--theme-button-bg-active","--theme-button-bg-active-rgb","--theme-button-bg-active-lighter","--theme-button-bg-active-darker","--theme-button-fg","--theme-button-fg-rg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.16	49799	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:31 UTC	581	OUT	GET /shared/edgeweb/3b37526.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:31 UTC	798	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:31 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 19889 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"4db1-1919ac7adb5" Last-Modified: Wed, 28 Aug 2024 20:57:43 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170631Z-16579567576pgh4h94c7qn0kuc00000003s000000000277r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:31 UTC	15586	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 38 34 5d 2c 7b 31 34 30 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 6f 28 31 35 29 2c 72 3d 28 6f 28 31 33 29 2c 6f 28 37 29 2c 6f 28 31 37 29 2c 6f 28 31 31 29 2c 6f 28 31 29 2c 6f 28 36 29 2c 6f 28 31 34 30 31 29 29 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 72 2e 61 2e 69 73 41 63 74 69 76 65 28 65 2c 22 65 35 34 32 22 29 3f 7b 74 79 70 65 3a 22 63 75 73 74 6f 6d 22 2c 6c 61 62 65 6c 3a 22 44 6f 77 6e 6c 6f 61 64 20 45 64 67 65 22 2c 61 63 74 69 6f 6e 49 64 3a 22 64 6f 77 6e 6c 6f 61 64 22 2c 69 63 6f 6e 3a Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[84],{1400:function(e,t,o){"use strict";var n=o(15),r=(o(13),o(7),o(17),o(11),o(1),o(6),o(1401)),c=function(e){return r.a.isActive(e,"e542")?{type:"custom",label:"Download Edge",actionId:"download",icon:
2024-08-30 17:06:31 UTC	4303	IN	Data Raw: 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 70 6f 70 75 70 73 2e 70 6f 70 75 70 50 6c 61 74 66 6f 72 6d 7d 7d 29 29 2c 7b 7d 2c 7b 65 75 6c 61 56 69 73 69 62 6c 65 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 24 73 74 6f 72 65 2e 73 74 61 74 65 2e 70 6f 70 75 70 73 2e 73 68 6f 77 45 75 6c 61 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 7c 7c 74 68 69 73 2e 68 69 64 65 45 75 6c 61 28 29 7d 7d 7d 29 2c 6d 65 74 68 6f 64 73 3a 66 28 66 28 7b 7d 2c 4f 62 6a 65 63 74 28 63 2e 62 29 28 7b 6f 70 65 6e 45 75 6c 61 3a 22 70 6f 70 75 70 73 2f 6f 70 65 6e 45 75 6c 61 22 2c 68 69 64 65 45 75 6c 61 3a 22 70 6f 70 75 70 73 2f 68 69 64 65 45 75 6c 61 22 7d 29 29 2c 7b 7d 2c 7b 65 6e 73 75 72 65 45 75 6c Data Ascii: nction(e){return e.popups.popupPlatform}})),{},{eulaVisible:{get:function(){return this.$store.state.popups.showEula},set:function(e){e\|\|this.hideEula()}}}),methods:f(f({},Object(c.b)({openEula:"popups/openEula",hideEula:"popups/hideEula"})),{},{ensureEul

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.16	49800	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:31 UTC	581	OUT	GET /shared/edgeweb/a721aec.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:31 UTC	798	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:31 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 26241 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"6681-1919ac7ad48" Last-Modified: Wed, 28 Aug 2024 20:57:42 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170631Z-16579567576l4p9bs8an1npq1n00000003b000000000th6u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:31 UTC	15586	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 30 5d 2c 7b 31 33 38 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 28 35 29 2c 6e 28 37 29 2c 6e 28 31 38 29 2c 6e 28 31 39 29 2c 6e 28 31 31 29 2c 6e 28 36 29 3b 76 61 72 20 6f 3d 6e 28 31 35 29 2c 72 3d 6e 28 33 29 2c 6c 3d 28 6e 28 31 33 29 2c 6e 28 35 37 29 2c 6e 28 33 31 29 2c 6e 28 31 29 2c 6e 28 32 31 29 2c 6e 28 32 32 29 29 2c 63 3d 6e 28 37 30 37 29 2c 64 3d 6e 28 31 35 31 36 29 3b 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],{1384:function(e,t,n){"use strict";n(5),n(7),n(18),n(19),n(11),n(6);var o=n(15),r=n(3),l=(n(13),n(57),n(31),n(1),n(21),n(22)),c=n(707),d=n(1516);function f(e,t){var n=Object.keys(e);if(Object.getOwnP
2024-08-30 17:06:31 UTC	10655	IN	Data Raw: 7d 2c 22 73 72 2d 63 79 72 6c 2d 72 73 22 3a 7b 22 6e 65 78 74 22 3a 22 d0 94 d0 b0 d1 99 d0 b5 22 7d 2c 22 73 72 2d 6c 61 74 6e 2d 72 73 22 3a 7b 22 6e 65 78 74 22 3a 22 44 61 6c 6a 65 22 7d 2c 22 73 76 2d 73 65 22 3a 7b 22 6e 65 78 74 22 3a 22 4e c3 a4 73 74 61 22 7d 2c 22 74 61 2d 69 6e 22 3a 7b 22 6e 65 78 74 22 3a 22 e0 ae 85 e0 ae 9f e0 af 81 e0 ae a4 e0 af 8d e0 ae a4 e0 af 81 22 7d 2c 22 74 65 2d 69 6e 22 3a 7b 22 6e 65 78 74 22 3a 22 e0 b0 a4 e0 b0 b0 e0 b1 81 e0 b0 b5 e0 b0 be e0 b0 a4 22 7d 2c 22 74 68 2d 74 68 22 3a 7b 22 6e 65 78 74 22 3a 22 e0 b8 96 e0 b8 b1 e0 b8 94 e0 b9 84 e0 b8 9b 22 7d 2c 22 74 72 2d 74 72 22 3a 7b 22 6e 65 78 74 22 3a 22 c4 b0 6c 65 72 69 22 7d 2c 22 74 74 2d 72 75 22 3a 7b 22 6e 65 78 74 22 3a 22 d0 9a d0 b8 d0 bb d3 Data Ascii: },"sr-cyrl-rs":{"next":""},"sr-latn-rs":{"next":"Dalje"},"sv-se":{"next":"Nsta"},"ta-in":{"next":""},"te-in":{"next":""},"th-th":{"next":""},"tr-tr":{"next":"leri"},"tt-ru":{"next":"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.16	49802	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:32 UTC	581	OUT	GET /shared/edgeweb/1790fce.js HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:32 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:32 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 455971 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"6f523-1919ac7ad86" Last-Modified: Wed, 28 Aug 2024 20:57:43 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170632Z-165795675762gt5gbs4b9bazh800000003c000000000q1ks x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:32 UTC	15584	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 4c 49 43 45 4e 53 45 53 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 39 31 2c 39 32 5d 2c 7b 31 33 38 35 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6f 3d 6e 28 32 39 29 2c 72 3d 6e 28 33 37 30 29 2c 6c 3d 6e 28 32 36 30 29 2c 63 3d 6e 28 33 37 31 29 2c 64 3d 6e 28 33 36 35 29 2c 66 3d 6e 28 32 32 36 29 2c 68 3d 6e 28 33 37 32 29 2c 6d 3d 6e 28 33 37 33 29 2c 76 3d 6e 28 33 37 34 29 2c 79 3d 6e 28 33 36 36 29 2c 6b 3d 6e 28 33 36 34 29 2c 77 3d 6e 28 33 36 37 Data Ascii: /! For license information please see LICENSES /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[91,92],{1385:function(e,t,n){"use strict";var o=n(29),r=n(370),l=n(260),c=n(371),d=n(365),f=n(226),h=n(372),m=n(373),v=n(374),y=n(366),k=n(364),w=n(367
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: d7 a4 22 2c 22 66 65 61 74 75 72 65 73 2d 66 65 61 74 75 72 65 22 3a 22 d7 aa d7 9b d7 95 d7 a0 d7 94 22 2c 22 66 65 61 74 75 72 65 73 2d 66 72 65 71 75 65 6e 74 6c 79 2d 61 73 6b 65 64 2d 71 75 65 73 74 69 6f 6e 73 22 3a 22 d7 a9 d7 90 d7 9c d7 95 d7 aa 20 d7 a0 d7 a4 d7 95 d7 a6 d7 95 d7 aa 22 2c 22 66 65 61 74 75 72 65 73 2d 6c 65 61 72 6e 2d 6d 6f 72 65 22 3a 22 d7 9c d7 9e d7 93 20 d7 a2 d7 95 d7 93 22 2c 22 66 65 61 74 75 72 65 73 2d 6d 6f 72 65 2d 71 75 65 73 74 69 6f 6e 73 22 3a 22 d7 a9 d7 90 d7 9c d7 95 d7 aa 20 d7 a0 d7 95 d7 a1 d7 a4 d7 95 d7 aa 2e 2e 2e 22 2c 22 66 65 61 74 75 72 65 73 2d 6e 2d 66 65 61 74 75 72 65 73 22 3a 22 d7 aa d7 9b d7 95 d7 a0 d7 95 d7 aa 20 7b 30 7d 22 2c 22 66 65 61 74 75 72 65 73 2d 6e 2d 6d 6f 72 65 2d 71 75 65 73 Data Ascii: ","features-feature":"","features-frequently-asked-questions":" ","features-learn-more":" ","features-more-questions":" ...","features-n-features":" {0}","features-n-more-ques
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: 61 74 75 72 65 73 2d 31 2d 66 65 61 74 75 72 65 22 3a 22 31 20 d1 84 d1 83 d0 bd d0 ba d1 86 d0 b8 d1 8f 22 2c 22 66 65 61 74 75 72 65 73 2d 31 2d 74 69 70 22 3a 22 31 20 d1 81 d0 be d0 b2 d0 b5 d1 82 22 2c 22 66 65 61 74 75 72 65 73 2d 66 65 61 74 75 72 65 22 3a 22 d0 9e d1 81 d0 be d0 b1 d0 b5 d0 bd d0 bd d0 be d1 81 d1 82 d1 8c 22 2c 22 66 65 61 74 75 72 65 73 2d 66 72 65 71 75 65 6e 74 6c 79 2d 61 73 6b 65 64 2d 71 75 65 73 74 69 6f 6e 73 22 3a 22 d0 a7 d0 b0 d1 81 d1 82 d0 be 20 d0 b7 d0 b0 d0 b4 d0 b0 d0 b2 d0 b0 d0 b5 d0 bc d1 8b d0 b5 20 d0 b2 d0 be d0 bf d1 80 d0 be d1 81 d1 8b 22 2c 22 66 65 61 74 75 72 65 73 2d 6c 65 61 72 6e 2d 6d 6f 72 65 22 3a 22 d0 9f d0 be d0 b4 d1 80 d0 be d0 b1 d0 bd d0 b5 d0 b5 22 2c 22 66 65 61 74 75 72 65 73 2d 6d 6f Data Ascii: atures-1-feature":"1 ","features-1-tip":"1 ","features-feature":"","features-frequently-asked-questions":" ","features-learn-more":"","features-mo
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: e0 ae 95 e0 af 80 e0 ae 95 e0 ae b3 e0 af 88 20 e0 ae a8 e0 ae bf e0 ae b0 e0 af 8d e0 ae b5 e0 ae 95 e0 ae bf e0 ae 95 e0 af 8d e0 ae 95 e0 ae b5 e0 af 81 e0 ae ae e0 af 8d 22 7d 2c 22 74 65 2d 69 6e 22 3a 7b 22 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 22 3a 22 e0 b0 95 e0 b1 81 e0 b0 95 e0 b1 80 e0 b0 b2 e0 b0 a8 e0 b1 81 20 e0 b0 a8 e0 b0 bf e0 b0 b0 e0 b1 8d e0 b0 b5 e0 b0 b9 e0 b0 bf e0 b0 82 e0 b0 9a e0 b0 82 e0 b0 a1 e0 b0 bf 22 7d 2c 22 74 68 2d 74 68 22 3a 7b 22 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 22 3a 22 e0 b8 88 e0 b8 b1 e0 b8 94 e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b8 84 e0 b8 b8 e0 b8 81 e0 b8 81 e0 b8 b5 e0 b9 89 22 7d 2c 22 74 6b 2d 74 6d 22 3a 7b 22 6d 61 6e 61 67 65 2d 63 6f 6f 6b 69 65 73 22 3a 22 47 75 74 61 70 6a 79 6b 6c 61 72 79 20 Data Ascii: "},"te-in":{"manage-cookies":" "},"th-th":{"manage-cookies":""},"tk-tm":{"manage-cookies":"Gutapjyklary
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 74 3d 74 68 69 73 2e 73 68 6f 77 48 69 64 65 4f 70 74 69 6f 6e 73 2c 6e 3d 74 2e 73 68 6f 77 53 65 63 74 69 6f 6e 7c 7c 74 2e 73 68 6f 77 4f 66 66 73 65 74 2c 6f 3d 74 2e 68 69 64 65 53 65 63 74 69 6f 6e 7c 7c 74 2e 68 69 64 65 4f 66 66 73 65 74 2c 72 3d 7b 73 63 72 6f 6c 6c 59 3a 30 2c 73 65 63 74 69 6f 6e 4f 66 66 73 65 74 73 3a 7b 7d 7d 2c 6c 3d 74 2e 69 6e 69 74 69 61 6c 53 68 6f 77 44 65 6c 61 79 7c 7c 30 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 76 61 72 20 6c 3d 30 2c 63 3d 31 65 39 3b 72 65 74 75 72 6e 20 6e 26 26 28 6c 3d 74 2e 73 68 6f 77 53 65 63 74 69 6f 6e 26 26 74 2e 73 68 6f 77 53 65 63 74 69 6f 6e 20 69 6e 20 72 3f 72 5b 74 2e 73 68 6f 77 53 65 63 74 69 6f 6e 5d 3a 30 2c 6c 2b 3d 74 2e Data Ascii: n(){var e=this,t=this.showHideOptions,n=t.showSection\|\|t.showOffset,o=t.hideSection\|\|t.hideOffset,r={scrollY:0,sectionOffsets:{}},l=t.initialShowDelay\|\|0,c=function(e,r){var l=0,c=1e9;return n&&(l=t.showSection&&t.showSection in r?r[t.showSection]:0,l+=t.
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: 74 69 6f 6e 2c 64 65 73 63 72 69 70 74 69 6f 6e 43 6c 61 73 73 3a 74 2e 62 65 6d 28 22 64 65 73 63 72 69 70 74 69 6f 6e 22 29 2c 6c 65 76 65 6c 3a 33 2c 61 70 70 65 61 72 61 6e 63 65 4c 65 76 65 6c 3a 35 2c 73 70 61 63 69 6e 67 3a 2e 32 35 2c 76 61 72 69 61 6e 74 3a 22 74 69 74 6c 65 2d 62 6f 6c 64 22 7d 7d 29 2c 74 2e 5f 76 28 22 20 22 29 2c 74 2e 73 65 70 61 72 61 74 65 41 63 74 69 6f 6e 73 3f 74 2e 5f 65 28 29 3a 72 28 22 41 63 74 69 6f 6e 4c 69 73 74 22 2c 7b 63 6c 61 73 73 3a 74 2e 62 65 6d 28 22 61 63 74 69 6f 6e 73 22 2c 7b 73 65 63 6f 6e 64 61 72 79 3a 21 30 7d 29 2c 61 74 74 72 73 3a 7b 61 63 74 69 6f 6e 73 3a 74 2e 61 63 74 69 6f 6e 73 2c 22 68 69 64 65 2d 64 65 66 61 75 6c 74 2d 69 63 6f 6e 22 3a 21 30 2c 22 76 61 72 69 61 6e 74 2d 64 65 66 61 Data Ascii: tion,descriptionClass:t.bem("description"),level:3,appearanceLevel:5,spacing:.25,variant:"title-bold"}}),t._v(" "),t.separateActions?t._e():r("ActionList",{class:t.bem("actions",{secondary:!0}),attrs:{actions:t.actions,"hide-default-icon":!0,"variant-defa
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: 72 69 70 74 6f 72 28 65 2c 74 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 76 61 72 20 43 3d 7b 6e 61 6d 65 3a 22 70 78 2d 73 6c 69 64 65 73 22 2c 6d 69 78 69 6e 73 3a 5b 6c 2e 61 2c 77 2e 61 5d 2c 63 6f 6d 70 6f 6e 65 6e 74 73 3a 7b 50 78 53 6c 69 64 65 54 72 61 6e 73 69 74 69 6f 6e 3a 79 2c 50 78 49 63 6f 6e 3a 6b 2e 61 7d 2c 70 72 6f 70 73 3a 7b 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 7b 74 79 70 65 3a 53 74 72 69 6e 67 2c 64 65 66 61 75 6c 74 3a 22 68 6f 72 69 7a 6f 6e 74 61 6c 22 7d 2c 64 72 61 67 45 6e 61 62 6c 65 64 3a 7b 74 79 70 65 3a 42 6f 6f 6c 65 61 6e 2c 64 65 66 61 75 6c 74 3a 21 30 7d 2c 73 63 72 6f 6c 6c 45 6e 61 62 6c 65 64 3a 7b 74 79 70 65 3a 42 6f 6f 6c Data Ascii: riptor(e,t).enumerable}))),n.push.apply(n,o)}return n}var C={name:"px-slides",mixins:[l.a,w.a],components:{PxSlideTransition:y,PxIcon:k.a},props:{orientation:{type:String,default:"horizontal"},dragEnabled:{type:Boolean,default:!0},scrollEnabled:{type:Bool
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: 22 3a 7b 22 65 78 70 61 6e 64 2d 6d 65 6e 75 22 3a 22 44 c3 a9 76 65 6c 6f 70 70 65 72 20 6c 65 20 6d 65 6e 75 22 2c 22 6e 65 77 22 3a 22 4e 6f 75 76 65 61 75 22 7d 2c 22 67 61 2d 69 65 22 3a 7b 22 65 78 70 61 6e 64 2d 6d 65 6e 75 22 3a 22 4c 65 61 74 68 6e 61 69 67 68 20 61 6e 20 52 6f 67 68 63 68 6c c3 a1 72 22 2c 22 6e 65 77 22 3a 22 4e 75 61 22 7d 2c 22 67 64 2d 67 62 22 3a 7b 22 65 78 70 61 6e 64 2d 6d 65 6e 75 22 3a 22 45 78 70 61 6e 64 20 4d 65 6e 75 22 2c 22 6e 65 77 22 3a 22 c3 99 72 22 7d 2c 22 67 6c 2d 65 73 22 3a 7b 22 65 78 70 61 6e 64 2d 6d 65 6e 75 22 3a 22 45 78 70 61 6e 64 69 72 20 6d 65 6e c3 ba 22 2c 22 6e 65 77 22 3a 22 4e 6f 76 69 64 61 64 65 73 22 7d 2c 22 67 75 2d 69 6e 22 3a 7b 22 65 78 70 61 6e 64 2d 6d 65 6e 75 22 3a 22 e0 aa ae Data Ascii: ":{"expand-menu":"Dvelopper le menu","new":"Nouveau"},"ga-ie":{"expand-menu":"Leathnaigh an Roghchlr","new":"Nua"},"gd-gb":{"expand-menu":"Expand Menu","new":"r"},"gl-es":{"expand-menu":"Expandir men","new":"Novidades"},"gu-in":{"expand-menu":"
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: d1 81 d0 ba d0 b8 20 d0 b7 d0 b0 d0 ba d0 be d0 bd 20 d0 b7 d0 b0 20 d0 bf d1 80 d0 b8 d0 b2 d0 b0 d1 82 d0 bd d0 be d1 81 d1 82 20 d0 bd d0 b0 20 d0 bf d0 be d1 82 d1 80 d0 be d1 88 d1 83 d0 b2 d0 b0 d1 87 d0 b8 20 28 43 43 50 41 29 20 4f 70 74 2d 4f 75 74 20 49 63 6f 6e 22 2c 22 79 6f 75 72 2d 70 72 69 76 61 63 79 2d 63 68 6f 69 63 65 73 22 3a 22 d0 92 d0 b0 d1 88 d0 b8 d0 be d1 82 20 d0 b8 d0 b7 d0 b1 d0 be d1 80 20 d0 b7 d0 b0 20 d0 bf d1 80 d0 b8 d0 b2 d0 b0 d1 82 d0 bd d0 be d1 81 d1 82 22 7d 2c 22 6d 6c 2d 69 6e 22 3a 7b 22 70 72 69 76 61 63 79 2d 63 68 6f 69 63 65 73 2d 69 63 6f 6e 2d 61 6c 74 22 3a 22 e0 b4 95 e0 b4 be e0 b4 b2 e0 b4 bf e0 b4 ab e0 b5 8b e0 b5 bc e0 b4 a3 e0 b4 bf e0 b4 af 20 e0 b4 89 e0 b4 aa e0 b4 ad e0 b5 8b e0 b4 95 e0 b5 8d Data Ascii: (CCPA) Opt-Out Icon","your-privacy-choices":" "},"ml-in":{"privacy-choices-icon-alt":"
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: 65 22 3a 22 43 6f 6e 74 69 6e 75 65 22 2c 22 64 69 64 6e 74 2d 77 6f 72 6b 2d 74 72 79 2d 6c 61 75 6e 63 68 69 6e 67 2d 61 67 61 69 6e 22 3a 22 44 69 64 6e 5c 27 74 20 77 6f 72 6b 3f 20 54 72 79 20 6c 61 75 6e 63 68 69 6e 67 20 61 67 61 69 6e 2e 22 2c 22 6f 72 2d 63 6f 6e 74 69 6e 75 65 2d 69 6e 2d 74 68 69 73 2d 62 72 6f 77 73 65 72 22 3a 22 4f 72 20 7b 30 7d 20 69 6e 20 74 68 69 73 20 62 72 6f 77 73 65 72 2e 22 2c 22 74 72 79 2d 61 67 61 69 6e 22 3a 22 54 72 79 20 61 67 61 69 6e 22 7d 2c 22 65 73 2d 65 73 22 3a 7b 22 63 6f 6e 74 69 6e 75 65 22 3a 22 43 6f 6e 74 69 6e 75 61 72 22 2c 22 64 69 64 6e 74 2d 77 6f 72 6b 2d 74 72 79 2d 6c 61 75 6e 63 68 69 6e 67 2d 61 67 61 69 6e 22 3a 22 c2 bf 4e 6f 20 68 61 20 66 75 6e 63 69 6f 6e 61 64 6f 3f 20 50 72 75 65 Data Ascii: e":"Continue","didnt-work-try-launching-again":"Didn\'t work? Try launching again.","or-continue-in-this-browser":"Or {0} in this browser.","try-again":"Try again"},"es-es":{"continue":"Continuar","didnt-work-try-launching-again":"No ha funcionado? Prue

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.16	49803	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:32 UTC	669	OUT	GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:32 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:32 GMT Content-Type: image/png Content-Length: 71803 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1187b-18c5b630cdd" Last-Modified: Tue, 12 Dec 2023 00:17:47 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170632Z-16579567576fh7f86y3uqsyhx000000003eg00000000uv1h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:32 UTC	15677	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2d 00 00 01 36 08 06 00 00 00 34 f2 c4 b6 00 00 00 09 70 48 59 73 00 00 21 38 00 00 21 38 01 45 96 31 60 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 01 18 10 49 44 41 54 78 01 ec fd 6b d0 66 d9 75 1e 86 ad 75 be ee c1 95 e4 0c 2d c9 a6 c4 08 0d 55 e4 88 64 64 0c 24 52 b6 64 27 1c e8 47 ec 24 95 00 72 9c 44 fe 11 03 60 e5 52 89 92 f0 52 65 97 e4 2a 6b 66 5c 95 8a 93 b8 44 f0 47 7e a5 ca 18 a8 92 92 92 aa 48 64 e2 1f 94 64 b1 07 24 2d c9 14 45 0c 44 82 00 01 12 d3 83 fb 65 80 e9 01 e6 d2 d3 fd 7d 67 f9 9c bd 9e e7 59 6b 9f f7 1b 60 70 9f 01 fa cc 7c fd be ef b9 ec fb 7a d6 b3 d6 5e 7b 1f b7 bb c7 dd e3 70 5c bb fe be 7b 5f 77 d5 ae ad 77 ec da 95 33 bb 37 Data Ascii: PNGIHDR-64pHYs!8!8E1`sRGBgAMAaIDATxkfuu-Udd$Rd'G$rD`RRe*kf\DG~Hdd$-EDe}gYk`p\|z^{p\{_ww37
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: af a8 25 4c 47 98 8d 04 0b 87 d9 08 17 9e 57 3e e3 79 39 db 0b 68 57 eb 11 23 36 81 f0 3a 01 33 51 2e 4d cf 40 1d e6 3e 29 76 96 4d 57 ec cd 26 93 93 b7 b8 bf 58 ff 8e e3 a9 e5 f6 37 c6 b6 be e9 4c eb ca 15 7b 7b 5c ac d7 ec 04 92 cc 1a 7d 3f ba 55 27 38 d0 33 39 f2 a1 d0 6c 9a d5 1a c7 57 00 2c 3b 9c ef a6 1e af ac 60 52 cf 7c f2 d3 f6 e5 4f 7c 66 07 a9 52 cb bb 07 e1 ec 2a f2 1b e1 bd 55 ba b1 d3 9b 61 a1 ea f0 52 10 c0 40 05 86 f5 0f 60 c6 e9 c8 e7 b0 17 14 aa 71 35 85 47 29 13 d0 57 ba 75 03 03 0e 63 64 1d 39 66 08 80 99 dc c9 63 ac a5 a0 dc fa c2 97 ec d6 93 4f 87 7d e4 13 fb 39 bf e7 de d7 db d5 1f f8 3e 7b ed 1f fb c3 1b a0 fd 0b e6 f7 5c 51 6b f8 a1 a5 66 1f 1d 95 8d 09 84 6c 6e fa 0e 35 a7 df ba 03 f7 92 67 2e 33 6d 23 65 d8 71 03 04 b4 ee 1d 2d Data Ascii: %LGW>y9hW#6:3Q.M@>)vMW&X7L{{\}?U'839lW,;`R\|O\|fR*UaR@`q5G)Wucd9fcO}9>{\Qkfln5g.3m#eq-
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: d6 09 46 2f fe 61 8a c7 ed 70 d9 a3 ef c4 30 b5 4c 31 f4 de a8 f2 a7 69 08 d0 35 d4 1a 4c a0 19 42 2c d1 2e 0e 33 de d3 60 ba 00 45 7e b7 3e be 91 07 ed d2 69 e8 57 4e 61 72 56 d6 f2 07 d3 00 9c 52 63 63 1c 00 eb fc c3 8f d9 0b ff e0 6f c7 fa 85 4f ef b9 bd f3 d9 5f 7b d7 23 f6 5d 70 7c fe e1 b7 6c 95 bd fa ee ad b6 3f 45 45 34 5a 34 6d 35 7f e1 73 79 5f 1f bd f5 d7 d6 26 ea a6 10 98 8c 1e 58 57 f8 a3 02 23 44 20 18 14 5a 1a a0 41 b7 56 c8 b5 55 df 47 c1 68 90 45 5a 7a 4e 23 2f 8c d3 34 41 b2 e4 a5 93 ac 93 b4 5c 59 3f 46 dc 8a f5 13 2a 71 b0 12 75 60 7a d2 ba 4f 09 65 48 9f d3 89 c2 33 b5 a1 be 77 a5 6a 97 83 9a 4b 35 cc 62 57 4c 2a 04 6c bc 2e 23 a7 db ad 1d 70 a3 ca 42 c0 45 59 66 d0 da aa 32 36 d9 7a fe f3 7b 90 de 59 70 01 b2 51 93 f5 b0 06 ab d0 bd Data Ascii: F/ap0L1i5LB,.3`E~>iWNarVRccoO_{#]p\|l?EE4Z4m5sy_&XW#D ZAVUGhEZzN#/4A\Y?Fqu`zOeH3wjK5bWLl.#pBEYf26z{YpQ
2024-08-30 17:06:32 UTC	16384	IN	Data Raw: d5 bd af 2f 5a 20 b3 30 86 ba 26 84 9d 22 2a 0b 0a 66 e3 6a 23 bb 71 5d fc d9 ac fd 11 e1 16 61 03 73 66 95 bd 9d e9 f9 18 10 08 6b 08 07 42 02 5f 03 ce 56 7e 09 25 d0 c2 17 b0 c3 05 44 19 7b d0 b3 b1 34 e2 ac 1e 86 6a 98 9e 22 63 98 8f dd 53 69 4c cd ae 6b 95 3c b9 cb e7 df fe db df ff 8f 4f d0 25 4a 55 3d 9c 96 f3 30 3d ac 3f 2c 76 ca 9c 08 92 a6 7d 30 05 04 3a 0a b9 bb 0c 64 33 31 ae 7e 57 5f 9e 9e 98 55 cc d2 c4 0b 12 ab a1 a4 73 53 4c 5a 45 42 96 82 1c 66 4f 23 a7 d0 8e 9b 2b 54 c3 64 2a 32 ed dd af 44 a9 0a db 93 0a 60 94 71 d6 c0 ef d9 27 d1 30 c9 9a 97 8d e6 59 3f f6 66 74 95 91 11 42 92 b0 4c cc cb 6a 08 28 b8 54 a8 42 54 6a ac 54 b0 d9 f7 ab 90 6d dd f8 86 37 4c 06 c8 a3 84 a0 d2 32 99 67 bb 8c f6 84 41 16 93 7d 79 2d 60 80 93 6f 0c e8 56 90 ae Data Ascii: /Z 0&"fj#q]asfkB_V~%D{4j"cSiLk<O%JU=0=?,v}0:d31~W_UsSLZEBfO#+Td2D`q'0Y?ftBLj(TBTjTm7L2gA}y-`oV
2024-08-30 17:06:32 UTC	6974	IN	Data Raw: 23 01 18 f3 68 d4 01 cd 77 ed fc da 7b 7f 8e ae d0 c4 74 25 a7 1f 7f f8 10 6f 6e 7d b2 49 8d d7 4d 6e fe 98 77 f8 9f 98 d2 1b 3b 99 6d 1b a7 e0 35 d0 17 6d 62 26 89 19 7a 00 cd c7 09 e9 ed b8 14 6e 4a 22 d8 7b 6d 17 96 72 39 cf 6e 8c f9 db 6f de fc ea 17 69 f3 cb 9f eb b7 f3 80 6b 06 82 df 9f 22 6a 91 82 9d 0c 36 97 19 d7 11 26 54 bd 9e fc 9c cc aa 90 18 8f 01 b1 79 e5 b2 81 3a 29 53 99 89 39 46 99 27 57 db 02 98 1b 7b 72 cd 92 4b 19 91 4c 6a 29 30 cf 5b 48 c8 db d2 45 81 85 d0 99 1a 9b 5b 93 cb 37 1f 04 a9 5f 29 5d 9d 9e 23 b4 d4 f7 e8 f3 65 1a 94 8a e7 c6 f7 22 28 a3 1d 4b db 82 11 fa aa f0 60 6a a5 5d 21 16 24 57 66 f5 e3 09 63 54 66 55 c2 fb d5 46 b7 5d 80 5e b5 62 34 a3 fb 4f 5e 51 36 ac 79 ba 32 99 16 d2 64 9c df 9b b6 b4 e1 53 31 80 bc ff 30 08 59 Data Ascii: #hw{t%on}IMnw;m5mb&znJ"{mr9noik"j6&Ty:)S9F'W{rKLj)0[HE[7_)]#e"(K`j]!$WfcTfUF]^b4O^Q6y2dS10Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.16	49806	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	676	OUT	GET /shared/edgeweb/fonts/segoeui-vf-display.5c8aa5a.woff2 HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://edgestatic.azureedge.net/shared/edgeweb/css/e850146.css Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	681	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: font/woff2 Content-Length: 121824 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1dbe0-18c5b54b2c9" Last-Modified: Tue, 12 Dec 2023 00:02:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576fh7f86y3uqsyhx000000003mg0000000088nc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	15703	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 01 db e0 00 12 00 00 00 05 1d 78 00 01 db 73 00 02 05 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 86 4a 1b 83 eb 42 1c 8a 58 06 60 00 98 7a 08 81 6a 09 9f 03 11 10 0a 8d 8b 38 8b 8a 09 0b cf 18 00 01 36 02 24 03 cf 10 04 20 05 97 29 07 81 ba 19 0c 84 48 5b f3 73 b4 07 a2 c9 d8 dd c3 36 65 4f 36 ab c0 20 a9 42 28 28 1d c3 24 4e b8 d2 17 4b 01 5c 2f 09 44 31 8e 66 ab f0 e4 f0 76 0c e9 e9 40 a9 ed 69 73 af a0 db 36 d1 87 44 e9 b9 cd 34 4a 95 bb d2 cd fe ff ff ff ff ff ff ff ff ff bb 4a 7e 3c ea f4 dd c9 7a f7 ef 7f c9 92 3c 16 d8 a6 98 61 0c 0e 33 61 84 60 c8 a4 4d 9a 34 69 3a 41 23 02 dc 03 3c 1a 52 11 c1 c2 19 84 95 21 ba 34 07 8d 44 6c 5b 20 48 57 58 85 50 d3 1a eb 74 7b 65 df c4 a0 2f 86 Data Ascii: wOF2xs?FFTMJBX`zj86$ )H[s6eO6 B(($NK\/D1fv@is6D4JJ~<z<a3a`M4i:A#<R!4Dl[ HWXPt{e/
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: c3 52 3d 20 2c 6c ae 93 c6 5b de 28 8c c8 c8 ac 20 f6 15 5f 5d 3c 7c ce 1a ef 5c 6e d3 c4 7a 78 a5 02 7e 67 bc 6b 03 36 75 12 bc 35 fc 65 c4 2a bd fb 92 98 8d 9c 10 a1 49 8a 20 40 30 92 40 fa 31 06 5d db ed a4 25 5e 92 ab 12 24 4f 71 57 a3 a3 2f f0 59 08 02 87 ef 66 e5 55 dc 62 b2 25 a8 c7 9a 6f 60 7f c3 80 77 da 15 a7 15 53 c3 56 88 f5 a6 7d 17 23 cc 11 87 33 d7 c2 b5 44 6f a9 bc a7 7c f9 9e 29 10 e0 3c 3c 0f c1 3c 55 6b 57 a3 c6 ab d4 f6 3a 81 2f e7 b3 18 b8 0e 5d ce e2 12 37 19 9f f0 c2 83 cf f8 f8 f2 e4 cb 77 db 5d 77 4d f9 ee bb 69 b3 df 39 cb 94 6f 28 96 a3 65 78 2e 71 19 ae 26 65 29 4b 5e 28 57 2e 51 a4 48 b1 82 a6 a0 ab 41 e6 97 f4 19 81 69 82 02 65 c1 42 9c b3 9d b6 3d ae 4b ac 1b d7 a3 d3 6f 73 fc 9e 6c 7a a1 4c ae 47 ef 97 71 b0 6c 5b ca e9 89 Data Ascii: R= ,l[( _]<\|\nzx~gk6u5e*I @0@1]%^$OqW/YfUb%o`wSV}#3Do\|)<<<UkW:/]7w]wMi9o(ex.q&e)K^(W.QHAieB=KoslzLGql[
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: e2 fa 4a f8 fd aa 30 6d 8e a2 ac 0d 2d e9 79 7a 05 04 70 ea 65 ec 2b 46 71 ed 1b 64 93 51 a8 3a fa 93 90 5f b8 96 46 67 81 83 26 b1 ee 41 5d d9 01 6b 42 36 1e 6c 12 10 a6 c8 c2 56 d7 ac 53 1e c0 33 7a 19 b8 50 40 ef 80 dd bc 5d 2a 92 d3 8c 02 f3 db 99 61 60 8c 06 b2 e8 29 fc 93 ba 08 40 f9 f4 9c d1 f3 c9 c1 3b 8b 33 80 4a 5b e7 27 af 19 5d c4 61 e9 4c f6 a6 fe 68 a2 fe f7 28 16 7b f2 e1 dc 06 00 c7 98 16 53 d3 b3 11 61 14 ca 65 2c b5 3b 4b 0b bf a6 82 8b f3 ae 99 e0 60 bf 46 6e fb c3 a8 2f 9f ea c0 20 7d 89 c9 61 e1 5f 28 91 76 c7 4b 6a e4 dd 14 3c 6d 2b e5 29 ae e4 55 9e a8 9b 1d 95 fa 9a 4b 2e 9c 2f b0 61 06 89 1d 78 83 b2 ad f2 e1 d6 ad 07 31 6b 53 39 5e 1b ea 94 ad db 5a 42 e1 aa 55 cb dd d6 b2 64 ca a6 a5 03 8f 7a c7 bc 14 8c cf 9c c3 61 d5 b7 ff f6 Data Ascii: J0m-yzpe+FqdQ:_Fg&A]kB6lVS3zP@]*a`)@;3J[']aLh({Sae,;K`Fn/ }a_(vKj<m+)UK./ax1kS9^ZBUdza
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 54 79 98 ab e4 d7 b0 f0 ca 03 b6 8e 71 ff c4 97 bf d0 92 ff 77 fe 04 af b9 ef ff d2 03 ee 70 d3 3c 53 27 0f c1 da bf 04 46 f2 8c 97 da 9d 3c 71 fd 89 45 a6 1c 77 a4 a3 90 b4 c9 b3 a8 83 d0 39 9c 93 2b d2 57 ca 10 54 af ab 3f 79 03 00 12 ce ca cc 9d 70 66 44 9a 02 1d 28 84 21 c8 21 b0 2b 4b c9 62 bd 14 c0 bf 2e de e3 c6 6b da 37 ae 3e 2a 03 ec d8 bd 24 7b 94 c8 2f 31 a8 e2 d2 57 38 35 0b 3f 34 d2 39 f7 55 23 07 31 8d ce 04 7d cc d0 ea 9b 50 f5 4e dc 5d d4 a7 8f d5 c3 a1 10 f8 af c8 54 aa 5d 13 b2 f4 6a b5 dc bc 83 43 c8 55 77 f3 8f b3 5f 76 7d 81 6c 1f fd c8 6f cb 44 47 32 bf 4e f1 0b bd e0 7e 69 1c fd ce 74 79 ae e5 ef de 6e 5e b7 93 03 25 f1 73 72 ba 9c 48 a3 eb 0b c1 1a ce 5d 7e bd d1 9b ba f3 05 5b a8 97 7e 01 9d 24 60 a8 7e 08 70 9b 75 8c 6e 08 c8 f0 Data Ascii: Tyqwp<S'F<qEw9+WT?ypfD(!!+Kb.k7>*${/1W85?49U#1}PN]T]jCUw_v}loDG2N~ityn^%srH]~[~$`~pun
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: f7 df a6 43 16 41 f5 a0 16 dd 4e 22 b9 bc a1 b9 02 5e e5 6f d7 92 ec 2d bf e2 01 73 98 74 ce a8 ca 10 e3 80 f4 9c 23 16 ab a8 26 82 68 9a 91 c5 8b ef c6 0e 6c 61 5d e1 b2 d8 13 b6 95 72 83 bc 73 8b 58 00 45 5d d5 6d 9c 33 f4 98 78 4c bc 9a cd b7 0a 4f 64 36 5b 7a 12 fc 85 28 3c 98 bc e4 48 d3 52 02 2c d2 b5 35 af 6c 2e ae 89 c8 14 df b4 98 a3 f0 ea 4b 76 45 69 6e d2 3d b7 a5 98 3f 34 84 2f 87 18 24 5c cc 8b 73 2a c1 8a d1 b0 46 40 47 15 60 9b 72 6f ba df 7f 38 9a 5c 73 c1 3e 8e 9b ae 1d 9c 35 c6 66 3e 3e 4a 87 b6 1d 16 7e 92 67 13 d7 cb 76 52 bc b0 30 79 44 d5 38 64 5d 1f 26 3d e7 74 7c 1a 5a d1 e9 25 63 a3 93 50 a1 6d 87 ce a7 a7 0e b9 e8 08 88 71 83 ba bb 0a 34 3b cc f1 f5 37 9c 07 f8 21 49 31 19 d0 ba 6a de 73 4b c7 14 8b 73 0c 6f 26 37 be 65 cd 9e d1 Data Ascii: CAN"^o-st#&hla]rsXE]m3xLOd6[z(<HR,5l.KvEin=?4/$\s*F@G`ro8\s>5f>>J~gvR0yD8d]&=t\|Z%cPmq4;7!I1jsKso&7e
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: b9 7a 79 57 0d a0 4b 36 7a 69 aa 90 08 ad 9e e3 32 51 1d a9 c6 40 fa 42 ec 7c b2 a7 06 c8 30 e3 40 e7 7a e0 c1 a1 ce 99 5b 59 76 42 f3 2a d5 79 6e 79 c1 dd 74 ed 6e e3 ee 3f f9 aa 1c 78 75 48 f0 84 52 48 55 70 c8 e4 dd 60 f8 24 0d c6 1a fb 2a 15 7e 10 69 73 f6 19 7c 5c 29 a4 c3 45 1d a0 87 8c 67 c8 fd d2 29 79 21 13 15 a8 bc 4d ce 4e d5 8b 20 2c a7 c5 fc 8f 08 e5 a3 2a e9 18 cb de c1 ef 50 c3 6c c7 2b 4f 89 86 ca 9e fd bb 7f ee 9b 2f 6c fd ef f1 e3 6d 77 6c cb 96 5f 07 1a 1b 8d a5 ad 59 2e fc b5 37 c3 0f 28 c1 3b 95 76 1b da 74 22 95 34 df 40 94 55 5d b3 d7 f1 da 5d b2 77 4c 6e 72 c6 da a3 7e 20 a7 1d 9b 28 d8 f2 56 12 48 32 c1 f2 e8 af fe 04 28 53 cd d2 bb 7b fe 2c 56 31 c1 d2 f7 a5 81 20 22 70 39 62 c2 5a 02 d8 c1 22 8f df f0 f5 ee ef d6 86 35 04 31 81 Data Ascii: zyWK6zi2Q@B\|0@z[YvBynytn?xuHRHUp`$~is\|\)Eg)y!MN ,*Pl+O/lmwl_Y.7(;vt"4@U]]wLnr~ (VH2(S{,V1 "p9bZ"51
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 1b 59 47 3f 63 e6 ac b2 3c f6 84 c5 37 ec 04 8b db f4 dc 04 31 96 eb 74 85 f3 63 49 49 09 1e 27 86 01 8f 35 ea fc 6f 04 91 65 cc 09 13 82 82 f5 f7 1f 06 83 fd 97 9e 82 2c 49 19 4e 4c 0f d2 59 de 6a b5 6d cb 3a 00 10 12 82 06 dd eb 00 98 b5 28 9d 80 55 82 17 5e ec c9 30 d7 b3 9c 5d 99 4b 56 d3 a7 4a b0 6c 14 2b 67 40 41 df 82 4b f7 04 07 0d 90 00 4d 1b f1 85 5d a5 c9 d2 f5 29 58 30 a7 6e ce 8c e6 22 1d c2 a7 24 26 a8 55 1b 45 47 b9 b1 20 67 42 b7 45 73 45 cd 31 e6 de dc e9 51 a7 8e 3f 96 76 67 77 05 a6 f7 7c 04 10 c7 c0 03 aa 20 31 00 8a 38 f7 ac dc ba 46 32 2c a4 b7 53 37 19 92 92 42 2e 34 62 e7 c6 6a 36 e3 d5 fc d9 1a 5e 82 fb d3 bf 47 c7 3e 26 99 65 ff 5f 34 e3 cf 7b b6 c6 06 af 69 39 09 57 82 be f3 70 4f ad e0 84 5e 44 c6 f2 e9 db 53 07 64 a6 1d c3 64 Data Ascii: YG?c<71tcII'5oe,INLYjm:(U^0]KVJl+g@AKM])X0n"$&UEG gBEsE1Q?vgw\| 18F2,S7B.4bj6^G>&e_4{i9WpO^DSdd
2024-08-30 17:06:34 UTC	7817	IN	Data Raw: 4f 96 4f 54 ea b9 cb 7a 46 4e c0 b6 06 6c 39 37 cb 49 be 14 65 3e 12 27 85 dc ba 66 0c 1e 9e 46 02 42 0e ad da 5c 81 5b ad 23 a8 09 36 27 70 49 7f 4e 98 4b b0 ed e6 df cf 1d da 19 97 7b 37 52 90 60 ac 99 92 be 48 46 b1 48 94 13 ea 8a 34 0c 75 af 68 59 d3 47 8a f6 c3 0f 51 5c 04 92 4d 6c b1 9d 34 27 12 2e fd 3f 82 9b e1 0f 6a 55 33 4e ea 69 32 09 23 c7 7d 65 a1 74 08 d7 47 0f 69 3a 89 35 12 aa 92 a7 29 52 e5 20 77 3d ee b1 c3 53 72 87 6b 4e 48 97 fd 09 9d de de 3a 13 e6 5f bc 46 3c 92 21 6b 47 97 53 1d 0a 76 c7 cc 3d 1a 7d 06 46 02 d4 8c 02 69 5a c8 e2 61 b2 53 fd 4e 66 4a 13 d0 1e a8 07 6b 02 f4 49 dd ad 5e 61 0d 81 8a b0 2e fd 75 6f 36 22 cf ab 71 8b f6 4a 4d 4c a3 d4 4b f0 2d c5 f5 40 6b e9 2a 8e 62 77 c0 72 86 4d a1 f9 03 65 e4 47 bb 62 f8 a8 f2 61 a1 Data Ascii: OOTzFNl97Ie>'fFB\[#6'pINK{7R`HFH4uhYGQ\Ml4'.?jU3Ni2#}etGi:5)R w=SrkNH:_F<!kGSv=}FiZaSNfJkI^a.uo6"qJMLK-@k*bwrMeGba

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.16	49807	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	685	OUT	GET /shared/edgeweb/fonts/segoeui-vf-display-semibold.b7bb141.woff2 HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://edgestatic.azureedge.net/shared/edgeweb/css/e850146.css Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	681	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: font/woff2 Content-Length: 129152 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1f880-18c5b69cfb1" Last-Modified: Tue, 12 Dec 2023 00:25:10 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576l4p9bs8an1npq1n00000003c000000000pzrt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	15703	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 01 f8 80 00 12 00 00 00 05 29 dc 00 01 f8 14 00 02 05 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 86 4a 1b 84 82 2c 1c 8a 58 06 60 00 98 7a 08 81 6a 09 9f 03 11 10 0a 8d 8b 68 8b 8a 0a 0b cf 18 00 01 36 02 24 03 cf 10 04 20 05 98 75 07 81 ba 19 0c 84 48 5b 2a 80 b4 13 fe 7f b2 df 3d 6b b8 3d 7d 4e 28 cd 28 0a b1 40 ec 47 11 e9 1c 62 f2 ef da 22 38 04 d1 ab ce 01 91 31 b6 d9 91 73 23 91 ca 8e 21 7d 1c 50 5a d5 f6 b6 1b e8 b6 cd e0 a9 a5 e7 d6 1a b9 95 00 46 f6 ff ff ff ff ff ff ff ff ff ff ff ff df 5a f2 9f a7 b6 fd b9 77 98 bb bc 59 98 61 58 45 41 53 10 49 05 cd dc 50 d4 d4 d4 9f e5 2f eb d7 df 21 2a 30 71 d1 90 a8 a5 59 0e 33 d4 0b 38 ca d0 40 d5 0c 68 b5 3b 4e 1c 42 ba e8 ad f4 e9 2a d6 Data Ascii: wOF2)?FFTMJ,X`zjh6$ uH[=k=}N((@Gb"81s#!}PZFZwYaXEASIP/!0qY38@h;NB*
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: b1 94 54 92 1e a1 98 59 3c 9c 5c 3e 7e 01 43 51 31 13 69 19 73 45 25 2b 75 0d db b7 5d d6 f7 7d f6 06 4e 1b bd 9f d0 7e cd 7e 75 23 a2 18 96 54 19 bc de 9d 58 b2 d4 bb 38 b2 dd c1 3b d1 ad c7 6e d2 3f 77 d9 ba 94 30 a5 e6 a6 25 bd 7c c5 72 d9 25 84 27 9f 0c 8a 14 97 49 99 72 b2 a0 5c 4d 36 e1 f5 e4 d0 a4 b9 fc b5 ad 0f 45 50 6a 2a 4a 34 15 61 f6 54 95 fb 10 57 75 12 26 56 86 3c 85 42 60 3a f5 8c 39 ab 72 70 05 2b bf 50 51 85 48 85 2a 4c b1 8a aa 6b d5 51 7d a3 a6 6a 61 b9 36 9a 38 f4 83 53 6f 69 0f a3 3d 5d ec 4d 9f 74 2b 41 87 fa c2 69 e7 fa a4 ee 5a 3f 62 ec 4e 7f e1 cc ad bd 02 85 75 4c a2 b4 ce ca 57 d2 55 8d da ba 6b d0 58 cf d4 d8 7f eb 5b 86 c0 29 28 ab aa a5 b4 75 b2 86 46 21 0f cd e2 d6 36 69 47 a7 ac 3b 24 8c 44 c5 f0 84 24 95 96 61 5f 8e 64 f2 Data Ascii: TY<\>~CQ1isE%+u]}N~~u#TX8;n?w0%\|r%'Ir\M6EPjJ4aTWu&V<B`:9rp+PQHLkQ}ja68Soi=]Mt+AiZ?bNuLWUkX[)(uF!6iG;$D$a_d
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: db 28 85 89 82 5b 55 24 bd d1 25 16 93 7e 7b 0f 0d a4 50 60 84 a6 95 9c ab 91 c0 75 66 cb 58 26 dc b2 36 52 53 c1 a3 c9 c5 f6 da ec 39 d5 3d f9 72 d8 14 dc fc c1 44 86 ee 89 ec de e0 9d f1 78 da 8b f2 f8 22 4b 6f 9c be b5 b1 1e 2d c3 d6 96 47 3c 04 44 eb 5c ac 9b da b3 3b 4c 57 cb c7 d3 ee 87 60 91 67 4e 33 ef f8 43 a8 c9 49 1d 38 ce e3 bc 2d 13 dc b1 70 ea 5b 50 c7 ca 02 da 24 6e d3 b5 a2 fb e8 30 31 7a 4a 7e 65 b1 9d 98 80 ed 2b 67 f2 13 2f ab e7 42 d6 99 63 04 e6 3d 3e 4a 4d 1c 1a 05 20 1e ea 6a 34 48 29 98 30 0b 34 c7 b3 aa 56 7d 2a 22 15 81 01 81 10 1c e1 e6 e1 42 85 f0 52 bc dd 36 55 a4 bb 12 20 21 41 48 ac 00 ce 0b dc 5a e3 ee 2e 3f 9a fa 47 cd ac ee 36 8e 2b 4d 8c 96 4a bb 49 10 a9 16 f0 6f da 5a 5f 69 bc 22 90 3e d7 60 d5 4c 2f c3 54 27 7a 55 84 Data Ascii: ([U$%~{P`ufX&6RS9=rDx"Ko-G<D\;LW`gN3CI8-p[P$n01zJ~e+g/Bc=>JM j4H)04V}*"BR6U !AHZ.?G6+MJIoZ_i">`L/T'zU
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: b6 80 57 94 d5 a7 c8 9d 00 d2 72 a0 65 ac 2f 4d 45 56 7d f4 50 0b 53 db a9 79 a9 e1 20 a4 88 4e cd 86 66 54 5b 8c 40 22 d3 bf b0 c3 e0 4a 86 a1 d9 fd 8d 97 61 aa 33 98 6d 65 48 51 91 b5 8e 98 0d 13 45 11 c3 51 a8 18 31 5f 89 32 6f 4a 6a 5f 05 ca 99 97 32 84 47 97 a6 e7 2a 1a 12 47 55 1a d7 62 7d 3e 6c 97 28 eb 37 b5 0c 0d be e4 7d 36 8e a9 d5 0f 3f d7 22 aa 6f b8 64 02 eb 74 53 42 b7 f0 52 00 9c 58 7a 8b cb fb f7 a5 ae 79 a1 5a ce 97 a1 04 b1 0c dd d7 f0 f2 42 c5 13 ca b5 97 ae 0f c2 3f 2b 7f 4f 2a cf 08 07 f5 49 ed 48 89 ca f7 37 db 3e 18 76 de 20 c5 4a d2 ad 82 dd 46 ab 9c 9e 30 69 cf 6b e6 ff 9b 11 51 1c 52 f3 77 d5 0f c5 6b da 55 81 47 ed 40 64 0c 5f 8f 40 6c 11 a0 7f 12 b0 c4 f7 16 8b 5f 8b 1b 38 0d e5 af cb eb cd 30 bf d8 b4 59 f9 4b 58 ff f2 fb 1e Data Ascii: Wre/MEV}PSy NfT[@"Ja3meHQEQ1_2oJj_2GGUb}>l(7}6?"odtSBRXzyZB?+OIH7>v JF0ikQRwkUG@d_@l_80YKX
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 54 66 30 7b 8f 3b 54 61 26 4c e7 5d fb 2c 32 2d b1 63 33 43 d0 95 41 ae 7c 9b 82 77 4f 0d e1 ec b6 9d dd db c6 ce c4 75 3f 70 3c 83 c4 34 bd 04 fe d8 06 6c ff 06 c6 2d 63 1e 7f f3 f2 19 b1 73 23 0d 47 c2 47 e1 59 49 db fb 77 e3 7f 64 11 78 eb c6 06 a4 ae 9e 33 59 89 24 47 aa b3 da 01 5f be ee fe 99 ba 23 fa a5 ea bb d0 47 25 91 39 7f 2a 05 8e 52 29 ca 3d f4 86 14 1c 0b 97 f6 32 f2 51 ed 14 1c 18 4f 39 b5 1c 1d 4d 1c 75 ff 9f d2 f7 94 56 f7 70 c0 30 41 33 a2 6d 9f e5 60 35 1f ca 84 0a d7 85 67 17 f1 12 ef 4b 8b a8 ba 4d e7 8e d7 b8 09 18 1d 18 df 3a 69 79 f0 0d 73 4b 1d 08 ad 29 c5 4e c0 3f 87 1e 31 90 6a de 05 fe 40 7b 5c 25 af 90 57 43 f7 ab 86 e4 70 75 3f f3 d5 f8 88 7b 56 7e a2 ad 57 b0 6e fd 11 2e da f4 1d 43 6f bc 1a 98 7c 9f 30 51 c5 38 c1 3c 69 1b Data Ascii: Tf0{;Ta&L],2-c3CA\|wOu?p<4l-cs#GGYIwdx3Y$G_#G%9*R)=2QO9MuVp0A3m`5gKM:iysK)N?1j@{\%WCpu?{V~Wn.Co\|0Q8<i
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 86 39 37 48 0d c3 1e 5b 27 d9 9b 19 b6 e6 73 b2 62 53 3e 42 d9 75 a6 38 d5 ba d2 ba 6c a2 67 19 36 6a e7 db aa 8b 86 58 f0 f8 31 2e c8 22 3b 2b 6a 27 c4 19 a0 d8 5e 39 8c 8c f2 44 2a 89 29 a3 8a d9 c5 34 b2 53 a6 eb b8 dd bb 08 46 87 32 00 ca 8f 3b b8 6e b1 04 91 35 dd cc 0b ed ae d1 b5 66 11 4b 56 c5 2a a4 3d 16 6e 23 d3 7f 24 3b 18 4b 26 94 41 9e 97 48 57 b1 17 8f 97 be b3 70 28 62 07 f8 50 b0 13 1e d4 9e 6e 4d b3 d4 56 c5 d6 63 ad 42 dd 2d 46 7d af a6 cb 72 e3 fc a5 4e 57 1a 83 cb a4 e7 58 48 89 79 0d 28 da 01 8a 08 70 1e 7a db 54 95 d7 b2 6c 4a 9d 93 0c 5d 3f 50 76 57 e5 8b 88 d8 5b e3 e4 00 09 34 ea f1 dd db db e5 62 5a e8 65 79 43 96 c5 da 43 7c 7d 9f 27 8d 51 2f a4 e7 27 90 db f3 62 f0 b4 e3 54 d5 99 27 12 56 52 eb 05 49 a2 73 2a 3a af bf 70 d6 97 Data Ascii: 97H['sbS>Bu8lg6jX1.";+j'^9D)4SF2;n5fKV=n#$;K&AHWp(bPnMVcB-F}rNWXHy(pzTlJ]?PvW[4bZeyCC\|}'Q/'bT'VRIs*:p
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: eb 91 ed 96 dc da b6 34 b1 f7 d1 89 13 eb fd bd eb d7 b4 2e 39 60 34 75 a9 fa 69 1a 47 11 4f bb 27 94 b2 83 c7 f0 f4 3c 0f 6b ba c6 e1 e5 70 e7 ed cf c1 c3 c8 45 db a6 94 6e cc 23 79 00 b3 a4 23 d5 95 3c bb c2 7c aa ef 56 87 f9 11 db 01 db a5 66 d0 02 c1 9e 45 1c ab ef 31 7d 3f e4 47 5b 14 36 6e 8c 34 f8 63 3b ee a8 db c6 df fd 4b de de 1b 5a fa 53 ac 2a ab 7e 81 ca df 9b 8f 68 4a ab a0 cf e8 e9 cb b7 30 3b 87 60 f7 70 7e af 09 05 af 64 b6 54 4b c3 2c 24 97 5d 50 51 14 97 1b cb 7c 52 5b 77 c9 3c 0a c2 2c 47 05 b7 61 1a 15 df c9 8f 42 b6 d6 fc a6 80 f4 a4 73 0d 40 61 8d 47 03 09 b5 65 d0 e2 e0 50 0a 02 3f 53 19 cf 09 a9 0c b8 02 b5 25 b7 5e 2d c0 35 2c cf 1b 56 eb a4 37 97 d6 de 85 29 42 c8 65 4f 48 21 5c 99 4f 37 b8 eb bd 88 70 ce bd b0 5e 2d 3c 7b 1a 0b Data Ascii: 4.9`4uiGO'<kpEn#y#<\|VfE1}?G[6n4c;KZS*~hJ0;`p~dTK,$]PQ\|R[w<,GaBs@aGeP?S%^-5,V7)BeOH!\O7p^-<{
2024-08-30 17:06:34 UTC	15145	IN	Data Raw: 6b 46 aa 9f ff b5 11 9e 43 fe fd c0 50 18 18 0f 72 22 9f 9d dc 1f 6c 79 99 96 f6 a1 d3 97 36 b1 ea fc 05 87 52 35 a1 9d 78 cb 54 bc 66 5f 7c 59 82 2e 6d 5a 41 69 e8 87 87 fc 48 00 b8 ef f2 fa 5d 4f 24 af ea c3 c6 e8 49 50 15 90 88 52 1c d1 8f 3b 0a fe b3 ce c3 2f d7 d8 10 ab 5a a9 e3 3e 16 54 ee b7 24 35 d9 3a 65 ab a2 22 a9 30 93 55 0b 55 a2 8d ab 46 d2 b0 5f 20 a8 c4 0b de c7 a3 f7 b7 eb a1 78 5c d9 07 fe e1 1b 89 9b a3 ee 4b d6 c6 22 38 a7 11 e5 f6 a8 b7 8b bf 1c b5 e8 5e 41 c4 5b fd 31 bd fb d2 8d 90 1f 9f 61 38 17 28 fe 52 37 4b a3 cb e4 77 25 bd 3a c2 fa 19 f4 fa 34 77 7e 05 4d a7 59 b3 0b f7 93 6e 25 ce 9c e2 a9 f1 c3 e8 02 76 c1 5b e7 78 23 73 0d ab d3 ed b3 be c9 aa eb d0 4e ae c6 85 3b e1 8b 81 00 2e e2 aa dc 31 2c 8e 42 2c 41 3e 6c 9d 48 a7 46 Data Ascii: kFCPr"ly6R5xTf_\|Y.mZAiH]O$IPR;/Z>T$5:e"0UUF_ x\K"8^A[1a8(R7Kw%:4w~MYn%v[x#sN;.1,B,A>lHF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.16	49805	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	628	OUT	GET /shared/edgeweb/img/arrow-left.0af059d.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: image/svg+xml Content-Length: 314 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"13a-18c5b5c66b1" Last-Modified: Tue, 12 Dec 2023 00:10:31 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576txfkctmnqv2e9c400000003fg000000000qpv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	314	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 2e 35 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 20 63 6c 61 73 73 3d 22 66 65 61 74 68 65 72 20 66 65 61 74 68 65 72 2d 61 72 72 6f 77 2d 6c 65 66 74 22 3e 3c 6c 69 6e 65 20 78 31 3d 22 31 39 22 20 79 31 3d 22 31 32 22 20 78 32 3d 22 35 22 20 79 32 3d 22 31 32 22 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.16	49808	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	580	OUT	GET /mscc/lib/v2/wcp-consent.js HTTP/1.1 Host: wcpstatic.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	713	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: application/javascript Content-Length: 52717 Connection: close Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 36060 Cache-Control: max-age=43200 Content-MD5: QT/MdZzBmCG2G2lBgIsptQ== Etag: 0x8DA85F6F74C6D08 Last-Modified: Wed, 24 Aug 2022 17:34:58 GMT Vary: Accept-Encoding X-Cache: CONFIG_NOCACHE x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: ac8d98de-501e-0076-17ab-fa4a97000000 x-ms-version: 2009-09-19 x-azure-ref: 20240830T170634Z-165795675762h26c6ze2t4q76000000003n000000000ws0f Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 76 61 72 20 57 63 70 43 6f 6e 73 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 69 66 28 74 5b 6e 5d 29 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 74 2c 6f 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 Data Ascii: var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 2d 6c 61 62 65 6c 3d 22 27 2b 69 2e 65 73 63 61 70 65 48 74 6d 6c 28 74 68 69 73 2e 74 65 78 74 52 65 73 6f 75 72 63 65 73 2e 70 72 65 66 65 72 65 6e 63 65 73 44 69 61 6c 6f 67 43 6c 6f 73 65 4c 61 62 65 6c 29 2b 27 22 20 63 6c 61 73 73 3d 22 27 2b 61 2e 63 6c 6f 73 65 4d 6f 64 61 6c 49 63 6f 6e 2b 27 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 26 23 78 32 37 31 35 3b 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 64 6f 63 75 6d 65 6e 74 22 20 63 6c 61 73 73 3d 22 27 2b 61 2e 6d 6f 64 61 6c 42 6f 64 79 2b 27 22 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 27 2b 61 2e 6d 6f 64 Data Ascii: -label="'+i.escapeHtml(this.textResources.preferencesDialogCloseLabel)+'" class="'+a.closeModalIcon+'" tabindex="0">✕</button>\n <div role="document" class="'+a.modalBody+'">\n <div>\n <h1 class="'+a.mod
2024-08-30 17:06:34 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 7d 2c 65 7d 28 29 2c 64 3d 5b 22 61 72 22 2c 22 68 65 22 2c 22 70 73 22 2c 22 75 72 22 2c 22 66 61 22 2c 22 70 61 22 2c 22 73 64 22 2c 22 74 6b 22 2c 22 75 67 22 2c 22 79 69 22 2c 22 73 79 72 22 2c 22 6b 73 2d 61 72 61 62 22 5d 2c 75 3d 7b 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 3a 22 23 36 36 36 36 36 36 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 6f 70 61 63 69 74 79 22 3a 22 31 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d Data Ascii: background-color: "+e["radio-button-disabled-color"]+" !important;\n }"},e}(),d=["ar","he","ps","ur","fa","pa","sd","tk","ug","yi","syr","ks-arab"],u={"close-button-color":"#666666","secondary-button-disabled-opacity":"1","secondary-button-
2024-08-30 17:06:34 UTC	3565	IN	Data Raw: 2d 22 29 5b 30 5d 3b 6f 3d 65 2e 73 70 6c 69 74 28 22 2d 22 29 5b 30 5d 3d 3d 3d 6e 7d 72 65 74 75 72 6e 20 6f 7d 28 65 2c 63 29 7d 29 29 3b 73 26 26 30 3d 3d 3d 73 2e 6c 65 6e 67 74 68 26 26 28 65 3d 22 65 6e 2d 55 53 22 29 2c 6f 2e 70 6c 61 63 65 68 6f 6c 64 65 72 45 6c 65 6d 65 6e 74 3d 6c 2c 72 26 26 6f 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65 64 43 61 6c 6c 62 61 63 6b 73 2e 72 65 67 69 73 74 65 72 43 61 6c 6c 62 61 63 6b 28 72 29 2c 6f 2e 73 61 76 65 43 6f 6f 6b 69 65 28 29 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 3d 6e 65 77 20 66 28 21 31 29 2c 6e 75 6c 6c 3d 3d 6e 7c 7c 6e 28 76 6f 69 64 20 30 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 29 2c 6f 2e 69 73 49 6e 69 74 52 65 61 64 79 3d 21 30 2c 74 68 69 73 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65 Data Ascii: -")[0];o=e.split("-")[0]===n}return o}(e,c)}));s&&0===s.length&&(e="en-US"),o.placeholderElement=l,r&&o.consentChangedCallbacks.registerCallback(r),o.saveCookie(),o.siteConsent=new f(!1),null==n\|\|n(void 0,o.siteConsent),o.isInitReady=!0,this.consentChange

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.16	49809	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	629	OUT	GET /shared/edgeweb/img/arrow-right.96b564d.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: image/svg+xml Content-Length: 316 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"13c-18c5b5c6672" Last-Modified: Tue, 12 Dec 2023 00:10:31 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576l8zffr7mt4xy2un00000003bg00000000by8y x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	316	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 2e 35 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 20 63 6c 61 73 73 3d 22 66 65 61 74 68 65 72 20 66 65 61 74 68 65 72 2d 61 72 72 6f 77 2d 72 69 67 68 74 22 3e 3c 6c 69 6e 65 20 78 31 3d 22 35 22 20 79 31 3d 22 31 32 22 20 78 32 3d 22 31 39 22 20 79 32 3d 22 31 32 22 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.16	49810	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	633	OUT	GET /shared/edgeweb/img/fluent-dropdown.8618950.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: image/svg+xml Content-Length: 503 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1f7-18c5b5bbef8" Last-Modified: Tue, 12 Dec 2023 00:09:48 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576qxwrndb60my3nes00000003r0000000005x1m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	503	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 32 32 2e 32 32 31 20 35 61 31 2e 36 20 31 2e 36 20 30 20 30 20 31 20 2e 36 37 32 2e 31 34 34 20 31 2e 39 33 33 20 31 2e 39 33 33 20 30 20 30 20 31 20 2e 39 36 33 2e 39 36 33 20 31 2e 36 20 31 2e 36 20 30 20 30 20 31 20 2e 31 34 34 2e 36 37 32 63 30 20 2e 34 39 32 2d 2e 31 37 37 2e 39 31 33 2d 2e 35 33 20 31 2e 32 36 36 6c 2d 31 30 2e 32 32 20 31 30 2e 32 32 63 2d 2e 31 36 38 2e 31 36 38 2d 2e 33 36 2e 32 39 38 2d 2e 35 38 2e 33 39 31 61 31 2e 37 33 36 20 31 2e 37 33 36 20 30 20 30 Data Ascii: <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M22.221 5a1.6 1.6 0 0 1 .672.144 1.933 1.933 0 0 1 .963.963 1.6 1.6 0 0 1 .144.672c0 .492-.177.913-.53 1.266l-10.22 10.22c-.168.168-.36.298-.58.391a1.736 1.736 0 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.16	49811	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	627	OUT	GET /shared/edgeweb/img/fluent-qr.44414bd.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: image/svg+xml Content-Length: 825 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"339-18c5bb87a9e" Last-Modified: Tue, 12 Dec 2023 01:51:05 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576j7nvvu5n0ytgs1c00000003ug00000000g7rd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	825	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 6c 3d 22 23 30 30 30 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 36 20 30 61 33 20 33 20 30 20 30 20 31 20 32 2e 39 39 35 20 32 2e 38 32 34 4c 31 39 20 33 76 31 33 61 33 20 33 20 30 20 30 20 31 2d 32 2e 38 32 34 20 32 2e 39 39 35 4c 31 36 20 31 39 48 33 61 33 20 33 20 30 20 30 20 31 2d 32 2e 39 39 35 2d 32 2e 38 32 34 4c 30 20 31 36 56 33 41 33 20 33 20 30 20 30 20 31 20 32 2e 38 32 34 2e 30 30 35 4c 33 20 30 68 31 33 5a 6d 2d 33 20 36 48 Data Ascii: <svg width="48" height="48" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg"><g fill="#000" fill-rule="evenodd"><path d="M16 0a3 3 0 0 1 2.995 2.824L19 3v13a3 3 0 0 1-2.824 2.995L16 19H3a3 3 0 0 1-2.995-2.824L0 16V3A3 3 0 0 1 2.824.005L3 0h13Zm-3 6H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.16	49812	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:34 UTC	629	OUT	GET /shared/edgeweb/img/fluent-link.baf5bd6.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:34 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:34 GMT Content-Type: image/svg+xml Content-Length: 476 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1dc-18c5b69cf34" Last-Modified: Tue, 12 Dec 2023 00:25:10 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170634Z-16579567576mj4tc2xukwvxfxc00000003h0000000002790 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:34 UTC	476	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 35 2e 35 20 33 41 32 2e 35 20 32 2e 35 20 30 20 30 20 30 20 33 20 35 2e 35 76 31 33 41 32 2e 35 20 32 2e 35 20 30 20 30 20 30 20 35 2e 35 20 32 31 68 31 33 61 32 2e 35 20 32 2e 35 20 30 20 30 20 30 20 32 2e 35 2d 32 2e 35 76 2d 33 61 31 2e 35 20 31 2e 35 20 30 20 30 20 31 20 33 20 30 76 33 61 35 2e 35 20 35 2e 35 20 30 20 30 20 31 2d 35 2e 35 20 35 2e 35 68 2d 31 33 41 35 2e 35 20 35 2e 35 20 30 20 30 20 31 20 30 20 31 38 2e 35 76 2d 31 33 41 35 2e 35 20 35 2e 35 20 30 20 30 20 31 Data Ascii: <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M5.5 3A2.5 2.5 0 0 0 3 5.5v13A2.5 2.5 0 0 0 5.5 21h13a2.5 2.5 0 0 0 2.5-2.5v-3a1.5 1.5 0 0 1 3 0v3a5.5 5.5 0 0 1-5.5 5.5h-13A5.5 5.5 0 0 1 0 18.5v-13A5.5 5.5 0 0 1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.16	49813	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:35 UTC	678	OUT	GET /shared/cms/lrs1c69a1j/section-images/a926dfb77e1c47b681a4bb8d5ea16ced.png HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:35 UTC	710	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:35 GMT Content-Type: image/png Content-Length: 1318259 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"141d73-190c6c126f1" Last-Modified: Thu, 18 Jul 2024 16:51:05 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170635Z-16579567576l8zffr7mt4xy2un00000003f00000000005ns x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:35 UTC	15674	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 0e 89 00 00 08 1e 08 03 00 00 00 4e 00 a8 61 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 bc 50 4c 54 45 47 70 4c f3 f3 f3 eb eb eb 34 39 42 09 09 09 05 05 05 44 4b 5f 08 08 08 12 12 12 03 03 03 fb fb fb ff ff ff 2a 2d 33 2e 31 37 28 2b 31 26 29 2f 2c 2f 35 b0 c5 da a6 be d4 a2 ba d1 9e b8 cf 9a b5 cd ab bf d3 05 4b 9e 97 b2 cb 05 50 a6 ab c3 d8 61 b8 e7 91 b0 c9 3c a1 db b3 c9 dd 6b bc e9 57 b4 e6 4d ad e4 a8 ba cd 05 56 ad 05 5c b3 31 9a d3 a1 b4 c7 32 9b db 08 63 b7 27 91 ca 73 c2 eb 45 a6 df e8 ee fa 2e 92 d2 05 43 90 09 58 a1 e5 ec f8 3e 55 9d 18 7d c6 20 87 c6 93 ab c0 9c ae c0 48 69 ad 7d c4 ec 18 87 d3 e4 e8 f5 22 92 d9 15 2e 8d 55 be e7 b0 c1 Data Ascii: PNGIHDRNagAMAasRGBPLTEGpL49BDK_*-3.17(+1&)/,/5KPa<kWMV\12c'sE.CX>U} Hi}".U
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: a8 5b 7a 8b b0 5d 37 aa 58 ba 83 e8 e3 ff 93 5d dc 73 fa e0 67 5a 6d c1 5f 4d 66 b4 60 2a 45 45 cb bb e1 ab e9 a1 1d 84 1a 1b 70 a3 d1 46 0d 14 50 cb 1f 36 4e c5 11 97 2d 21 1a f7 75 e9 46 83 98 81 3e 5c 6c 30 ca 2e 5e 95 e7 1e e9 cd 2d 33 2e c3 c8 89 5b 67 5f 06 19 75 47 bb e4 b2 12 88 5a 46 52 c3 71 d1 16 cd 6d 7c ef 9e a8 48 54 a7 3b 47 a2 87 fe 7b 53 20 aa d3 e9 7c e2 c5 9d 3a 75 f9 4b 51 7c ba 7b 45 2e c4 45 f3 5a 4b 69 d2 45 55 b4 97 42 fd 6a 2c ea c5 85 cb 14 0a 35 46 89 4c 27 b5 c1 38 04 43 ba a8 af 17 15 b5 7e 65 94 d3 a1 f0 89 15 89 d4 82 26 60 50 f8 8b 57 5e d4 5b c1 a8 d5 5c 28 fe fc 81 95 45 d1 d8 76 a3 fb b0 26 8c b2 36 4a 1b 2e 5f 7a e7 2e a4 6e a2 28 15 e8 8e 67 4e d4 b6 22 dd b5 50 34 2f b8 f0 cf 6f 30 1b ca ea e8 37 76 e7 4a 13 d5 e9 ce Data Ascii: [z]7X]sgZm_Mf`*EEpFP6N-!uF>\l0.^-3.[g_uGZFRqm\|HT;G{S \|:uKQ\|{E.EZKiEUBj,5FL'8C~e&`PW^[\(Ev&6J._z.n(gN"P4/o07vJ
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 3b dc ff be 37 1a 1c 6e 51 d0 ec 6a b6 49 29 cd 1b 34 1d bb 50 74 eb 3f fd 6c e9 44 bd c1 27 6c 87 66 db 66 bf e5 94 62 58 e4 14 95 19 3c d1 84 cf 81 31 30 b6 e8 d4 ac 39 62 7b 3f 46 b9 a3 7c 14 36 44 cb fb c4 ab 8b 51 6f 8c 4a 97 23 a6 c6 d4 ad 53 d4 51 26 44 c1 11 15 6e 7b 14 27 d4 d9 13 cd c3 a0 10 52 8b a8 29 3a cf 89 00 46 d8 10 55 bf a4 1e ac f0 e5 5a 4f 87 ac ab 7f d9 d8 20 e5 d3 75 64 69 b0 08 5d 04 ba 71 61 8d 92 14 3d 3d 4f c5 cd 55 3d d1 99 84 29 06 75 8b f4 54 9f b2 fd 9f bd 33 cc 6d 1c 57 82 f0 09 76 f1 4c 52 80 40 08 3a c5 00 7b 1a ff d0 11 7c 11 9d f9 6d 24 b2 59 d5 dd 94 64 27 c1 fe 91 90 c9 d8 b2 3d 18 0c 32 12 8b 5d f5 15 90 75 69 12 0a cf 4d b1 e8 f8 93 fa f3 75 64 d9 15 df ed b3 2b 4a 9f 7d 0b ef eb cf 3d 13 bd 8f fb f8 af 89 45 1b 3b Data Ascii: ;7nQjI)4Pt?lD'lffbX<109b{?F\|6DQoJ#SQ&Dn{'R):FUZO udi]qa==OU=)uT3mWvLR@:{\|m$Yd'=2]uiMud+J}=E;
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: f1 fa bf e1 1d c3 66 ef 23 f2 7d 17 d4 22 8a d4 82 cb ea f5 4b d5 dd d4 ba ba 2b 2f 8e 25 5a 14 fa 83 3b a1 62 24 94 57 5b ca ba f6 48 6e 77 4c 0b 08 53 ae 86 2e 10 d0 5d f0 af d5 4d e2 2e 8e e6 5c 7e a0 2e fa 75 26 40 bf 66 5f f2 f5 e7 2d 4f f4 f7 df 7f dd 60 3f 4a f4 79 3c 8f cb 9e e8 b5 15 97 dd 13 3d de a9 96 e5 84 07 8e a3 cb ab 4e e8 16 c5 cc 75 51 45 5e 50 77 ff 89 ff 72 81 44 eb 09 14 7d 2e 41 f3 7b c7 14 3b 21 b3 b4 8e 7c 39 c3 04 29 5e e0 e0 5b e5 9b 23 a2 29 0b 50 43 62 17 94 81 b9 99 23 b8 83 ac 9b 04 18 42 c8 51 29 42 9b 03 0a b8 22 9e 29 ef ca 12 58 fe 83 a6 78 54 85 60 fc 7c 58 a3 92 8f 9b 5e 20 3f 95 0a 75 c6 5b b6 eb 3a 14 d9 44 86 37 49 3e af 08 10 95 8d 8d 6b 76 00 85 0a 35 45 d1 eb 58 13 fa d4 2d 35 53 a2 fb 5d 36 de ad cb 6d 51 08 2e Data Ascii: f#}"K+/%Z;b$W[HnwLS.]M.\~.u&@f_-O`?Jy<=NuQE^PwrD}.A{;!\|9)^[#)PCb#BQ)B")XxT`\|X^ ?u[:D7I>kv5EX-5S]6mQ.
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: fe 79 0a f2 4f 9b 8d 86 73 9a b7 5b a8 cd 9f c0 dd 15 a1 b3 75 3c 95 26 55 b0 b0 66 32 f2 fd 2f 67 e0 d0 02 12 8b c4 60 f0 0b 6a 51 74 ce b6 a2 73 f2 a5 26 44 d5 92 d4 f3 1d 0f db a3 4b b4 75 d1 66 18 45 4d 42 73 6f 3b 32 b4 0d 7c 50 30 42 81 6e 17 e1 0c 32 b1 11 ca 91 dc 0d 22 c0 2f 27 71 21 82 27 4f 68 fb c2 61 9e fe 39 66 ec 3e 39 ba c4 48 c8 99 33 ba 9c cd 65 39 9a c5 0c da 21 6b b4 e0 f9 b2 57 13 15 c6 a8 a4 15 99 e6 a8 68 0a e5 97 03 e8 f2 71 9b f6 6e 8e b6 a3 fc 5a ec 1c de 33 81 56 3b 22 12 dd 82 fe 71 95 f7 67 93 4e ec 4e fb 34 5d a1 56 9f 2e 67 25 ff 13 26 46 31 9f 4b 7b a2 45 22 87 fe c7 de d9 25 37 8e 23 41 f8 02 3b bb 03 80 8c 40 20 18 3a c5 9c 61 5e f6 0c fd c0 23 f4 3d 10 3a f3 ae 44 02 c8 ac 2a 50 a0 dc ea f1 03 d9 3f 76 cb 9e d9 9e 58 5b Data Ascii: yOs[u<&Uf2/g`jQts&DKufEMBso;2\|P0Bn2"/'q!'Oha9f>9H3e9!kWhqnZ3V;"qgNN4]V.g%&F1K{E"%7#A;@ :a^#=:D*P?vX[
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 99 75 d3 4c d1 91 ab 33 80 2b 3a 7d 49 f0 fc 8b bd b3 c9 71 dc 48 a2 f0 09 06 68 92 49 22 91 95 60 bb b9 c8 c5 ac 45 78 c5 45 af e7 0c 03 18 a8 13 78 e3 23 78 65 f4 99 87 19 ff 91 49 a9 54 86 0d 18 03 51 2a 15 7f e5 6a 55 99 c9 8f ef c5 0b e5 d6 64 9b 95 2a 9f f4 69 49 28 c9 1a e4 6c b1 a7 69 58 2a f4 63 c4 d0 61 f0 cb ff 94 50 a3 7f 84 e8 f9 90 40 9b c6 3a 56 6f 76 24 c9 f5 9d d2 01 c8 34 09 1d b4 61 6d 77 fb c2 fd c6 13 52 e8 aa 75 a1 55 0b fd 5e d3 71 55 09 7d 50 10 0a 12 a8 ca a0 df d4 85 2b 96 dc 96 2e df 1d 7e be ff 7e 4f 21 bd 5a 23 30 fa 46 4c fa 95 55 52 d4 46 c3 8f 91 70 54 ff ff 67 ad d3 14 87 8e 86 3a d5 5d 31 b2 df 82 71 54 74 cf 45 22 73 47 ce 31 1a 75 db a3 be cb 8f 4a 17 a6 1e 40 7b 97 ae 22 a9 07 cd de f6 c2 86 dd 69 ec e4 cf 30 de e3 51 Data Ascii: uL3+:}IqHhI"`ExEx#xeITQjUdiI(liX*caP@:Vov$4amwRuU^qU}P+.~~O!Z#0FLURFpTg:]1qTtE"sG1uJ@{"i0Q
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 4c 3f 4a 13 fd f7 bb bd 73 35 51 14 45 50 72 cc 75 d9 a3 e1 de 68 2e 6f 64 d2 66 8c d0 be df 64 d1 7e c3 e2 48 04 51 f0 8b e5 f4 48 1a 1a 8c 46 f6 12 29 d4 8e aa b5 6a 34 a6 6f b6 36 be 81 ca 6d 87 e8 d4 54 0a 9b e7 2f 32 57 d9 94 35 52 f8 28 ac 92 98 4a 20 4a 31 bf d4 0c 43 54 2f da fb 15 49 66 e1 38 60 e8 4a 86 9d d6 2c a9 f2 6b 26 24 2d dc dd 1c b0 98 95 51 f1 49 43 ad f1 a5 b7 da 8c 05 9e 8c 05 22 c1 a9 11 49 a5 52 a3 b5 0e 45 91 55 1f 80 2c a4 16 49 48 35 29 a9 a4 97 16 54 51 13 8b a2 12 7d e6 b6 e9 96 41 36 d9 47 bb b5 92 ea d9 d4 25 5a 19 a6 05 51 c2 08 14 aa 69 24 8e e5 35 63 27 44 13 74 a7 de 96 c4 92 3e b8 97 a9 16 d4 d5 05 22 79 2b 64 c6 7e d9 91 89 89 50 28 6c 5f 76 3d 99 f4 c6 dd c2 88 0a 5b 16 74 ef 5d 30 ed 34 2e 2e c8 d7 40 6b a3 9f 9a 45 Data Ascii: L?Js5QEPruh.odfd~HQHF)j4o6mT/2W5R(J J1CT/If8`J,k&$-QIC"IREU,IH5)TQ}A6G%ZQi$5c'Dt>"y+d~P(l_v=[t]04..@kE
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 86 2c 26 36 f4 08 9a de 15 84 1a 30 c9 6c d4 8b 26 a4 ec 8d 76 99 85 d4 53 d4 a6 7f 73 f4 ee fb d0 bd f7 3d a9 e4 9a 36 76 57 dd f3 54 b6 2c 4b b2 5c 0b c9 47 e7 dc 73 51 b6 2e 2e 14 95 7e a2 02 c1 19 99 e8 49 5d 5c a6 68 68 4e 03 70 13 44 32 27 c1 b8 84 72 e6 b3 bd 49 0b da 44 14 e8 a8 d5 44 d7 c0 46 ad 37 77 e3 a8 a8 69 e1 52 3a 49 14 ec b9 46 12 dd d5 d7 7e 86 9e 91 01 6b 2c 09 e2 99 9a 2f 3f 59 60 4c bf e0 0b eb e9 ed 6b 34 53 8f 8b d8 e1 d7 f1 46 f3 9f 3c f1 85 e5 42 2e 10 08 04 02 c1 d7 c9 44 f7 5e 14 dd 41 98 a4 ad 15 3d 94 20 8c a2 4a 51 68 e3 02 a6 5c 13 43 a9 2b 23 82 56 a5 b7 df 5a 96 a9 2b ad 31 07 45 5c 93 c8 a5 05 4f d1 05 1f 2f 31 f0 32 c9 95 37 78 29 9f 50 27 6a 7e 60 0b 13 15 08 16 d6 89 7e f3 3b 34 d1 54 b7 96 a4 57 37 c7 5c 35 0f 52 a9 Data Ascii: ,&60l&vSs=6vWT,K\GsQ..~I]\hhNpD2'rIDDF7wiR:IF~k,/?Y`Lk4SF<B.D^A= JQh\C+#VZ+1E\O/127x)P'j~`~;4TW7\5R
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 5a 8c a9 3a 77 3a 1d db 69 a2 f0 7b cd fc 67 db 54 e5 44 1f 46 8f c7 44 48 d4 db 6f 8f 2c 19 3a 97 ce dc bd c0 d0 79 84 42 37 f1 83 cd 22 2a 91 3e 3a 2c dd f0 33 b2 3d d7 32 e9 77 78 d9 51 2e ee c7 33 8d b9 26 29 3a 37 35 45 07 c0 50 b4 e6 6e 0f 28 89 ae b6 dd d6 31 28 7e 1b 6f ee 8a 18 74 5d af ab ce 95 e7 0a ae e1 98 a4 c6 b6 b4 2c 68 69 bd b9 c0 9f 35 9b c5 62 92 a2 58 45 64 b3 a1 1d 14 e6 a2 19 d7 34 f8 3a 4d 14 74 52 7c 6c d6 fa d6 dc 96 64 50 24 50 e3 cc 85 74 68 eb 04 51 a7 8d 92 22 ea f6 4a 23 8b 76 c6 98 bb 2b 5e 16 8b c3 13 0a a2 aa a2 a8 b6 09 51 a6 89 56 6d fa eb 22 49 94 95 db 56 6d a5 af 55 b1 f2 5b 35 05 a6 d2 e6 de 4a 0f 96 09 aa 8f d2 9a 68 b4 f6 28 56 5f 14 49 7e 2a a3 6d 1d d5 3c eb 20 07 9a 8c 85 96 d5 3b 71 68 19 9d ff 12 ff 04 1d 12 Data Ascii: Z:w:i{gTDFDHo,:yB7">:,3=2wxQ.3&):75EPn(1(~ot],hi5bXEd4:MtR\|ldP$PthQ"J#v+^QVm"IVmU[5Jh(V_I~m< ;qh
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: e2 10 6e 99 5f d7 7e db 9a 6c 2c fa 09 8f 4a 92 2f cc 71 9f 2f 05 e2 5a 36 2e ee cd f3 f1 dd 37 f9 4b 2a d9 9d c3 f8 2c db 59 7f 4f 54 a1 e8 38 c9 93 71 65 09 89 02 0e b5 8b a2 72 e7 40 3b 74 95 2e 2a c2 a2 a2 bb 28 34 51 51 23 89 0a e4 0c c1 71 10 aa 06 a3 10 42 69 18 86 d8 9e 1b d6 c9 40 68 08 cb 8a ea da a1 5b 87 4b 30 4d ac a7 6e 90 13 dd 6a a2 db 63 7b 7c 57 4d b4 4e 99 92 6d cf 85 34 0a 92 a2 64 7b d4 f2 a8 ca 86 be 34 5b a2 7b ba 42 b7 29 5d ba f5 a6 d6 45 0f 74 52 54 8f 8a 2a 28 35 31 d1 4e 78 80 1a 8b 3a 17 4a 13 4d de e1 15 17 d8 9d 4b a0 72 7e 7c cc 5c c7 91 d2 fe b2 88 68 bf 74 5c b4 7f 0c c2 a0 d7 20 27 4a c1 b4 af 66 4d e5 7a e8 5c b5 e6 1e eb c2 5c 45 a1 b6 32 77 76 a5 35 d1 fd d9 fe ec f0 50 59 73 87 87 43 81 a2 e2 d1 3d 2f 60 54 d5 14 45 Data Ascii: n_~l,J/q/Z6.7K,YOT8qer@;t.(4QQ#qBi@h[K0Mnjc{\|WMNm4d{4[{B)]EtRT*(51Nx:JMKr~\|\ht\ 'JfMz\\E2wv5PYsC=/`TE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.16	49815	151.101.193.108	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:35 UTC	561	OUT	GET /dmp/up/pixie.js HTTP/1.1 Host: acdn.adnxs.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:35 UTC	565	IN	HTTP/1.1 200 OK Connection: close Content-Length: 22654 Server: nginx/1.18.0 (Ubuntu) Content-Type: application/javascript Last-Modified: Wed, 19 Jun 2024 17:09:07 GMT ETag: "667310b3-587e" Expires: Wed, 07 Aug 2024 08:12:55 GMT Cache-Control: max-age=86402 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 19918 Date: Fri, 30 Aug 2024 17:06:35 GMT X-Served-By: cache-lga21930-LGA, cache-ewr-kewr1740020-EWR X-Cache: HIT, HIT X-Cache-Hits: 1774, 0 X-Timer: S1725037595.124390,VS0,VE1 Vary: Accept-Encoding
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 37 30 32 38 3a 28 65 2c 74 29 3d 3e 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 63 6f 6e 66 69 67 3d 74 2e 50 69 78 69 65 43 6f 6e 66 69 67 3d 76 6f 69 64 20 30 3b 63 6c 61 73 73 20 6e 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 62 61 73 65 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 2f 70 69 78 69 65 22 2c 74 68 69 73 2e 75 70 42 61 73 65 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 2f 70 69 78 69 65 2f 75 70 22 2c 74 68 69 73 2e 6c 6f 67 67 69 6e 67 3d 21 31 2c 74 68 69 73 2e 75 70 41 74 74 Data Ascii: (()=>{"use strict";var e={7028:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.config=t.PixieConfig=void 0;class n{constructor(){this.baseURL="https://ib.adnxs.com/pixie",this.upBaseURL="https://ib.adnxs.com/pixie/up",this.logging=!1,this.upAtt
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 43 4b 5f 50 49 58 45 4c 5f 45 56 45 4e 54 5f 46 41 49 4c 55 52 45 2c 7b 74 72 61 63 6b 45 76 65 6e 74 3a 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 6f 29 2c 7b 6c 6f 61 64 44 75 72 61 74 69 6f 6e 3a 74 7d 29 7d 29 7d 29 29 2e 73 65 6e 64 28 29 7d 7d 2c 37 35 31 34 3a 28 65 2c 74 2c 6e 29 3d 3e 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 6c 6f 67 67 65 72 3d 74 2e 43 6f 6e 73 6f 6c 65 4c 6f 67 67 65 72 3d 76 6f 69 64 20 30 3b 63 6f 6e 73 74 20 69 3d 6e 28 37 30 32 38 29 3b 63 6c 61 73 73 20 72 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 7b 6c 61 62 65 6c 3a 65 7d 3d 7b 7d 29 7b 74 68 69 73 2e 6c 61 62 Data Ascii: CK_PIXEL_EVENT_FAILURE,{trackEvent:Object.assign(Object.assign({},o),{loadDuration:t})})})).send()}},7514:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.logger=t.ConsoleLogger=void 0;const i=n(7028);class r{constructor({label:e}={}){this.lab
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 69 73 2e 70 72 6f 70 65 72 74 69 65 73 2e 70 75 73 68 28 7b 6b 65 79 3a 65 2c 76 61 6c 75 65 3a 74 7d 29 7d 2c 74 68 69 73 2e 73 65 6e 64 3d 28 29 3d 3e 7b 69 66 28 21 74 68 69 73 2e 69 73 53 65 6e 74 29 7b 63 6f 6e 73 74 20 65 3d 74 68 69 73 2e 62 75 69 6c 64 55 52 4c 28 29 3b 72 2e 6c 6f 67 67 65 72 2e 64 65 62 75 67 28 60 52 65 71 75 65 73 74 20 70 69 78 65 6c 20 55 52 4c 3a 20 24 7b 65 7d 60 29 3b 63 6f 6e 73 74 20 74 3d 6e 65 77 20 49 6d 61 67 65 28 31 2c 31 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 6f 6e 65 72 72 6f 72 3d 74 68 69 73 2e 6f 6e 50 69 78 65 6c 4c 6f 61 64 28 21 31 29 2c 74 2e 6f 6e 6c 6f 61 64 3d 74 68 69 73 2e 6f 6e 50 69 78 65 6c 4c 6f 61 64 28 21 30 29 2c 74 68 69 73 2e 73 74 61 72 74 54 69 6d 65 3d 6f 2e 54 69 6d 65 72 2e 6e 6f 77 28 29 Data Ascii: is.properties.push({key:e,value:t})},this.send=()=>{if(!this.isSent){const e=this.buildURL();r.logger.debug(`Request pixel URL: ${e}`);const t=new Image(1,1);t.src=e,t.onerror=this.onPixelLoad(!1),t.onload=this.onPixelLoad(!0),this.startTime=o.Timer.now()
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 3d 5b 5d 29 7b 74 68 69 73 2e 76 65 72 73 69 6f 6e 3d 22 30 2e 30 2e 33 38 22 2c 74 68 69 73 2e 70 69 78 65 6c 49 64 73 3d 5b 5d 2c 74 68 69 73 2e 75 65 74 48 61 6e 64 6c 65 72 3d 6e 75 6c 6c 2c 74 68 69 73 2e 61 63 74 69 6f 6e 51 75 65 75 65 3d 5b 5d 2c 74 68 69 73 2e 75 65 74 41 63 74 69 6f 6e 51 75 65 75 65 3d 5b 5d 2c 74 68 69 73 2e 68 61 73 55 45 54 3d 21 31 2c 74 68 69 73 2e 71 75 65 75 65 41 63 74 69 6f 6e 3d 28 65 2c 74 2c 6e 29 3d 3e 7b 63 6f 6e 73 74 7b 61 63 74 69 6f 6e 51 75 65 75 65 3a 69 7d 3d 74 68 69 73 3b 74 68 69 73 2e 70 69 78 65 6c 49 64 73 2e 6c 65 6e 67 74 68 7c 7c 22 69 6e 69 74 22 3d 3d 3d 65 3f 74 68 69 73 2e 70 72 6f 63 65 73 73 41 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 3a 28 73 2e 6c 6f Data Ascii: s{constructor(e=[]){this.version="0.0.38",this.pixelIds=[],this.uetHandler=null,this.actionQueue=[],this.uetActionQueue=[],this.hasUET=!1,this.queueAction=(e,t,n)=>{const{actionQueue:i}=this;this.pixelIds.length\|\|"init"===e?this.processAction(e,t,n):(s.lo
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 21 3d 74 68 69 73 2e 75 65 74 48 61 6e 64 6c 65 72 3f 74 68 69 73 2e 75 65 74 54 72 61 63 6b 28 74 2c 6e 29 3a 74 68 69 73 2e 75 65 74 41 63 74 69 6f 6e 51 75 65 75 65 2e 70 75 73 68 28 7b 61 63 74 69 6f 6e 3a 65 2c 61 63 74 69 6f 6e 56 61 6c 75 65 3a 74 2c 70 61 72 61 6d 73 3a 6e 7d 29 29 29 3a 73 2e 6c 6f 67 67 65 72 2e 65 72 72 6f 72 28 60 43 6f 75 6c 64 20 6e 6f 74 20 66 69 6e 64 20 61 63 74 69 6f 6e 20 27 24 7b 65 7d 27 60 29 7d 2c 74 68 69 73 2e 73 65 74 55 65 74 45 76 65 6e 74 48 61 6e 64 6c 65 72 3d 65 3d 3e 7b 73 2e 6c 6f 67 67 65 72 2e 64 65 62 75 67 28 22 73 65 74 55 65 74 45 76 65 6e 74 48 61 6e 64 6c 65 72 22 2c 65 29 2c 74 68 69 73 2e 75 65 74 48 61 6e 64 6c 65 72 3d 65 2c 74 68 69 73 2e 75 65 74 54 72 61 63 6b 28 22 50 61 67 65 56 69 65 77 Data Ascii: !=this.uetHandler?this.uetTrack(t,n):this.uetActionQueue.push({action:e,actionValue:t,params:n}))):s.logger.error(`Could not find action '${e}'`)},this.setUetEventHandler=e=>{s.logger.debug("setUetEventHandler",e),this.uetHandler=e,this.uetTrack("PageView
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 6e 69 74 54 69 6d 65 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 3b 74 68 69 73 2e 6d 69 64 3d 28 30 2c 69 2e 76 34 29 28 29 2c 74 68 69 73 2e 70 69 78 65 6c 49 64 73 2e 70 75 73 68 28 6e 29 2c 28 30 2c 61 2e 62 72 6f 61 64 63 61 73 74 45 76 65 6e 74 29 28 61 2e 49 4e 49 54 5f 50 49 58 45 4c 2c 7b 70 69 78 65 6c 3a 6e 7d 29 3b 63 6f 6e 73 74 20 6f 3d 61 77 61 69 74 20 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 72 79 7b 63 6f 6e 73 74 20 6e 3d 7b 70 69 3a 65 7d 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 75 6c 6c 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 70 73 45 6e 61 62 6c 65 64 29 26 26 28 6e 2e 70 73 45 6e 61 62 6c 65 64 3d 74 2e 70 73 45 6e 61 62 6c 65 64 29 3b 63 6f 6e 73 74 20 69 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 Data Ascii: nitTime:(new Date).getTime()};this.mid=(0,i.v4)(),this.pixelIds.push(n),(0,a.broadcastEvent)(a.INIT_PIXEL,{pixel:n});const o=await async function(e,t){try{const n={pi:e};void 0!==(null==t?void 0:t.psEnabled)&&(n.psEnabled=t.psEnabled);const i=Object.keys(
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 20 74 2e 73 6c 69 63 65 28 2d 65 29 7d 2c 74 68 69 73 2e 53 42 3d 65 3d 3e 28 65 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 69 6e 67 28 31 2c 33 29 2c 74 68 69 73 2e 62 61 73 65 55 52 4c 3d 69 2c 22 22 21 3d 3d 74 68 69 73 2e 62 61 73 65 55 52 4c 29 7b 63 6f 6e 73 74 20 69 3d 74 3b 74 68 69 73 2e 75 70 41 74 74 72 4e 61 6d 65 3d 22 75 70 6f 5f 22 2b 74 68 69 73 2e 6d 61 6b 65 52 61 6e 64 6f 6d 53 74 72 28 31 30 29 2c 77 69 6e 64 6f 77 5b 69 5d 3d 74 68 69 73 2e 75 70 41 74 74 72 4e 61 6d 65 2c 77 69 6e 64 6f 77 5b 74 68 69 73 2e 75 70 41 74 74 72 4e 61 6d 65 5d 3d 65 2c 74 68 69 73 2e 6c 6f 61 64 55 45 54 4a 53 28 6e 2c 74 68 69 73 2e 6f 6e 6c 6f 61 64 43 61 6c 6c 62 61 63 6b 2c 74 68 69 73 2e 6f 6e 45 72 72 43 61 6c 6c 62 Data Ascii: t.slice(-e)},this.SB=e=>(e+256).toString(16).substring(1,3),this.baseURL=i,""!==this.baseURL){const i=t;this.upAttrName="upo_"+this.makeRandomStr(10),window[i]=this.upAttrName,window[this.upAttrName]=e,this.loadUETJS(n,this.onloadCallback,this.onErrCallb
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 61 3a 31 2c 74 79 70 65 5f 49 44 3a 31 2c 62 3a 31 7d 7d 2c 75 3d 65 3d 3e 60 24 7b 65 7d 5f 58 41 4e 44 52 60 2c 6c 3d 65 3d 3e 5b 60 63 3d 24 7b 65 7d 60 5d 3b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 72 65 74 75 72 6e 22 6a 6f 69 6e 41 64 49 6e 74 65 72 65 73 74 47 72 6f 75 70 22 69 6e 20 6e 61 76 69 67 61 74 6f 72 26 26 64 6f 63 75 6d 65 6e 74 2e 66 65 61 74 75 72 65 50 6f 6c 69 63 79 2e 61 6c 6c 6f 77 73 46 65 61 74 75 72 65 28 22 6a 6f 69 6e 2d 61 64 2d 69 6e 74 65 72 65 73 74 2d 67 72 6f 75 70 22 29 26 26 64 6f 63 75 6d 65 6e 74 2e 66 65 61 74 75 72 65 50 6f 6c 69 63 79 2e 61 6c 6c 6f 77 73 46 65 61 74 75 72 65 28 22 72 75 6e 2d 61 64 2d 61 75 63 74 69 6f 6e 22 29 7d 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 63 6f 6e 73 74 20 74 3d Data Ascii: a:1,type_ID:1,b:1}},u=e=>`${e}_XANDR`,l=e=>[`c=${e}`];function d(){return"joinAdInterestGroup"in navigator&&document.featurePolicy.allowsFeature("join-ad-interest-group")&&document.featurePolicy.allowsFeature("run-ad-auction")}async function c(e){const t=
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 65 50 72 6f 70 65 72 74 79 28 74 2c 22 4e 49 4c 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 64 65 66 61 75 6c 74 7d 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 70 61 72 73 65 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 2e 64 65 66 61 75 6c 74 7d 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 73 74 72 69 6e 67 69 66 79 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 64 2e 64 65 66 61 75 6c 74 7d 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 Data Ascii: eProperty(t,"NIL",{enumerable:!0,get:function(){return a.default}}),Object.defineProperty(t,"parse",{enumerable:!0,get:function(){return c.default}}),Object.defineProperty(t,"stringify",{enumerable:!0,get:function(){return d.default}}),Object.defineProper
2024-08-30 17:06:35 UTC	1371	IN	Data Raw: 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 64 65 66 61 75 6c 74 3d 76 6f 69 64 20 30 3b 74 2e 64 65 66 61 75 6c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 29 7b 63 6f 6e 73 74 20 74 3d 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 29 29 3b 65 3d 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 74 2e 6c 65 6e 67 74 68 29 3b 66 6f 72 28 6c 65 74 20 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 65 5b 6e 5d 3d 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6e 29 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 6f 6e 73 74 20 74 3d 5b 5d 2c 6e 3d 33 32 2a 65 2e 6c 65 6e 67 74 68 2c 69 3d 22 30 31 32 33 34 35 36 37 38 39 61 62 63 64 65 66 22 3b 66 6f 72 Data Ascii: alue:!0}),t.default=void 0;t.default=function(e){if("string"==typeof e){const t=unescape(encodeURIComponent(e));e=new Uint8Array(t.length);for(let n=0;n<t.length;++n)e[n]=t.charCodeAt(n)}return function(e){const t=[],n=32*e.length,i="0123456789abcdef";for

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.16	49814	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:35 UTC	578	OUT	GET /scripts/c/ms.jsll-3.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:35 UTC	960	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:35 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 185160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: no-transform, public, max-age=1800, immutable Last-Modified: Mon, 01 Jul 2024 17:04:14 GMT ETag: 0x8DC99EFD5B33A6F x-ms-request-id: 6db44fd7-b01e-00d5-1a9f-f5c2cc000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.18 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.18.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240830T170635Z-16579567576rt7gkm43y59pk3800000003n0000000004kkp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:35 UTC	15424	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 33 2e 32 2e 31 38 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 21 3d 6e 29 74 28 65 78 70 6f 72 74 73 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 Data Ascii: /! 1DS JSLL SKU, 3.2.18 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&def
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 39 36 37 32 39 35 7c 33 26 74 29 3e 3e 3e 30 2c 6e 3d 30 29 3b 72 65 74 75 72 6e 20 72 7d 76 61 72 20 57 72 3d 65 2c 47 72 3d 22 32 2e 38 2e 31 38 22 2c 58 72 3d 22 2e 22 2b 4b 72 28 36 29 2c 51 72 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 4a 72 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 5b 4d 5d 7c 7c 39 3d 3d 3d 65 5b 4d 5d 7c 7c 21 2b 65 5b 4d 5d 7d 66 75 6e 63 74 69 6f 6e 20 59 72 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 4d 74 28 65 2b 51 72 2b 2b 2b 28 28 74 3d 76 6f 69 64 20 30 21 3d 3d 74 26 26 74 29 3f 22 2e 22 2b 47 72 3a 70 29 2b 58 72 29 7d 66 75 6e 63 74 69 6f 6e 20 24 72 28 65 29 7b 76 61 72 20 61 3d 7b 69 64 3a 59 72 28 22 5f 61 69 44 61 74 61 2d 22 2b 28 65 7c 7c 70 29 2b 22 2e 22 2b 47 72 29 2c 61 63 63 65 70 74 3a 4a 72 2c 67 65 74 3a 66 75 Data Ascii: 967295\|3&t)>>>0,n=0);return r}var Wr=e,Gr="2.8.18",Xr="."+Kr(6),Qr=0;function Jr(e){return 1===e[M]\|\|9===e[M]\|\|!+e[M]}function Yr(e,t){return Mt(e+Qr+++((t=void 0!==t&&t)?"."+Gr:p)+Xr)}function $r(e){var a={id:Yr("_aiData-"+(e\|\|p)+"."+Gr),accept:Jr,get:fu
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 2c 68 5b 51 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 4e 26 26 74 6e 28 55 61 29 2c 68 5b 68 65 5d 28 29 26 26 74 6e 28 22 43 6f 72 65 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 69 6e 69 74 69 61 6c 69 7a 65 64 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 63 65 22 29 2c 43 3d 65 7c 7c 7b 7d 2c 68 5b 76 65 5d 3d 43 2c 59 28 65 5b 6d 65 5d 29 26 26 74 6e 28 22 50 6c 65 61 73 65 20 70 72 6f 76 69 64 65 20 69 6e 73 74 72 75 6d 65 6e 74 61 74 69 6f 6e 20 6b 65 79 22 29 2c 69 3d 72 2c 68 5b 4c 61 5d 3d 72 3b 65 3d 5a 74 28 43 2e 64 69 73 61 62 6c 65 44 62 67 45 78 74 29 2c 21 30 3d 3d 3d 65 26 26 50 26 26 28 69 5b 49 65 5d 28 50 29 2c 50 3d 6e 75 6c 6c 29 2c 69 26 26 21 50 26 26 21 30 21 3d 3d 65 26 26 28 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b Data Ascii: ,h[Q]=function(e,t,n,r){N&&tn(Ua),h[he]()&&tn("Core should not be initialized more than once"),C=e\|\|{},h[ve]=C,Y(e[me])&&tn("Please provide instrumentation key"),i=r,h[La]=r;e=Zt(C.disableDbgExt),!0===e&&P&&(i[Ie](P),P=null),i&&!P&&!0!==e&&(P=function(e){
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 6f 6e 20 4b 73 28 65 29 7b 76 61 72 20 74 2c 6e 3d 6e 75 6c 6c 3b 69 66 28 65 29 74 72 79 7b 65 5b 4c 73 5d 3f 6e 3d 7a 73 28 65 5b 4c 73 5d 29 3a 65 5b 4d 73 5d 26 26 65 5b 4d 73 5d 5b 4c 73 5d 3f 6e 3d 7a 73 28 65 5b 4d 73 5d 5b 4c 73 5d 29 3a 65 2e 65 78 63 65 70 74 69 6f 6e 26 26 65 2e 65 78 63 65 70 74 69 6f 6e 5b 4c 73 5d 3f 6e 3d 7a 73 28 65 2e 65 78 63 65 70 74 69 6f 6e 5b 4c 73 5d 29 3a 6a 73 28 65 29 3f 6e 3d 65 3a 6a 73 28 65 5b 55 73 5d 29 3f 6e 3d 65 5b 55 73 5d 3a 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6f 70 65 72 61 26 26 65 5b 48 73 5d 3f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 65 5b 77 6f 5d 28 22 5c 6e 22 29 2c 72 3d 30 3b 72 3c 6e 5b 68 5d 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 6e 5b 72 Data Ascii: on Ks(e){var t,n=null;if(e)try{e[Ls]?n=zs(e[Ls]):e[Ms]&&e[Ms][Ls]?n=zs(e[Ms][Ls]):e.exception&&e.exception[Ls]?n=zs(e.exception[Ls]):js(e)?n=e:js(e[Us])?n=e[Us]:window&&window.opera&&e[Hs]?n=function(e){for(var t=[],n=e[wo]("\n"),r=0;r<n[h];r++){var i=n[r
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 6b 54 72 61 63 65 20 66 61 69 6c 65 64 2c 20 74 72 61 63 65 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 76 28 72 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 73 65 28 72 29 7d 29 7d 7d 2c 53 2e 74 72 61 63 6b 4d 65 74 72 69 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 72 79 7b 76 61 72 20 6e 3d 54 63 28 65 2c 74 63 5b 52 63 5d 2c 74 63 5b 4d 63 5d 2c 53 5b 4c 63 5d 28 29 2c 74 29 3b 53 5b 47 5d 5b 55 63 5d 28 6e 29 7d 63 61 74 63 68 28 72 29 7b 64 28 31 2c 33 36 2c 22 74 72 61 63 6b 4d 65 74 72 69 63 20 66 61 69 6c 65 64 2c 20 6d 65 74 72 69 63 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 76 28 72 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 73 65 28 72 29 7d 29 7d 7d 2c 53 5b 56 63 5d 3d 66 75 Data Ascii: kTrace failed, trace will not be collected: "+v(r),{exception:se(r)})}},S.trackMetric=function(e,t){try{var n=Tc(e,tc[Rc],tc[Mc],S[Lc](),t);S[G][Uc](n)}catch(r){d(1,36,"trackMetric failed, metric will not be collected: "+v(r),{exception:se(r)})}},S[Vc]=fu
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 7c 4c 74 28 72 2c 22 2f 22 29 29 26 26 28 61 2e 73 79 6e 63 3d 33 29 29 2c 65 26 26 28 61 2e 74 61 72 67 65 74 55 72 69 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 22 3b 73 77 69 74 63 68 28 74 2e 74 61 67 4e 61 6d 65 29 7b 63 61 73 65 22 41 22 3a 63 61 73 65 22 41 52 45 41 22 3a 65 3d 74 2e 68 72 65 66 7c 7c 22 22 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4d 47 22 3a 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 7b 76 61 72 20 65 3d 4d 75 28 74 2c 4c 75 29 3b 69 66 28 65 26 26 31 3d 3d 3d 65 2e 6c 65 6e 67 74 68 29 7b 69 66 28 65 5b 30 5d 2e 68 72 65 66 29 72 65 74 75 72 6e 20 65 5b 30 5d 2e 68 72 65 66 3b 69 66 28 65 5b 30 5d 2e 73 72 63 29 72 65 74 75 72 6e 20 65 5b 30 5d 2e 73 72 63 7d 7d 72 65 74 75 72 6e 22 22 7d 28 29 3b 62 72 Data Ascii: \|Lt(r,"/"))&&(a.sync=3)),e&&(a.targetUri=function(t){var e="";switch(t.tagName){case"A":case"AREA":e=t.href\|\|"";break;case"IMG":e=function(){if(t){var e=Mu(t,Lu);if(e&&1===e.length){if(e[0].href)return e[0].href;if(e[0].src)return e[0].src}}return""}();br
2024-08-30 17:06:35 UTC	16384	IN	Data Raw: 72 79 28 65 2c 74 29 7d 2c 66 2e 74 72 61 63 6b 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 29 7b 6e 2e 6c 61 74 65 6e 63 79 3d 6e 2e 6c 61 74 65 6e 63 79 7c 7c 31 2c 6e 2e 62 61 73 65 44 61 74 61 3d 6e 2e 62 61 73 65 44 61 74 61 7c 7c 7b 7d 2c 6e 2e 64 61 74 61 3d 6e 2e 64 61 74 61 7c 7c 7b 7d 2c 75 65 28 65 29 26 26 65 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 2e 64 61 74 61 5b 65 5d 3d 74 7d 29 2c 66 2e 63 6f 72 65 2e 74 72 61 63 6b 28 6e 29 7d 2c 66 2e 74 72 61 63 6b 50 61 67 65 56 69 65 77 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 49 2e 5f 72 65 63 6f 72 64 54 69 6d 65 53 70 61 6e 28 22 64 77 65 6c 6c 54 69 6d 65 22 2c 21 31 29 2c 54 2e 76 3d 30 2c 69 3d 21 31 2c 66 2e 69 64 2e 69 6e 69 74 69 61 6c 69 7a 65 49 64 73 28 29 Data Ascii: ry(e,t)},f.trackEvent=function(n,e){n.latency=n.latency\|\|1,n.baseData=n.baseData\|\|{},n.data=n.data\|\|{},ue(e)&&ee(e,function(e,t){n.data[e]=t}),f.core.track(n)},f.trackPageView=function(e,t){I._recordTimeSpan("dwellTime",!1),T.v=0,i=!1,f.id.initializeIds()
2024-08-30 17:06:36 UTC	16384	IN	Data Raw: 65 72 43 61 73 65 28 29 3d 3d 69 29 7b 6e 3d 21 30 3b 62 72 65 61 6b 7d 7d 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 56 66 28 65 2c 74 2c 6e 2c 72 29 7b 74 26 26 6e 26 26 30 3c 6e 2e 6c 65 6e 67 74 68 26 26 28 72 26 26 4f 66 5b 74 5d 3f 28 65 2e 68 64 72 73 5b 4f 66 5b 74 5d 5d 3d 6e 2c 65 2e 75 73 65 48 64 72 73 3d 21 30 29 3a 65 2e 75 72 6c 2b 3d 22 26 22 2b 74 2b 22 3d 22 2b 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 48 66 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 26 26 28 48 74 28 74 29 3f 65 3d 5b 74 5d 2e 63 6f 6e 63 61 74 28 65 29 3a 46 28 74 29 26 26 28 65 3d 74 2e 63 6f 6e 63 61 74 28 65 29 29 29 2c 65 7d 4d 66 28 63 66 2c 63 66 2c 21 31 29 2c 4d 66 28 6e 66 2c 6e 66 29 2c 4d 66 28 72 66 2c 22 43 6c 69 65 6e 74 2d 49 64 22 29 2c 4d 66 28 Data Ascii: erCase()==i){n=!0;break}}}return n}function Vf(e,t,n,r){t&&n&&0<n.length&&(r&&Of[t]?(e.hdrs[Of[t]]=n,e.useHdrs=!0):e.url+="&"+t+"="+n)}function Hf(e,t){return t&&(Ht(t)?e=[t].concat(e):F(t)&&(e=t.concat(e))),e}Mf(cf,cf,!1),Mf(nf,nf),Mf(rf,"Client-Id"),Mf(
2024-08-30 17:06:36 UTC	16384	IN	Data Raw: 61 74 68 2e 63 65 69 6c 28 72 29 2a 74 5b 31 5d 29 2c 30 3c 3d 6e 26 26 30 3c 3d 74 5b 31 5d 26 26 6e 3e 74 5b 31 5d 26 26 28 6e 3d 74 5b 31 5d 29 2c 74 2e 70 75 73 68 28 6e 29 2c 42 5b 65 5d 3d 74 29 7d 29 7d 2c 6c 2e 66 6c 75 73 68 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 30 29 2c 55 7c 7c 28 6e 3d 6e 7c 7c 31 2c 65 3f 6e 75 6c 6c 3d 3d 4c 3f 28 63 28 29 2c 6d 28 31 2c 30 2c 6e 29 2c 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 3d 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 61 28 31 2c 30 2c 74 29 2c 76 28 29 2c 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 44 2e 69 73 43 6f 6d 70 6c 65 74 65 6c 79 49 64 6c 65 28 29 3f 65 28 29 3a 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c Data Ascii: ath.ceil(r)*t[1]),0<=n&&0<=t[1]&&n>t[1]&&(n=t[1]),t.push(n),B[e]=t)})},l.flush=function(e,t,n){void 0===e&&(e=!0),U\|\|(n=n\|\|1,e?null==L?(c(),m(1,0,n),L=s(function(){L=null,function r(e,t){a(1,0,t),v(),function n(e){D.isCompletelyIdle()?e():L=s(function(){L
2024-08-30 17:06:36 UTC	16384	IN	Data Raw: 28 29 7d 7d 29 2c 65 7d 74 28 73 70 2c 61 70 3d 43 74 29 2c 73 70 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 63 70 3d 73 70 3b 66 75 6e 63 74 69 6f 6e 20 75 70 28 74 29 7b 76 61 72 20 6e 3d 70 6f 28 29 2c 72 3d 74 61 28 29 3b 72 65 28 75 70 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 67 65 74 54 72 61 63 65 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 26 26 74 2e 67 65 74 54 72 61 63 65 43 74 78 26 26 74 2e 67 65 74 54 72 61 63 65 43 74 78 28 29 2e 67 65 74 54 72 61 63 65 49 64 28 29 7c 7c 72 7d 2c 65 2e 67 65 74 4c 61 73 74 50 61 67 65 56 69 65 77 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 7d 29 7d 75 70 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 6c 70 3d 75 70 2c 66 70 3d 22 64 75 72 61 Data Ascii: ()}}),e}t(sp,ap=Ct),sp.__ieDyn=1;var cp=sp;function up(t){var n=po(),r=ta();re(up,this,function(e){e.getTraceId=function(){return t&&t.getTraceCtx&&t.getTraceCtx().getTraceId()\|\|r},e.getLastPageViewId=function(){return n}})}up.__ieDyn=1;var lp=up,fp="dura

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.16	49816	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:35 UTC	638	OUT	GET /shared/edgeweb/img/fluent-centered-play.83de069.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:35 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:35 GMT Content-Type: image/svg+xml Content-Length: 492 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1ec-18c5ba3a92e" Last-Modified: Tue, 12 Dec 2023 01:28:21 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170635Z-16579567576fh7f86y3uqsyhx000000003k000000000ehc6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:35 UTC	492	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 30 22 20 68 65 69 67 68 74 3d 22 37 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 20 37 30 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 33 30 2e 38 36 34 20 34 33 2e 34 32 63 2d 2e 32 35 38 20 30 2d 2e 35 2d 2e 30 34 39 2d 2e 37 32 35 2d 2e 31 34 35 61 31 2e 39 31 39 20 31 2e 39 31 39 20 30 20 30 20 31 2d 2e 35 39 33 2d 2e 33 39 36 41 31 2e 38 32 31 20 31 2e 38 32 31 20 30 20 30 20 31 20 32 39 20 34 31 2e 35 36 35 56 32 37 2e 38 35 34 61 31 2e 38 36 20 31 2e 38 36 20 30 20 30 20 31 20 31 2e 31 33 2d 31 2e 37 31 20 31 2e 39 30 35 20 31 2e 39 30 35 20 30 20 30 20 31 20 31 2e 31 38 38 2d 2e 30 38 37 63 2e 31 35 34 2e Data Ascii: <svg width="70" height="70" viewBox="0 0 70 70" xmlns="http://www.w3.org/2000/svg"><path d="M30.864 43.42c-.258 0-.5-.049-.725-.145a1.919 1.919 0 0 1-.593-.396A1.821 1.821 0 0 1 29 41.565V27.854a1.86 1.86 0 0 1 1.13-1.71 1.905 1.905 0 0 1 1.188-.087c.154.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.16	49818	4.152.133.8	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:35 UTC	607	OUT	POST /api/browser/edge/navigate/3 HTTP/1.1 Host: nav-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1579 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiQjdiaDNWNXh0UWk2MG93bzJ1UUNDQT09IiwgImhhc2giOiJ3cWZKdXFQbzlrTT0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:35 UTC	1579	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:35 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:35 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1173 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:7b18f7b7-44a8-4212-9aac-12b29c628ff9
2024-08-30 17:06:35 UTC	1173	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 61 70 70 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 78 74 22 3a 22 31 3b 63 35 66 61 61 64 35 39 2d 61 32 65 33 2d 33 31 66 32 2d 62 38 36 65 2d 61 61 66 39 35 38 65 31 32 38 32 34 3b 50 48 53 48 3a 30 30 35 3b 37 45 2d 30 35 22 2c 22 72 65 73 70 6f 6e 73 65 43 61 74 65 67 6f 72 79 22 3a 22 41 6c 6c 6f 77 65 64 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 24 74 79 70 65 22 3a 22 61 6c 6c 6f 77 22 7d 7d 2c 7b 22 24 74 79 70 65 22 3a 22 64 61 74 61 22 2c 22 69 64 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"apps.microsoft.com","inheritance":"none"},"maxAge":100800000000,"serverContext":"1;c5faad59-a2e3-31f2-b86e-aaf958e12824;PHSH:005;7E-05","responseCategory":"Allowed","result":{"$type":"allow"}},{"$type":"data","id

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.16	49817	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:35 UTC	733	OUT	GET /apppack/edgefre HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:36 UTC	1087	IN	HTTP/1.1 302 Found Date: Fri, 30 Aug 2024 17:06:35 GMT Content-Length: 0 Connection: close Cache-Control: no-cache Location: /apppack/edgefre?hl=en-us&gl=US Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: 4DdO4CmbkUOtfgxT.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170635Z-165795675766wv96mecap1swx400000003rg00000000em0r x-fd-int-roxy-purgeid: 66820184 X-Cache: TCP_MISS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.16	49819	40.118.171.167	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:36 UTC	699	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1093 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiaHFTcElqbms3b2NGRUY5dVBwMllVUT09IiwgImhhc2giOiJTS3RQWXkyVVhUMD0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:36 UTC	1093	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 4e 73 70 50 47 6c 43 51 4a 6d 46 67 65 2b 54 4b 36 55 38 36 57 57 55 4f 5a 67 41 41 45 49 6d 37 55 53 34 50 6f 65 6c 2b 44 44 56 6e 4c 31 66 37 61 54 76 67 41 46 57 37 45 61 52 4a 62 49 59 53 6d 43 62 35 4d 57 50 71 52 4f 50 2f 6c 46 4c 46 71 63 41 70 6f 34 42 62 65 67 6b 39 2b 5a 77 48 46 70 37 77 6f 4f 36 70 64 43 2b 4c 2b 38 41 6c 32 4a 2b 37 63 38 36 64 79 49 6f 4d 2b 77 41 74 65 4a 4d 43 42 79 7a 70 54 35 4f 59 76 50 71 76 Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPXNspPGlCQJmFge+TK6U86WWUOZgAAEIm7US4Poel+DDVnL1f7aTvgAFW7EaRJbIYSmCb5MWPqROP/lFLFqcApo4Bbegk9+ZwHFp7woO6pdC+L+8Al2J+7c86dyIoM+wAteJMCByzpT5OYvPqv
2024-08-30 17:06:36 UTC	302	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:36 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-08-30 17:06:36 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-08-30 17:06:36 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-08-30 17:06:36 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-08-30 17:06:37 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.16	49821	68.67.179.87	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:36 UTC	623	OUT	GET /pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd HTTP/1.1 Host: ib.adnxs.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:36 UTC	460	IN	HTTP/1.1 200 OK Server: nginx/1.23.4 Date: Fri, 30 Aug 2024 17:06:36 GMT Content-Type: application/xml Content-Length: 9 Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: https://www.microsoft.com Access-Control-Max-Age: 0 X-Proxy-Origin: 8.46.123.33; 8.46.123.33; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
2024-08-30 17:06:36 UTC	9	IN	Data Raw: 7b 22 75 70 22 3a 7b 7d 7d Data Ascii: {"up":{}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.16	49820	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:36 UTC	560	OUT	GET /tag/edvmnysmkk HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:36 UTC	528	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:36 GMT Content-Type: application/x-javascript Content-Length: 649 Connection: close Cache-Control: no-cache, no-store Expires: -1 Set-Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830; expires=Sat, 30 Aug 2025 17:06:36 GMT; path=/; secure; samesite=none; httponly Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81 x-azure-ref: 20240830T170636Z-16579567576fh7f86y3uqsyhx000000003eg00000000uvet X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-08-30 17:06:36 UTC	649	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 66 75 6e 63 74 69 6f 6e 20 73 79 6e 63 28 29 7b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 63 2e 67 69 66 22 7d 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 73 79 6e 63 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 73 79 6e 63 29 3b 69 66 28 61 5b 63 5d 2e 76 7c 7c 61 5b 63 5d 2e 74 29 72 65 74 75 72 6e 20 61 5b 63 5d 28 22 65 76 65 6e 74 22 2c 63 2c 22 64 75 70 2e 22 2b 69 2e 70 72 6f 6a 65 63 74 49 64 29 3b 61 5b 63 5d 2e 74 3d 21 30 2c 28 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 29 2e Data Ascii: !function(c,l,a,r,i,t,y){function sync(){(new Image).src="https://c.clarity.ms/c.gif"}"complete"==document.readyState?sync():window.addEventListener("load",sync);if(a[c].v\|\|a[c].t)return a[c]("event",c,"dup."+i.projectId);a[c].t=!0,(t=l.createElement(r)).

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.16	49822	4.152.133.8	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:37 UTC	607	OUT	POST /api/browser/edge/navigate/3 HTTP/1.1 Host: nav-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1594 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSFVTemkxd1RqS3k2VU1vd3AvZDZwUT09IiwgImhhc2giOiJyOEhhclFPZ3BnMD0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:37 UTC	1594	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:37 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:37 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1193 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:7b18f7b7-44a8-4212-9aac-12b29c628ff9
2024-08-30 17:06:37 UTC	1193	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 61 70 70 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 78 74 22 3a 22 31 3b 63 35 66 61 61 64 35 39 2d 61 32 65 33 2d 33 31 66 32 2d 62 38 36 65 2d 61 61 66 39 35 38 65 31 32 38 32 34 3b 50 48 53 48 3a 30 30 35 3b 37 45 2d 30 35 22 2c 22 72 65 73 70 6f 6e 73 65 43 61 74 65 67 6f 72 79 22 3a 22 41 6c 6c 6f 77 65 64 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 24 74 79 70 65 22 3a 22 61 6c 6c 6f 77 22 7d 7d 2c 7b 22 24 74 79 70 65 22 3a 22 64 61 74 61 22 2c 22 69 64 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"apps.microsoft.com","inheritance":"none"},"maxAge":100800000000,"serverContext":"1;c5faad59-a2e3-31f2-b86e-aaf958e12824;PHSH:005;7E-05","responseCategory":"Allowed","result":{"$type":"allow"}},{"$type":"data","id

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.16	49824	157.240.241.1	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:37 UTC	569	OUT	GET /en_US/fbevents.js HTTP/1.1 Host: connect.facebook.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:37 UTC	1451	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: application/x-javascript; charset=utf-8 timing-allow-origin: * reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-security-policy: default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; document-policy: force-load-at-top
2024-08-30 17:06:37 UTC	1694	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68 74 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewpor
2024-08-30 17:06:37 UTC	1	IN	Data Raw: 2f Data Ascii: /
2024-08-30 17:06:37 UTC	14661	IN	Data Raw: 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74 Data Ascii: * Copyright (c) 2017-present, Facebook, Inc. All rights reserved. You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wit
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 75 6c 6c 3b 72 65 74 75 72 6e 20 62 21 3d 6e 75 6c 6c 26 26 63 21 3d 6e 75 6c 6c 26 26 61 21 3d 6e 75 6c 6c 26 26 64 21 3d 6e 75 6c 6c 3f 7b 64 6f 6d 61 69 6e 5f 75 72 69 3a 62 2c 65 76 65 6e 74 5f 74 79 70 65 3a 63 2c 65 78 74 72 61 63 74 6f 72 5f 74 79 70 65 3a 64 2c 69 64 3a 61 7d 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 67 28 61 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 7c 7c 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 61 29 29 21 3d 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 61 2e 65 78 74 72 61 63 74 6f 72 5f 63 6f 6e 66 69 67 3b 69 66 28 61 3d 3d 6e 75 6c 6c 7c 7c 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 Data Ascii: ull;return b!=null&&c!=null&&a!=null&&d!=null?{domain_uri:b,event_type:c,extractor_type:d,id:a}:null}function g(a){if(a==null\|\|(typeof a==="undefined"?"undefined":i(a))!=="object")return null;a=a.extractor_config;if(a==null\|\|(typeof a==="undefined"?"undef
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 29 2c 63 6f 64 65 3a 62 2e 73 74 72 69 6e 67 28 29 2c 6e 61 6d 65 3a 62 2e 73 74 72 69 6e 67 28 29 2c 70 61 73 73 52 61 74 65 3a 62 2e 6e 75 6d 62 65 72 28 29 7d 29 29 3b 6b 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 0a 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 45 78 74 72 61 63 74 50 49 49 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 29 7b 76 61 72 20 6b 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6b 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e Data Ascii: ),code:b.string(),name:b.string(),passRate:b.number()}));k.exports=a})();return k.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsExtractPII",function(){return function(g,h,i,j){var k={exports:{}};k.exports;(function(){"use strict";var a=f.
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 47 65 74 49 73 49 6f 73 49 6e 41 70 70 42 72 6f 77 73 65 72 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 66 2c 67 2c 68 2c 69 29 7b 76 61 72 20 6a 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6a 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 76 61 72 20 61 3d 66 2e 6e 61 76 69 67 61 74 6f 72 2c 62 3d 61 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 64 65 78 4f 66 28 22 41 70 70 6c 65 57 65 62 4b 69 74 22 29 2c 63 3d 61 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 64 65 78 4f 66 28 22 46 42 49 4f 53 22 29 2c 64 3d 61 2e 75 73 Data Ascii: sureModuleRegistered("signalsFBEventsGetIsIosInAppBrowser",function(){return function(f,g,h,i){var j={exports:{}};j.exports;(function(){"use strict";function a(){var a=f.navigator,b=a.userAgent.indexOf("AppleWebKit"),c=a.userAgent.indexOf("FBIOS"),d=a.us
2024-08-30 17:06:37 UTC	1722	IN	Data Raw: 72 65 74 75 72 6e 20 6c 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 0a 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 4d 6f 64 75 6c 65 45 6e 63 6f 64 69 6e 67 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 69 2c 6a 2c 6b 29 7b 76 61 72 20 6c 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6c 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 79 70 65 64 22 29 2c 62 3d 61 2e 63 6f 65 72 63 65 2c 63 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 Data Ascii: return l.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsModuleEncodings",function(){return function(g,i,j,k){var l={exports:{}};l.exports;(function(){"use strict";var a=f.getFbeventsModules("SignalsFBEventsTyped"),b=a.coerce,c=f.getFbevent
2024-08-30 17:06:37 UTC	14662	IN	Data Raw: 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 7b 45 4e 44 50 4f 49 4e 54 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 74 72 2f 22 2c 49 4e 53 54 41 47 52 41 4d 5f 54 52 49 47 47 45 52 5f 41 54 54 52 49 42 55 54 49 4f 4e 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 74 72 2f 22 2c 41 45 4d 5f 45 4e 44 50 4f 49 4e 54 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 2e 77 65 6c 6c 2d 6b 6e 6f 77 6e 2f 61 67 67 72 65 67 61 74 65 64 2d 65 76 65 6e 74 2d 6d 65 61 73 75 72 65 6d 65 6e 74 2f 22 2c 47 50 53 5f 45 4e 44 50 4f 49 4e 54 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d Data Ascii: ;(function(){"use strict";var a={ENDPOINT:"https://www.facebook.com/tr/",INSTAGRAM_TRIGGER_ATTRIBUTION:"https://www.instagram.com/tr/",AEM_ENDPOINT:"https://www.facebook.com/.well-known/aggregated-event-measurement/",GPS_ENDPOINT:"https://www.facebook.com
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 6c 6f 67 45 72 72 6f 72 3b 66 75 6e 63 74 69 6f 6e 20 64 28 62 2c 64 29 7b 74 72 79 7b 69 66 28 21 67 2e 6e 61 76 69 67 61 74 6f 72 7c 7c 21 67 2e 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 29 72 65 74 75 72 6e 21 31 3b 64 3d 64 7c 7c 7b 7d 3b 64 3d 64 2e 75 72 6c 3b 64 3d 64 3d 3d 3d 76 6f 69 64 20 30 3f 61 2e 45 4e 44 50 4f 49 4e 54 3a 64 3b 62 2e 72 65 70 6c 61 63 65 45 6e 74 72 79 28 22 72 71 6d 22 2c 22 53 42 22 29 3b 72 65 74 75 72 6e 20 67 2e 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 28 64 2c 62 2e 74 6f 46 6f 72 6d 44 61 74 61 28 29 29 7d 63 61 74 63 68 28 61 29 7b 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 26 26 63 28 6e 65 77 20 45 72 72 6f 72 28 22 5b 53 65 6e 64 42 65 61 63 6f 6e 5d 3a 22 2b 61 2e Data Ascii: logError;function d(b,d){try{if(!g.navigator\|\|!g.navigator.sendBeacon)return!1;d=d\|\|{};d=d.url;d=d===void 0?a.ENDPOINT:d;b.replaceEntry("rqm","SB");return g.navigator.sendBeacon(d,b.toFormData())}catch(a){a instanceof Error&&c(new Error("[SendBeacon]:"+a.
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 70 2c 73 74 72 69 6e 67 4f 72 4e 75 6d 62 65 72 3a 71 2c 74 75 70 6c 65 3a 45 2c 77 69 74 68 56 61 6c 69 64 61 74 69 6f 6e 3a 46 2c 66 75 6e 63 3a 74 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 7b 54 79 70 65 64 3a 49 2c 63 6f 65 72 63 65 3a 41 2c 65 6e 66 6f 72 63 65 3a 42 2c 46 42 45 76 65 6e 74 73 43 6f 65 72 63 69 6f 6e 45 72 72 6f 72 3a 67 7d 7d 29 28 29 3b 72 65 74 75 72 6e 20 65 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 0a 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 54 79 70 65 56 65 72 73 69 6f 6e 69 6e 67 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 29 7b 76 61 72 20 6b 3d 7b 65 78 70 6f 72 Data Ascii: p,stringOrNumber:q,tuple:E,withValidation:F,func:t};e.exports={Typed:I,coerce:A,enforce:B,FBEventsCoercionError:g}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsTypeVersioning",function(){return function(g,h,i,j){var k={expor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.16	49823	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:37 UTC	748	OUT	GET /apppack/edgefre?hl=en-us&gl=US HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:37 UTC	1103	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:37 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=43200 Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: pmH5qwOix0agKrmh.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170637Z-165795675766wv96mecap1swx400000003p000000000r2mm x-fd-int-roxy-purgeid: 66820184 X-Cache: TCP_MISS
2024-08-30 17:06:37 UTC	15281	IN	Data Raw: 31 35 64 32 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 41 70 70 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 6d 65 64 69 61 3d 22 28 70 72 65 66 65 72 73 Data Ascii: 15d2<!DOCTYPE html><html lang="en-us" dir="ltr"><head> <meta charset="utf-8" /> <title>Microsoft Apps</title> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="theme-color" media="(prefers
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 22 61 64 64 4f 6e 50 72 69 63 65 52 61 6e 67 65 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 72 65 63 75 72 72 65 6e 63 65 50 6f 6c 69 63 79 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 64 65 76 69 63 65 46 61 6d 69 6c 79 44 69 73 61 6c 6c 6f 77 65 64 52 65 61 73 6f 6e 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 62 75 69 6c 74 46 6f 72 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 72 65 76 69 73 69 6f 6e 49 64 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 70 64 70 42 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 63 6f 6e 74 61 69 6e 73 44 6f 77 6e 6c 6f 61 64 50 61 63 6b 61 67 65 22 3a 20 66 61 6c 73 65 2c 0d 0a 20 20 20 Data Ascii: "addOnPriceRange": null, "recurrencePolicy": null, "deviceFamilyDisallowedReason": null, "builtFor": null, "revisionId": null, "pdpBackgroundColor": null, "containsDownloadPackage": false,
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 20 20 20 22 63 6f 6e 74 65 6e 74 54 79 70 65 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 61 72 74 69 73 74 4e 61 6d 65 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 61 72 74 69 73 74 49 64 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 61 6c 62 75 6d 54 69 74 6c 65 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 61 6c 62 75 6d 50 72 6f 64 75 63 74 49 64 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 69 73 45 78 70 6c 69 63 69 74 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 6e 75 6d 62 65 72 4f 66 53 65 61 73 6f 6e 73 22 3a 20 30 2c 0d 0a 20 20 20 20 20 20 20 20 22 72 65 6c 65 61 73 65 44 61 74 65 55 74 63 22 3a 20 22 32 30 31 37 2d 30 34 2d 30 33 54 32 33 3a 32 30 3a 32 38 2e 33 37 38 34 32 Data Ascii: "contentType": null, "artistName": null, "artistId": null, "albumTitle": null, "albumProductId": null, "isExplicit": null, "numberOfSeasons": 0, "releaseDateUtc": "2017-04-03T23:20:28.37842
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 73 54 65 6e 63 65 6e 74 22 3a 20 66 61 6c 73 65 2c 0d 0a 20 20 20 20 20 20 20 20 22 70 6c 61 74 66 6f 72 6d 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 70 72 69 76 61 63 79 55 72 6c 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 61 64 64 69 74 69 6f 6e 61 6c 54 65 72 6d 4c 69 6e 6b 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 6c 65 67 61 6c 55 72 6c 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 61 63 63 65 73 73 69 62 6c 65 22 3a 20 66 61 6c 73 65 2c 0d 0a 20 20 20 20 20 20 20 20 22 69 73 44 65 76 69 63 65 43 6f 6d 70 61 6e 69 6f 6e 41 70 70 22 3a 20 66 61 6c 73 65 2c 0d 0a 20 20 20 20 20 20 20 20 22 73 75 70 70 6f 72 74 55 72 69 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 66 65 61 74 75 Data Ascii: sTencent": false, "platforms": null, "privacyUrl": null, "additionalTermLinks": null, "legalUrl": null, "accessible": false, "isDeviceCompanionApp": false, "supportUris": null, "featu
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 54 79 70 65 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 6f 66 66 65 72 45 78 70 69 72 61 74 69 6f 6e 44 61 74 65 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 77 61 72 6e 69 6e 67 4d 65 73 73 61 67 65 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 64 65 76 69 63 65 51 75 61 6c 69 66 69 65 64 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 69 73 4d 69 63 72 6f 73 6f 66 74 50 72 6f 64 75 63 74 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 70 72 6f 64 75 63 74 46 61 6d 69 6c 79 4c 69 63 65 6e 73 65 54 65 72 6d 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 68 61 73 50 61 72 65 6e 74 42 75 6e 64 6c 65 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 68 61 73 41 6c 74 65 72 6e 61 Data Ascii: Type": null, "offerExpirationDate": null, "warningMessages": null, "deviceQualified": null, "isMicrosoftProduct": null, "productFamilyLicenseTerms": null, "hasParentBundles": null, "hasAlterna
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 73 2d 65 64 73 2d 73 73 6c 2e 78 62 6f 78 6c 69 76 65 2e 63 6f 6d 2f 69 6d 61 67 65 3f 75 72 6c 3d 34 72 74 39 2e 6c 58 44 43 34 48 5f 39 33 6c 61 56 31 5f 65 48 48 46 54 39 34 39 66 55 69 70 7a 6b 69 46 4f 42 48 33 66 41 69 5a 5a 55 43 64 59 6f 6a 77 55 79 58 32 61 54 6f 6e 53 31 61 49 77 4d 72 78 36 4e 55 49 73 48 66 55 48 53 4c 7a 6a 47 4a 46 78 78 73 47 37 32 77 41 6f 39 45 57 4a 52 34 79 51 57 79 4a 4a 61 44 62 36 72 59 63 42 74 4a 76 54 76 48 33 55 6f 41 53 34 4a 46 4e 44 61 78 47 68 6d 4b 4e 61 4d 77 67 45 6c 4c 55 52 6c 52 46 65 56 6b 4c 43 6a 6b 66 6e 58 6d 57 74 49 4e 57 5a 49 72 50 47 59 71 30 2d 26 66 6f 72 6d 61 74 3d 73 6f 75 72 63 65 22 2c 0d 0a 20 20 20 20 20 Data Ascii: "url": "https://images-eds-ssl.xboxlive.com/image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source",
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 30 35 30 63 2d 34 63 65 66 2d 38 64 34 61 2d 39 65 66 32 31 33 62 38 39 65 66 32 2e 38 33 30 38 35 66 34 64 2d 64 35 39 36 2d 34 34 30 34 2d 39 36 33 34 2d 35 35 65 36 30 61 61 33 33 61 36 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 68 65 72 6f 49 6d 61 67 65 55 72 6c 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 69 63 6f 6e 55 72 6c 42 61 63 6b 67 72 6f 75 6e 64 22 3a 20 22 74 72 61 6e 73 70 61 72 65 6e 74 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 74 72 61 69 6c 65 72 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 73 63 72 65 65 6e 73 68 6f 74 73 22 3a 20 5b 5d 2c 0d 0a 20 20 20 20 20 20 20 20 22 65 6e 63 6f 64 65 64 54 69 74 6c 65 22 3a 20 22 61 64 6f 62 65 2d 70 68 6f 74 6f 73 68 6f 70 2d 65 78 70 72 65 73 73 22 2c 0d 0a 20 20 20 20 Data Ascii: 050c-4cef-8d4a-9ef213b89ef2.83085f4d-d596-4404-9634-55e60aa33a6c", "heroImageUrl": null, "iconUrlBackground": "transparent", "trailers": null, "screenshots": [], "encodedTitle": "adobe-photoshop-express",
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 73 52 65 71 75 69 72 65 64 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 70 61 63 6b 61 67 65 41 6e 64 44 65 76 69 63 65 43 61 70 61 62 69 6c 69 74 69 65 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 6c 61 73 74 55 70 64 61 74 65 44 61 74 65 55 74 63 22 3a 20 22 30 30 30 31 2d 30 31 2d 30 31 54 30 30 3a 30 30 3a 30 30 22 2c 0d 0a 20 20 20 20 20 20 20 20 22 73 6b 75 73 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 6f 73 50 72 6f 64 75 63 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 63 61 74 65 67 6f 72 79 49 64 22 3a 20 6e 75 6c 6c 2c 0d 0a 20 20 20 20 20 20 20 20 22 73 75 62 63 61 74 65 67 6f 72 Data Ascii: sRequired": null, "packageAndDeviceCapabilities": null, "version": null, "lastUpdateDateUtc": "0001-01-01T00:00:00", "skus": null, "osProductInformation": null, "categoryId": null, "subcategor
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 20 61 6e 64 20 65 6e 74 65 72 74 61 69 6e 6d 65 6e 74 20 66 6f 72 20 77 6f 72 6b 20 61 6e 64 20 70 6c 61 79 22 2c 0d 0a 20 20 20 20 22 41 62 6f 75 74 50 61 67 65 2e 4d 65 74 61 54 69 74 6c 65 22 3a 20 22 44 69 73 63 6f 76 65 72 20 61 6e 64 20 45 78 70 6c 6f 72 65 20 41 70 70 73 20 61 6e 64 20 47 61 6d 65 73 20 61 74 20 4d 69 63 72 6f 73 6f 66 74 20 53 74 6f 72 65 22 2c 0d 0a 20 20 20 20 22 41 62 6f 75 74 50 61 67 65 2e 4d 65 74 61 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 45 78 70 6c 6f 72 65 20 61 20 76 61 73 74 20 73 65 6c 65 63 74 69 6f 6e 20 6f 66 20 73 65 63 75 72 65 20 61 70 70 73 20 61 6e 64 20 67 61 6d 65 73 20 61 74 20 4d 69 63 72 6f 73 6f 66 74 20 53 74 6f 72 65 2e 20 4c 65 61 72 6e 20 77 68 79 20 69 74 27 73 20 74 68 65 20 67 6f 2d 74 6f 20 Data Ascii: and entertainment for work and play", "AboutPage.MetaTitle": "Discover and Explore Apps and Games at Microsoft Store", "AboutPage.MetaDescription": "Explore a vast selection of secure apps and games at Microsoft Store. Learn why it's the go-to
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 63 74 44 65 74 61 69 6c 73 2e 4c 65 67 61 6c 44 69 73 63 6c 61 69 6d 65 72 4e 6f 74 65 22 3a 20 22 54 68 69 73 20 73 65 6c 6c 65 72 20 68 61 73 20 63 65 72 74 69 66 69 65 64 20 74 68 61 74 20 69 74 20 77 69 6c 6c 20 6f 6e 6c 79 20 6f 66 66 65 72 20 70 72 6f 64 75 63 74 73 20 6f 72 20 73 65 72 76 69 63 65 73 20 74 68 61 74 20 63 6f 6d 70 6c 79 20 77 69 74 68 20 61 6c 6c 20 61 70 70 6c 69 63 61 62 6c 65 20 6c 61 77 73 2e 22 2c 0d 0a 20 20 20 20 22 50 72 6f 64 75 63 74 44 65 74 61 69 6c 73 2e 52 65 70 6f 72 74 54 65 78 74 41 72 65 61 50 6c 61 63 65 68 6f 6c 64 65 72 22 3a 20 22 59 6f 75 20 63 61 6e 20 61 64 64 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 76 69 6f 6c 61 74 69 6f 6e 20 68 65 72 65 22 2c 0d 0a 20 20 20 20 Data Ascii: ctDetails.LegalDisclaimerNote": "This seller has certified that it will only offer products or services that comply with all applicable laws.", "ProductDetails.ReportTextAreaPlaceholder": "You can add more information about the violation here",

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.16	49825	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:37 UTC	690	OUT	GET /bat.js HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:37 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: private,max-age=1800 Content-Length: 49706 Content-Type: application/javascript Last-Modified: Sat, 13 Jul 2024 20:42:16 GMT Accept-Ranges: bytes ETag: "044982565d5da1:0" Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: C9FDACA4EAE6412BB37013B3CEB14A96 Ref B: EWR311000104033 Ref C: 2024-08-30T17:06:37Z Date: Fri, 30 Aug 2024 17:06:36 GMT Connection: close
2024-08-30 17:06:37 UTC	3334	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 55 45 54 28 6f 29 7b 74 68 69 73 2e 73 74 72 69 6e 67 45 78 69 73 74 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 26 26 6e 2e 6c 65 6e 67 74 68 3e 30 7d 3b 74 68 69 73 2e 64 6f 6d 61 69 6e 3d 22 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 22 3b 74 68 69 73 2e 64 6f 6d 61 69 6e 43 6c 3d 22 62 61 74 2e 62 69 6e 67 2e 6e 65 74 22 3b 74 68 69 73 2e 55 52 4c 4c 45 4e 47 54 48 4c 49 4d 49 54 3d 34 30 39 36 3b 74 68 69 73 2e 70 61 67 65 4c 6f 61 64 45 76 74 3d 22 70 61 67 65 4c 6f 61 64 22 3b 74 68 69 73 2e 63 75 73 74 6f 6d 45 76 74 3d 22 63 75 73 74 6f 6d 22 3b 74 68 69 73 2e 70 61 67 65 56 69 65 77 45 76 74 3d 22 70 61 67 65 5f 76 69 65 77 22 3b 6f 2e 56 65 72 3d 6f 2e 56 65 72 21 3d 3d 75 6e 64 65 66 69 6e 65 64 26 26 Data Ascii: function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&
2024-08-30 17:06:37 UTC	8192	IN	Data Raw: 69 6f 6e 73 2e 63 72 65 61 74 69 76 65 5f 73 6c 6f 74 22 3a 7b 7d 2c 22 70 72 6f 6d 6f 74 69 6f 6e 73 2e 69 64 22 3a 7b 7d 2c 22 70 72 6f 6d 6f 74 69 6f 6e 73 2e 6e 61 6d 65 22 3a 7b 7d 2c 70 69 64 3a 7b 74 79 70 65 3a 22 6f 62 6a 65 63 74 22 7d 2c 22 70 69 64 2e 65 6d 22 3a 7b 74 79 70 65 3a 22 70 69 64 22 7d 2c 22 70 69 64 2e 65 6d 61 69 6c 22 3a 7b 74 79 70 65 3a 22 70 69 64 22 2c 62 65 61 63 6f 6e 3a 22 65 6d 22 7d 2c 22 70 69 64 2e 70 68 22 3a 7b 74 79 70 65 3a 22 70 69 64 22 7d 2c 22 70 69 64 2e 70 68 6f 6e 65 5f 6e 75 6d 62 65 72 22 3a 7b 74 79 70 65 3a 22 70 69 64 22 2c 62 65 61 63 6f 6e 3a 22 70 68 22 7d 7d 3b 74 68 69 73 2e 6b 6e 6f 77 6e 45 76 65 6e 74 73 3d 7b 61 64 64 5f 70 61 79 6d 65 6e 74 5f 69 6e 66 6f 3a 5b 5d 2c 61 64 64 5f 74 6f 5f 63 Data Ascii: ions.creative_slot":{},"promotions.id":{},"promotions.name":{},pid:{type:"object"},"pid.em":{type:"pid"},"pid.email":{type:"pid",beacon:"em"},"pid.ph":{type:"pid"},"pid.phone_number":{type:"pid",beacon:"ph"}};this.knownEvents={add_payment_info:[],add_to_c
2024-08-30 17:06:37 UTC	4482	IN	Data Raw: 73 61 62 6c 65 43 6f 6e 74 61 69 6e 65 72 22 29 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 43 6f 6e 74 61 69 6e 65 72 3d 6f 2e 64 69 73 61 62 6c 65 43 6f 6e 74 61 69 6e 65 72 3d 3d 3d 21 30 29 3b 6f 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 61 6c 74 22 29 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 69 6d 67 41 6c 74 3d 6f 2e 61 6c 74 29 3b 6f 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 63 6c 61 72 69 74 79 50 72 6f 6a 65 63 74 49 64 22 29 26 26 6f 2e 63 6c 61 72 69 74 79 50 72 6f 6a 65 63 74 49 64 26 26 74 79 70 65 6f 66 20 6f 2e 63 6c 61 72 69 74 79 50 72 6f 6a 65 63 74 49 64 3d 3d 22 73 74 72 69 6e 67 22 26 26 28 6e 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 Data Ascii: sableContainer")&&(this.uetConfig.disableContainer=o.disableContainer===!0);o.hasOwnProperty("alt")&&(this.uetConfig.imgAlt=o.alt);o.hasOwnProperty("clarityProjectId")&&o.clarityProjectId&&typeof o.clarityProjectId=="string"&&(n=document.createElement("sc
2024-08-30 17:06:37 UTC	8192	IN	Data Raw: 68 69 73 2e 66 69 72 65 50 69 64 45 76 65 6e 74 28 65 2e 70 69 64 29 29 29 7d 65 6c 73 65 20 69 66 28 6e 5b 30 5d 3d 3d 3d 22 63 6f 6e 73 65 6e 74 22 29 7b 69 66 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 63 6f 6e 73 65 6e 74 2e 65 6e 61 62 6c 65 64 3d 21 30 2c 74 3d 6e 5b 31 5d 5b 31 5d 2c 66 3d 6e 5b 31 5d 5b 30 5d 2c 74 3d 3d 3d 6e 75 6c 6c 7c 7c 74 79 70 65 6f 66 20 74 21 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 3b 66 3d 3d 3d 22 64 65 66 61 75 6c 74 22 3f 28 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 61 64 5f 73 74 6f 72 61 67 65 22 29 26 26 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 63 6f 6e 73 65 6e 74 2e 61 64 53 74 6f 72 61 67 65 55 70 64 61 74 65 64 3d 3d 3d 21 31 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 63 Data Ascii: his.firePidEvent(e.pid)))}else if(n[0]==="consent"){if(this.uetConfig.consent.enabled=!0,t=n[1][1],f=n[1][0],t===null\|\|typeof t!="object")return;f==="default"?(t.hasOwnProperty("ad_storage")&&this.uetConfig.consent.adStorageUpdated===!1&&(this.uetConfig.c
2024-08-30 17:06:37 UTC	8192	IN	Data Raw: 74 68 69 73 2e 66 69 72 65 42 65 61 63 6f 6e 49 6d 67 28 72 29 7d 74 68 72 6f 77 20 6e 3b 7d 3b 74 68 69 73 2e 76 61 6c 69 64 61 74 65 56 61 6c 75 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 69 2c 72 29 7b 76 61 72 20 75 3d 30 2c 66 3d 74 2c 65 3d 69 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 7c 7c 69 3d 3d 3d 30 3f 21 30 3a 21 31 3b 72 65 74 75 72 6e 20 74 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 2c 22 29 21 3d 3d 2d 31 26 26 28 66 3d 74 2e 72 65 70 6c 61 63 65 28 2f 2c 2f 67 2c 22 22 29 29 2c 75 3d 70 61 72 73 65 46 6c 6f 61 74 28 66 29 2c 28 69 73 4e 61 4e 28 66 29 7c 7c 69 73 4e 61 4e 28 75 29 7c 7c 65 26 26 75 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 2e 22 29 21 3d 3d 2d 31 29 26 26 74 68 69 73 2e 74 68 72 6f 77 Data Ascii: this.fireBeaconImg(r)}throw n;};this.validateValue=function(n,t,i,r){var u=0,f=t,e=i===undefined\|\|i===0?!0:!1;return t.toString().indexOf(",")!==-1&&(f=t.replace(/,/g,"")),u=parseFloat(f),(isNaN(f)\|\|isNaN(u)\|\|e&&u.toString().indexOf(".")!==-1)&&this.throw
2024-08-30 17:06:37 UTC	8192	IN	Data Raw: 43 6f 6e 66 69 67 2e 67 74 61 67 50 69 64 3d 3d 3d 21 30 26 26 22 65 6e 68 61 6e 63 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 64 61 74 61 22 69 6e 20 77 69 6e 64 6f 77 26 26 74 79 70 65 6f 66 20 65 6e 68 61 6e 63 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 64 61 74 61 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 74 68 69 73 2e 70 61 67 65 4c 65 76 65 6c 50 61 72 61 6d 73 2e 70 69 64 3d 7b 65 6d 3a 77 69 6e 64 6f 77 2e 65 6e 68 61 6e 63 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 64 61 74 61 2e 65 6d 61 69 6c 2c 70 68 3a 77 69 6e 64 6f 77 2e 65 6e 68 61 6e 63 65 64 5f 63 6f 6e 76 65 72 73 69 6f 6e 5f 64 61 74 61 2e 70 68 6f 6e 65 5f 6e 75 6d 62 65 72 7d 29 2c 72 26 26 74 68 69 73 2e 70 61 67 65 4c 65 76 65 6c 50 61 72 61 6d 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 Data Ascii: Config.gtagPid===!0&&"enhanced_conversion_data"in window&&typeof enhanced_conversion_data=="object"&&(this.pageLevelParams.pid={em:window.enhanced_conversion_data.email,ph:window.enhanced_conversion_data.phone_number}),r&&this.pageLevelParams.hasOwnProper
2024-08-30 17:06:37 UTC	8192	IN	Data Raw: 26 26 74 68 69 73 2e 73 6e 69 70 70 65 74 45 76 65 6e 74 51 75 65 75 65 2e 73 68 69 66 74 28 29 3b 74 72 79 7b 74 79 70 65 6f 66 20 43 75 73 74 6f 6d 45 76 65 6e 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 73 3d 6e 65 77 20 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 55 65 74 45 76 65 6e 74 22 2c 7b 62 75 62 62 6c 65 73 3a 21 30 2c 64 65 74 61 69 6c 3a 7b 75 65 74 45 76 65 6e 74 3a 72 7d 7d 29 2c 74 68 69 73 2e 69 6e 76 69 73 69 62 6c 65 44 69 76 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 73 29 29 7d 63 61 74 63 68 28 68 29 7b 7d 7d 3b 74 68 69 73 2e 66 69 72 65 50 61 67 65 53 68 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 56 69 73 69 62 69 6c 69 74 79 45 76 65 6e 74 73 3d 3d 3d 21 31 26 Data Ascii: &&this.snippetEventQueue.shift();try{typeof CustomEvent=="function"&&(s=new CustomEvent("UetEvent",{bubbles:!0,detail:{uetEvent:r}}),this.invisibleDiv.dispatchEvent(s))}catch(h){}};this.firePageShow=function(n){this.uetConfig.disableVisibilityEvents===!1&
2024-08-30 17:06:37 UTC	930	IN	Data Raw: 45 78 74 65 72 6e 61 6c 4d 69 64 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 68 69 73 2e 73 74 72 69 6e 67 45 78 69 73 74 73 28 6e 29 26 26 6e 2e 6d 61 74 63 68 28 2f 5e 5b 30 2d 39 61 2d 66 41 2d 46 5d 7b 38 7d 2d 3f 28 5b 30 2d 39 61 2d 66 41 2d 46 5d 7b 34 7d 2d 3f 29 7b 33 7d 5b 30 2d 39 61 2d 66 41 2d 46 5d 7b 31 32 7d 24 2f 29 26 26 28 74 68 69 73 2e 62 65 61 63 6f 6e 50 61 72 61 6d 73 2e 6d 69 64 3d 6e 2c 74 68 69 73 2e 6d 69 64 4f 76 65 72 72 69 64 65 3d 21 30 29 7d 3b 74 68 69 73 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 79 70 65 6f 66 20 6e 3d 3d 22 6f 62 6a 65 63 74 22 26 26 6e 21 3d 3d 6e 75 6c 6c 26 26 28 74 68 69 73 2e 75 65 74 43 6f 6e 66 69 67 2e 63 75 73 69 67 2e 62 6c 6f 62 3d 6e 2c 74 68 69 73 Data Ascii: ExternalMid=function(n){this.stringExists(n)&&n.match(/^[0-9a-fA-F]{8}-?([0-9a-fA-F]{4}-?){3}[0-9a-fA-F]{12}$/)&&(this.beaconParams.mid=n,this.midOverride=!0)};this.setUserSignals=function(n){typeof n=="object"&&n!==null&&(this.uetConfig.cusig.blob=n,this

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.16	49827	23.200.3.23	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:37 UTC	577	OUT	GET /li.lms-analytics/insight.min.js HTTP/1.1 Host: snap.licdn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:37 UTC	310	IN	HTTP/1.1 200 OK Last-Modified: Thu, 22 Aug 2024 11:06:54 GMT x-amz-server-side-encryption: AES256 Content-Type: application/javascript;charset=utf-8 Cache-Control: max-age=57643 Date: Fri, 30 Aug 2024 17:06:37 GMT Content-Length: 41172 Connection: close X-Content-Type-Options: nosniff X-CDN: AKAM
2024-08-30 17:06:37 UTC	16074	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 6e 2c 74 2c 65 29 7b 72 65 74 75 72 6e 20 74 20 69 6e 20 6e 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 6e 2c 74 2c 7b 76 61 6c 75 65 3a 65 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 7d 29 3a 6e 5b 74 5d 3d 65 2c 6e 7d 76 61 72 20 74 2c 65 2c 72 2c 69 2c 6f 3d 7b 41 44 56 45 52 54 49 53 49 4e 47 3a 22 41 44 56 45 52 54 49 53 49 4e 47 22 2c 41 4e 41 4c 59 54 49 43 53 5f 41 4e 44 5f 52 45 53 45 41 52 43 48 3a 22 41 4e 41 4c 59 54 49 43 53 5f 41 4e 44 5f 52 45 53 45 41 52 43 48 22 2c 46 55 4e 43 54 49 4f 4e 41 4c 3a 22 46 55 4e 43 54 49 4f 4e 41 Data Ascii: !function(){"use strict";function n(n,t,e){return t in n?Object.defineProperty(n,t,{value:e,enumerable:!0,configurable:!0,writable:!0}):n[t]=e,n}var t,e,r,i,o={ADVERTISING:"ADVERTISING",ANALYTICS_AND_RESEARCH:"ANALYTICS_AND_RESEARCH",FUNCTIONAL:"FUNCTIONA
2024-08-30 17:06:37 UTC	16384	IN	Data Raw: 67 74 68 3b 72 2b 2b 29 7b 21 74 5b 75 3d 69 5b 72 5d 5d 26 26 43 6e 28 75 29 26 26 28 74 5b 75 5d 3d 21 30 2c 65 2e 70 75 73 68 28 75 29 29 7d 69 66 28 6e 2e 5f 6c 69 6e 6b 65 64 69 6e 5f 64 61 74 61 5f 70 61 72 74 6e 65 72 5f 69 64 26 26 21 74 5b 6e 2e 5f 6c 69 6e 6b 65 64 69 6e 5f 64 61 74 61 5f 70 61 72 74 6e 65 72 5f 69 64 5d 26 26 28 74 5b 6e 2e 5f 6c 69 6e 6b 65 64 69 6e 5f 64 61 74 61 5f 70 61 72 74 6e 65 72 5f 69 64 5d 3d 21 30 2c 65 2e 70 75 73 68 28 6e 2e 5f 6c 69 6e 6b 65 64 69 6e 5f 64 61 74 61 5f 70 61 72 74 6e 65 72 5f 69 64 29 29 2c 6e 2e 5f 6c 69 6e 6b 65 64 69 6e 5f 64 61 74 61 5f 70 61 72 74 6e 65 72 5f 69 64 73 29 66 6f 72 28 76 61 72 20 6f 3d 30 2c 61 3d 6e 2e 5f 6c 69 6e 6b 65 64 69 6e 5f 64 61 74 61 5f 70 61 72 74 6e 65 72 5f 69 64 Data Ascii: gth;r++){!t[u=i[r]]&&Cn(u)&&(t[u]=!0,e.push(u))}if(n._linkedin_data_partner_id&&!t[n._linkedin_data_partner_id]&&(t[n._linkedin_data_partner_id]=!0,e.push(n._linkedin_data_partner_id)),n._linkedin_data_partner_ids)for(var o=0,a=n._linkedin_data_partner_id
2024-08-30 17:06:37 UTC	3136	IN	Data Raw: 22 5d 2c 79 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 28 6e 3d 6e 2e 74 61 67 4e 61 6d 65 29 26 26 2d 31 3c 49 65 2e 69 6e 64 65 78 4f 66 28 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 41 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 21 21 28 6e 3d 6e 2e 61 74 74 72 69 62 75 74 65 73 29 26 26 4b 74 28 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6e 29 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 26 26 2d 31 21 3d 3d 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 63 6c 69 63 6b 22 29 7d 29 29 7d 2c 53 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 4b 74 28 6e 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 2d 31 21 3d 3d 74 2e 74 6f 4c 6f 77 Data Ascii: "],ye=function(n){return(n=n.tagName)&&-1<Ie.indexOf(n.toLowerCase())},Ae=function(n){return!!(n=n.attributes)&&Kt(Object.keys(n),(function(n){return n&&-1!==n.toLowerCase().indexOf("click")}))},Se=function(n,t){return Kt(n,(function(n){return-1!==t.toLow
2024-08-30 17:06:37 UTC	5578	IN	Data Raw: 2c 42 65 29 3b 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 6e 29 7b 72 65 74 75 72 6e 20 6e 2e 72 65 70 6c 61 63 65 28 6b 65 2c 6a 65 29 7d 66 75 6e 63 74 69 6f 6e 20 4a 65 28 6e 29 7b 72 65 74 75 72 6e 20 6e 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 3f 5b 46 65 2c 4b 65 2c 7a 65 2c 71 65 2c 24 65 2c 59 65 2c 57 65 5d 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 74 28 6e 29 7d 29 2c 6e 29 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 5a 65 28 6e 29 7b 72 65 74 75 72 6e 20 6e 2e 75 72 6c 3d 4a 65 28 6e 2e 75 72 6c 29 2c 6e 2e 68 72 65 66 26 26 28 6e 2e 68 72 65 66 3d 4a 65 28 6e 2e 68 72 65 66 29 29 2c 6e 2e 70 61 67 65 54 69 74 6c 65 26 26 28 6e 2e 70 61 67 65 54 69 74 6c 65 3d 4a 65 Data Ascii: ,Be);return n}function ze(n){return n.replace(ke,je)}function Je(n){return n&&"string"==typeof n?[Fe,Ke,ze,qe,$e,Ye,We].reduce((function(n,t){return t(n)}),n):n}function Ze(n){return n.url=Je(n.url),n.href&&(n.href=Je(n.href)),n.pageTitle&&(n.pageTitle=Je

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.16	49828	40.118.171.167	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:37 UTC	762	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1156 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiNXVweTYzMVowdGVZTGR2ZlY0UGVvUT09IiwgImhhc2giOiI5bkF1MFZEcFhYOD0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:37 UTC	1156	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 4e 73 70 50 47 6c 43 51 4a 6d 46 67 65 2b 54 4b 36 55 38 36 57 57 55 4f 5a 67 41 41 45 49 6d 37 55 53 34 50 6f 65 6c 2b 44 44 56 6e 4c 31 66 37 61 54 76 67 41 46 57 37 45 61 52 4a 62 49 59 53 6d 43 62 35 4d 57 50 71 52 4f 50 2f 6c 46 4c 46 71 63 41 70 6f 34 42 62 65 67 6b 39 2b 5a 77 48 46 70 37 77 6f 4f 36 70 64 43 2b 4c 2b 38 41 6c 32 4a 2b 37 63 38 36 64 79 49 6f 4d 2b 77 41 74 65 4a 4d 43 42 79 7a 70 54 35 4f 59 76 50 71 76 Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPXNspPGlCQJmFge+TK6U86WWUOZgAAEIm7US4Poel+DDVnL1f7aTvgAFW7EaRJbIYSmCb5MWPqROP/lFLFqcApo4Bbegk9+ZwHFp7woO6pdC+L+8Al2J+7c86dyIoM+wAteJMCByzpT5OYvPqv
2024-08-30 17:06:38 UTC	189	IN	HTTP/1.1 304 Not Modified Date: Fri, 30 Aug 2024 17:06:37 GMT Content-Length: 0 Connection: close Server: Kestrel Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.16	49829	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:38 UTC	678	OUT	GET /shared/cms/lrs1c69a1j/section-images/cea0e14e0ec44c1a9e8b92a6715ef1c1.png HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:38 UTC	701	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:38 GMT Content-Type: image/png Content-Length: 503853 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"7b02d-190c69cb8a2" Last-Modified: Thu, 18 Jul 2024 16:11:18 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170638Z-16579567576p25xcxh3nycmsaw000000039000000000q2hs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:38 UTC	15683	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 c2 00 00 03 44 08 06 00 00 00 93 b7 5c 2b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 07 af c2 49 44 41 54 78 01 ec fd 09 bc 65 c7 55 df 8b af da fb 9c 73 ef ed b9 25 b5 ac 96 65 a9 2d c9 b6 dc f2 84 db 43 3c d2 0a c6 03 06 6c 88 e5 30 e5 0f 24 90 e4 11 92 30 e4 e5 9f e1 61 49 24 ef 41 3e ef 05 27 bc 17 f8 13 07 9c 3c cc 03 2c 08 e1 91 60 c0 80 05 21 c6 93 30 06 4b 96 6c 49 6e 4d 96 a5 56 8f 77 3c d3 5e ff 5a 55 b5 aa d6 de f7 dc 1e a4 96 74 5b fd fb 4a a7 cf 3e 7b d7 ae b9 ea 9c fb ab b5 57 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRD\+pHYs%%IR$sRGBgAMAaIDATxeUs%e-C<l0$0aI$A>'<,`!0KlInMVw<^ZUt[J>{W
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 1d ff 5e e4 be 74 cb 96 2d d7 7b 21 fb b0 af ff ff 76 e4 c8 91 8f 74 2c ff b3 95 b8 fa a2 d7 a7 05 3c 62 26 7e c4 9f 7f a9 9c 38 78 f0 a0 bb ed b6 db c8 f8 06 ef 2e 82 02 00 00 00 00 00 00 00 78 82 3c 91 bf 54 01 00 4f 23 e9 11 79 ba f1 c6 1b c3 bb 17 4a c2 79 2f be 88 10 9e 2d c1 d3 06 6e ae 2b 82 27 ab c3 ad 17 5f 7c f1 4d a7 12 c1 01 00 9b 1b d9 eb 72 65 c2 f4 e9 c7 a6 b4 65 c7 73 e8 d2 5d 97 d2 25 5b 76 d1 ae c1 3c 6d ad 2b 5a 5d 5a a6 95 95 15 d9 90 d5 0b e1 76 03 dc 68 06 1e 44 66 7f d8 f7 22 73 8f 26 54 4d d7 88 87 cb 34 5d 95 8d 31 bf 42 8f 3f f2 20 9d 38 f2 58 d8 2c 73 a1 5f f9 b0 4c 67 f4 dc 58 f4 96 12 37 d0 7c 72 25 4c af b1 17 9a bd 3e 5c 35 74 c9 25 5b e9 9d 6f 7a 21 bd f4 05 7b 69 cb 7c 9f 36 33 7e 4e de e3 c5 f0 ef b9 e8 a2 8b 6e 4c a7 42 Data Ascii: ^t-{!vt,<b&~8x.x<TO#yJy/-n+'_\|Mrees]%[v<m+Z]ZvhDf"s&TM4]1B? 8X,s_LgX7\|r%L>\5t%[oz!{i\|63~NnLB
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: ef ef a3 af f9 3f 0f 45 cb 70 5f be ef 3e b0 f3 ac 7c 86 8b 4f e3 07 1f 7c 90 96 96 96 e8 7c e4 b2 cb 2e a3 bd 7b f7 d2 93 e5 83 1f fc 60 18 97 e7 63 3d c8 9c 22 3e a8 a5 2e 9e 0c 5f 38 71 2f 1d 5a 7c 90 86 d3 f3 6f 3c 6c ef 6f a5 d7 ec 79 b9 7f df 46 e7 1a 9d 9b e5 25 73 bc 2e 62 aa 38 2e be c0 75 1e 4f 38 df 97 c2 e7 03 07 0e 88 60 25 3e c2 9d ff 61 2b a7 5a 7f e5 12 00 00 74 48 7f e4 da 3f 7c 49 dc ed c9 39 71 89 72 df 7d f7 c9 b5 ea 45 ff d3 5d 7f c3 f5 e6 7e c0 8a 53 7a 5b 16 20 f2 d3 e5 f2 47 bb 0a a7 49 10 6e c9 94 aa 29 84 64 54 68 30 99 d2 88 d5 c4 37 89 8b 49 3c 71 ae 23 8c 11 65 c5 c7 15 01 23 59 91 26 cd cc 25 ab 5c 75 f9 6c 0c eb 9c 0a c2 6e 9d f9 34 a9 8e c5 ed bc b5 12 6f 92 e8 9f f5 0d 2e d7 8a 70 9b 85 c1 54 77 14 ad 36 ad ca c3 a5 46 b3 Data Ascii: ?Ep_>\|O\|\|.{`c=">._8q/Z\|o<loyF%s.b8.uO8`%>a+ZtH?\|I9qr}E]~Sz[ GIn)dTh07I<q#e#Y&%\uln4o.pTw6F
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: fe d3 32 0d 20 fa c2 7f 5a 1a b6 43 da 5f 53 d9 d6 c6 ce 46 7f a9 bb 23 9f 34 9f ce 7e db 92 18 c7 4c c2 e9 33 ec 7e 4d d0 87 d4 2d 56 bb 97 8f 97 1e 1a 21 f8 c0 b8 f6 09 70 3d 00 6d e4 33 f6 3d fe b2 e4 33 6f 5f 4c 16 82 33 7c 67 2b 70 fe b3 f2 9a e7 8d b8 03 62 b8 34 4e 26 10 2d f3 1c 5e e7 6b b5 cf 9a a6 ad 96 e4 a4 a5 44 d9 4d 8b 58 8e 93 b9 67 e9 8d 5a ee ad e9 e6 01 37 2d b5 ff f2 34 21 f7 9b df fc a6 28 15 0b c1 93 12 b1 4d df d3 c1 e4 3e 29 9d 45 78 27 9d cc 42 09 e0 23 2e 98 c9 00 84 57 f9 0d 30 24 de 39 c5 4a b0 6f b8 67 8b 70 0b 55 18 8c f3 0b c9 6c 85 e3 6c cd ca 4f d1 d6 15 0a ac c2 19 7a 5b 81 0b 08 16 bb a0 26 03 a3 6d d9 3d 0a 2f 92 f9 85 2f 5e 48 17 05 c0 0d 79 d6 a1 4f a7 0f fc f3 87 a3 2b 14 6b e9 bd 7c 79 de e7 73 eb ee 5e 47 bb ef b1 Data Ascii: 2 ZC_SF#4~L3~M-V!p=m3=3o_L3\|g+pb4N&-^kDMXgZ7-4!(M>)Ex'B#.W0$9JogpUllOz[&m=//^HyO+k\|ys^G
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: cf e9 f3 84 2c a2 8a 89 2d ed 81 d2 b6 4c 06 7c 6e cb 39 09 db 08 4c 39 c7 41 dd 8e 55 28 f3 90 6e 93 ef 3f 1a bd 4e 34 b8 5c 17 4e ad bc a5 ff 3b 57 c1 6f a2 0c a0 ab fb 43 f9 bc 94 db 41 79 0c ba 91 02 fe f2 0b 15 a7 b3 2d a5 b4 87 a9 9f d1 ca df f5 d7 04 f8 8d f1 b7 4d b7 32 0e d7 9a 07 1b 9f 1c 55 30 be 65 d3 9a 1b b7 db 6e 3b bf cb 2e bb 68 e5 b2 d4 6b f8 f8 39 6e 68 d1 2d 96 d9 49 27 b3 47 f4 76 5a 7f 56 0d 30 c0 9f d2 33 0c 67 8b 40 bc 1c f3 3e dc a4 58 28 c9 8b 67 fe 21 ac c2 77 d8 61 07 ba ee ba eb a2 6f e5 df 16 26 ff 6f 0a bb 1f 60 30 b5 74 e9 d2 7b 7c cd 9f ec ba 40 f7 af ba 65 92 0e 7d e8 8e b4 76 ed 6f e8 ba 1b 6e a6 79 c3 db de 30 ba 65 cb 14 4d 87 1b e5 8a dd 1f 44 17 fd 2c 2f 56 b4 c7 76 f3 ee 71 1c 0c 4e d9 c7 fa da b5 6b 15 8a 6f 4b 12 Data Ascii: ,-L\|n9L9AU(n?N4\N;WoCAy-M2U0en;.hk9nh-I'GvZV03g@>X(g!wao&o`0t{\|@e}vony0eMD,/VvqNkoK
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 27 93 12 39 01 9d 39 a2 d6 07 96 7c ff 27 b3 10 61 52 84 5a 84 c3 59 b8 db 76 7e 66 80 3c 73 98 f4 2c ea b7 aa 4b 86 df 83 f5 74 6e 6b fd 9f bc b5 ba 6e 8b 0f c7 01 89 07 c5 93 74 37 6d b7 80 f4 d4 b7 6f 72 ec fb e3 b6 c7 6a 4b ea ad cb a0 74 88 7c 6b 7c f7 a4 1c fa c7 15 1b 27 55 ed c7 ff 56 f5 df 0e d4 4d 5c d3 1b af dc f8 5f a7 bf 61 7c cd 69 d7 33 00 1f 1f 1f df 1c 8e 86 37 0f 6a b6 df 7e fb 86 17 c7 a4 e4 17 bc 61 08 ce eb 80 b0 0b 34 4a cf 84 d1 2d 8a d4 25 ee 0d 9e 3a 29 e4 5e 35 b4 4e 3a e9 e4 0f 2a 45 7f e4 17 16 b6 fe 0a 33 7a 11 86 f3 e7 d3 61 a6 4f 41 f8 53 9e f2 94 0f 6d d9 b2 e5 87 61 20 fc 11 c3 6f f8 04 67 6b 71 bb 70 26 4b 78 e9 5e 14 60 f8 9b c3 f9 3d a8 93 4e 3a e9 e4 0f 28 33 c1 70 7b ae 7c d1 ef df d6 fb 0c ae d9 9a ba 0d 58 e3 e5 d8 Data Ascii: '99\|'aRZYv~f<s,Ktnknt7morjKt\|k\|'UVM\_a\|i37j~a4J-%:)^5N:*E3zaOASma ogkqp&Kx^`=N:(3p{\|X
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 4e 3e d4 77 cd f1 cf 6e 95 10 c1 fd 29 00 e6 bc 93 66 84 31 57 57 57 23 50 cd 80 fa 81 03 07 b8 bf 39 58 c2 0b 08 1f dd a4 30 d8 c7 3a 82 fb 14 0e 67 17 11 94 5f de b5 0c 76 95 c2 96 e0 a1 ff 4e 20 07 c6 75 00 c0 bb 00 88 b3 be d5 e5 8a b8 47 e9 ae 7f cb f7 ff 39 f7 45 5f f5 8b 11 f2 16 a3 11 1f 81 6f 51 a5 6d 15 c6 5c dd d0 cb 8f bc 78 aa d1 34 66 48 92 33 fb f4 20 82 6b 71 31 c1 ee 9c 03 18 ed b4 64 7e 51 4e c0 34 95 cd ea 85 25 dc b5 b8 ec 15 45 a4 8b e1 9d b3 66 d6 91 0f e3 aa c0 ab 67 c5 77 26 7f 8f fa 38 b8 23 31 02 60 c6 98 62 31 d1 4a 35 8a b8 ae b7 c5 f0 cb 3a ea a0 f5 f6 c5 db b9 13 f1 3d d9 ea 7a 3b 2d c9 ea 8b 7a 95 b2 4d 5d 36 7d f0 fd d4 9d 7e 58 aa 5b 20 00 e5 78 40 30 c0 e8 a8 50 a7 33 a5 64 f9 0d b6 29 8d 80 e4 b1 49 00 78 a7 34 69 89 c4 Data Ascii: N>wn)f1WWW#P9X0:g_vN uG9E_oQm\x4fH3 kq1d~QN4%Efgw&8#1`b1J5:=z;-zM]6}~X[ x@0P3d)Ix4i
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 2b 43 7b 7f fc 8d af ed 4e 07 59 f6 06 9d 4c 42 5a 6e b3 3d a1 cd b6 ff de b5 fe e4 e7 27 3d ec ff c8 ef fa ab af 3b d2 6d 0a fd 60 cf eb 16 ba b3 21 ee a1 a0 8b fd 41 57 0f 05 7d 92 34 e1 ea 95 4b 31 fd e4 a3 e7 fc ad 9f 7b c8 dd f7 f8 63 b4 ff ec b5 fe 6a c8 13 a0 79 7a 3c e8 fc 48 e8 57 27 43 de bd 5c bf d0 57 4f 87 f3 fe c0 6f 7f d0 cd 03 41 37 a7 a5 63 ec 0d 3a e1 fe 3c e1 be cf ef 41 41 2e ba 9a f2 f1 8e 29 fb 42 38 a7 e5 3a 4f 3e ba ec 59 d9 b1 56 8f a6 fc a7 6f 4f 5a a1 3d 41 be 50 0e c5 1a ef 4b 2a 8f f5 4d e5 f3 35 77 c1 fd 3c 26 43 23 3d b4 77 c9 c5 d6 0c 65 ce 85 7a af ec 7d 83 3b cd b2 9c 5d f6 c8 bf 4f f4 cd 65 cd cd 9d 89 ba 79 3c c8 1a cb d9 93 74 c0 f2 c5 7e 42 a9 6f 9e 36 fd 84 cb 7a 28 b4 69 94 8d 49 c6 77 ac 41 08 3b 12 f4 f1 00 c7 b3 Data Ascii: +C{NYLBZn='=;m`!AW}4K1{cjyz<HW'C\WOoA7c:<AA.)B8:O>YVoOZ=APK*M5w<&C#=wez};]Oey<t~Bo6z(iIwA;
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 0f 78 b6 08 95 8d f5 5c ed 16 c5 e6 37 d6 e0 11 04 17 d7 0d ca 9b 2f 56 5f f5 59 ef a2 ec a1 25 85 0b 48 6d cd a7 bc 57 c0 4b 2b e3 21 b3 cf 3e bf 5d 06 70 30 e1 05 e0 99 5c 24 48 7a 80 e5 f1 be c3 44 a2 9c 5a e5 09 79 06 7b 05 00 16 50 34 32 53 10 99 9c c1 63 63 de 14 e4 29 b9 74 89 91 4e a1 82 62 d2 cf 48 68 67 f7 78 94 b0 6c cd 2d e1 de 00 e2 d1 bb 77 4f f0 8c 22 79 52 11 c9 c8 38 e2 ad 62 c9 9d 71 e1 54 5f 6f d7 15 5c 96 45 98 a5 32 3a 68 91 7c 36 49 72 19 f2 b0 59 52 ab 72 5b f4 a4 d6 e7 9f 78 8c 7c d9 cb a2 e6 01 26 b3 11 b6 37 be b5 91 46 52 39 42 ee 58 89 0e 80 5d 9a 88 26 d4 9b 04 7c 86 bd b6 02 45 0e 91 e8 26 72 e4 49 57 52 92 2b 57 31 b0 3e a2 0d 09 5e d1 72 9c b4 53 64 25 49 a9 c9 c2 9b 04 0c 00 80 df a1 a1 9d 2f 9c e6 a0 9e 2a 93 8c 89 ec 82 Data Ascii: x\7/V_Y%HmWK+!>]p0\$HzDZy{P42Scc)tNbHhgxl-wO"yR8bqT_o\E2:h\|6IrYRr[x\|&7FR9BX]&\|E&rIWR+W1>^rSd%I/*
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: cd cb 20 e4 76 af 7d cd 6b 3a 04 db f7 ec d9 e3 1e 38 fe d1 7e b7 dd 0e 42 79 82 e1 54 e5 b7 97 0b 19 3d 40 73 9c b9 85 33 9f 76 38 a8 41 d5 db 11 a7 dd d7 23 13 b0 3c 0f 48 de 1a 76 19 15 8d a9 01 28 b9 ea e6 f8 70 b7 13 ac 69 b9 c6 9e 03 17 52 c0 0e 66 81 4f 1b e8 6f 0f b0 5d 9a 50 4d 5f 9f f1 af 29 9c 81 dd 83 37 4d f7 ba 9c 5c 4d 2b 55 f2 a4 81 9d 0e dc e8 b0 6e 53 da 8a 55 85 58 ab 23 53 7b fe dd 22 50 d7 38 37 29 2f fe eb 29 19 c6 c5 89 11 87 bb 04 db a8 f7 5b 89 86 df b7 82 34 b7 0d c1 5d fa ad 41 4c a7 aa b0 a5 dd 79 27 fc 3a f4 4c 88 2c 91 dc 49 f7 af 07 30 7f b0 69 82 7b 7f ab d1 fe 74 e4 c1 bd 51 09 69 4b 91 bb fd 76 d9 68 88 f2 5e d9 e6 44 ce 9a e5 d0 d6 f5 66 9a 58 ec 77 6a ec 72 6a ec 70 8d 00 5b 44 03 f1 56 93 28 b5 c8 a1 9e 27 68 f6 e5 79 Data Ascii: v}k:8~ByT=@s3v8A#<Hv(piRfOo]PM_)7M\M+UnSUX#S{"P87)/)[4]ALy':L,I0i{tQiKvh^DfXwjrjp[DV('hy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.16	49830	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:38 UTC	685	OUT	GET /shared/cms/lrs1c69a1j/section-video-posters/afc91b8a64c1488bb548ab02e4d76908.png HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:38 UTC	710	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:38 GMT Content-Type: image/png Content-Length: 1230980 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"12c884-18c60151cbb" Last-Modified: Tue, 12 Dec 2023 22:10:45 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170638Z-16579567576rhxz5kgqdm3tfq000000003q000000000q9k9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:38 UTC	15674	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 04 38 08 06 00 00 00 e8 d3 c1 43 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 12 c8 19 49 44 41 54 78 01 ec bd 07 c0 2d 47 5d f7 ff 9d 3d e7 3c f5 f6 92 72 93 dc 84 54 02 49 28 09 08 89 20 bd 09 be 48 11 10 a4 1a a4 89 2f 36 40 50 b0 a0 02 02 2f a8 d4 f7 8f a2 02 02 be 8a 28 20 4d 54 9a d2 5b 20 bd e7 e6 f6 f2 d4 53 77 fe 33 b3 3b bb bf 99 dd 3d cf 73 43 12 c8 93 ef e7 e6 e4 9c b3 3b e5 37 6d f7 3c f3 dd df 8c d2 37 bc 4b 83 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 c8 1d 9e 04 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 d6 04 14 80 09 21 84 10 42 08 21 84 10 42 08 Data Ascii: PNGIHDR8CpHYssRGBgAMAaIDATx-G]=<rTI( H/6@P/( MT[ Sw3;=sC;7m<7KB!B!B!BB!B!B!B!B!B
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 01 98 10 42 08 21 84 10 42 48 23 d9 74 96 9b e2 b2 b3 6a d9 64 99 32 93 51 2a ff ae fd 04 5a 02 2d 27 e3 32 1d 25 f3 8e 70 29 8d cc f7 d4 bd b2 19 35 f3 4a 47 ee bc cc 85 90 9f 68 b4 10 73 e0 27 a5 55 21 14 49 6f d3 30 7c f6 e5 37 3e bb 88 6b 0f a6 f8 ec ef 6f c2 71 d3 6d 2c f7 ca 25 28 6d ec 5e 3f 9b 78 7f c1 d3 66 71 e6 c9 09 1e fd d4 25 7c e4 ef 12 dc f3 9c 89 42 24 86 17 78 f2 c1 26 3d 13 ad c0 71 ed 35 d7 e0 ad 6f 7d 2b 3e f5 e9 4f 61 79 69 d9 4d ac cf cc cc e0 61 0f 7f 18 fe fc 6d 7f 8e c9 89 49 bc e2 15 af c0 d3 9e f6 34 3c ea 91 8f 72 13 cb f1 f2 b0 50 a5 d0 9c 09 4a f9 64 bb 14 82 cc fb 70 34 c4 b7 be f9 2d 9c 7b ee b9 98 9c 9a 2c bc e2 4a 4f 4c 5d d6 51 4e 28 02 a3 14 e9 0a 51 52 49 dd 2a 0f 27 44 bd bc ae 03 01 2f aa e7 32 8f b2 2c 66 ae 1e 5f Data Ascii: B!BH#tjd2QZ-'2%p)5JGhs'U!Io0\|7>koqm,%(m^?xfq%\|B$x&=q5o}+>OayiMamI4<rPJdp4-{,JOL]QN(QRI'D/2,f_
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 6d 55 c4 2d f2 13 9f cb 34 51 7a d5 42 45 a2 b1 4f cb f7 77 15 c4 d7 71 3f 75 d7 3c 55 88 71 45 9a 79 6a d9 7f 3a 17 ef d2 d0 4e df 17 44 7a d6 3b 7e 7a 7a 1a 2f 7b d9 cb f0 f2 97 bf dc 3d 2c 71 e4 c8 11 d7 4e 7e ef 6d fb b9 d7 eb 95 4b 1b 4b 51 bd a1 0e 8b f1 18 5c 43 cb f2 c6 63 d6 9d 8f af 0d 51 3f 2c ea 4a 57 db a4 08 d7 70 fd 2a ae c7 28 cd 6a b4 39 0a 53 8a f7 28 fe 0f d4 8f 15 df e7 b4 e8 e3 3a 2f 8b ed 57 fe 1e 26 57 13 10 aa 66 a5 be 54 dc a9 6a ca 56 f6 95 ec dd e6 d3 b7 22 bd bf 07 d7 a2 ca be 02 44 b5 18 d6 47 f9 00 4a 19 b7 7c f8 49 1a 9c 1d 1b 19 b1 f0 c9 8f 99 c1 13 1f 31 70 1e bf 6a a2 e5 3c 4e 83 db 9b 86 c8 37 eb fb 13 2d 85 4e 27 fb 55 a8 83 8b 0f f2 fd 7c c3 12 14 97 5b 55 a6 61 49 2b d7 c7 d5 5d 6b d7 0a dd 74 06 47 46 1b b1 eb c8 77 Data Ascii: mU-4QzBEOwq?u<UqEyj:NDz;~zz/{=,qN~mKKQ\CcQ?,JWp*(j9S(:/W&WfTjV"DGJ\|I1pj<N7-N'U\|[UaI+]ktGFw
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: d7 aa 1e 0b 09 1f 92 dc ae a9 89 1a 27 e9 bc a7 f9 8d ea 80 4b 96 b9 75 98 75 28 a5 0e 97 9c 70 48 64 f6 42 86 3f 80 90 49 ef 65 ab d6 34 d3 e7 8c f3 06 28 23 b1 f7 09 7f c8 42 ca 44 eb 42 c2 41 69 69 ed c9 9c 24 19 da 75 dc cd 18 dd f2 61 aa c3 11 0f 8d bd c0 d8 b8 be 27 e8 43 35 ea 60 81 f4 07 76 54 c8 7e f3 ba 9a 03 41 d9 76 0c ed 18 d8 71 4f ec 81 10 e3 f1 ac ca 62 5b 32 6b 8f 0a 8f 6e 7c 8c 61 f4 a9 23 25 b8 19 ae c7 c0 8c b4 90 c1 01 07 33 5f 22 33 96 42 dd 93 52 d4 99 ce 19 9b d6 25 28 a5 b8 08 26 0e 8c 72 3b 85 f7 a2 77 21 d7 85 39 a0 25 cf 0c 5d a4 b4 60 15 da cb d8 b8 e9 db 03 2d 1c 72 3b 84 36 7a ad c8 dc 5a 62 41 b9 3b 10 14 1c fa 70 7e e4 e1 f3 c2 1f 24 90 e6 b3 81 f7 37 17 b9 a6 0a 11 c0 5a 61 a6 82 6d 83 f4 87 af 5c 68 e8 28 c8 b7 2e ed 48 Data Ascii: 'Kuu(pHdB?Ie4(#BDBAii$ua'C5`vT~AvqOb[2kn\|a#%3_"3BR%(&r;w!9%]`-r;6zZbA;p~$7Zam\h(.H
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 9b 19 87 e5 00 e1 0a 38 7b 74 39 c0 61 a7 93 3d e4 00 73 aa c0 af 6d b9 e9 68 53 4b b0 7e 62 3c 22 c2 91 2f 44 b6 51 c1 5f 94 c7 20 e3 06 7d be ea 41 12 88 4e 07 0b c8 ba a7 e9 77 0b 29 c1 59 86 bf 89 22 73 f4 fd 69 7c 8a e0 53 1f 4d 7a 4e 94 12 d4 e2 6d 18 9b 59 87 95 a5 a3 10 15 3e 9c 37 89 c9 ad 1b 51 9d 1e e0 c8 c1 93 58 d8 df c0 ae 99 32 a6 26 aa f8 f2 07 66 71 f6 fc 97 20 af a8 60 f2 b2 cd 58 e9 1e 23 f8 db 41 a3 df 44 ab d3 45 bf 3f 50 07 33 5a cb 29 fa 5d d0 5a 40 7d 27 10 38 18 32 08 a4 df d4 f7 d6 ca 0a 7a 77 dc 8d ce 02 70 d7 5c 1f c7 ff e4 ed 04 a1 e9 85 2c a2 75 64 8a ba 32 8e 7e a7 81 6e 75 13 ad 29 db c9 ac 8f 7e 0b 0f 30 3e f6 a5 41 1f a5 4f 2c 57 71 e2 74 9b c6 58 e0 c4 be 0f e2 9e fd 1f c4 42 e3 18 81 dd 79 02 be 99 0a fb 9c 90 1d d2 f2 Data Ascii: 8{t9a=smhSK~b<"/DQ_ }ANw)Y"si\|SMzNmY>7QX2&fq `X#ADE?P3Z)]Z@}'82zwp\,ud2~nu)~0>AO,WqtXBy
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: a0 d9 86 3a 3c a1 8e 67 d0 b5 eb 6a 1b 71 ee b6 f3 f0 e5 4f dd 87 7b ee 9c 05 0d bb 5d e6 94 a5 56 69 0a d5 e9 9f 89 78 0c af b8 f1 c5 78 dd 73 9f 43 70 ba c8 f9 fb 68 48 01 80 0b 29 a4 90 42 0a 29 a4 90 42 0a 29 a4 90 c7 a1 f0 e6 cd 14 e3 0d bd 99 62 36 b7 22 fa 8a 24 b2 21 c4 b0 81 42 0a 29 e4 31 2c 23 a0 32 04 76 16 42 79 ef a8 d1 b7 5a 6f 39 0f 05 f9 f1 b6 6d db b0 63 e7 0e dc 76 db ed f8 9e ef fe 1e 07 63 f6 de bd 0f 4b 4b 4b f8 cf 8f fd 27 2e 7d e2 a5 38 74 ff 21 9c 7b ee b9 1a 56 d2 06 eb a7 3e f5 49 bc e8 85 2f c2 c6 4d 1b 8d 87 6f 84 53 27 4f e2 9f df f5 2e ec db b7 17 67 9f 7d 36 be 9b ca 3b 67 cf 1e 75 bd 90 16 f0 78 7c 6d df c7 e1 11 ff e3 03 1f c0 6d b7 df 86 53 a7 4e 29 cf ba 97 bd ec 65 d8 41 1b 94 2c bc a1 7c e0 e0 01 fc c7 7f fc 07 95 7d Data Ascii: :<gjqO{]VixxsCphH)B)B)b6"$!B)1,#2vByZo9mcvcKKK'.}8t!{V>I/MoS'O.g}6;gux\|mmSN)eA,\|}
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 6d af d5 95 b1 54 1c 9a 7a d3 26 74 f9 fa d6 32 46 55 d2 67 a3 89 0e e9 67 69 6d bf 5c 53 9f de 82 56 77 20 a7 2b 14 81 d7 b4 5f 46 77 2d c5 ce 1d 3b f0 cd 1f df 89 07 bc c4 1c 08 4c f4 06 6a 63 0d ab 9d fd 04 78 97 09 ee ae a0 d5 5e c2 6a eb 00 c1 de 2e 78 36 ac d0 b4 e9 76 8c c7 2f e7 fb 65 c2 3e 1c 19 a8 3b 59 af 62 fb e6 cd d8 50 df 80 2b ae be 05 2b 3d 3e 44 4d 97 d4 21 79 97 69 98 24 dc f0 04 29 77 9a f4 f8 94 87 3f 09 4f bb e8 01 98 28 df 7d 1e e5 42 fe ff 2f 65 14 52 48 21 85 14 52 48 21 85 14 52 48 21 85 dc c3 84 bd 7d cd 57 59 bb 5d 26 ee 1e 76 03 f0 ff eb 0e 5d 21 85 14 f2 3f 2e 61 b3 59 47 1b a6 3a 03 4e e3 6b f5 dd dc 1b 83 ad cc 2e 2c fd 32 e1 38 c3 06 7e 5c 4e 6a e1 54 06 82 ba 4d 60 15 bd 8e 18 84 45 2d d0 da c3 92 ec 86 2f dd 33 d4 99 0d Data Ascii: mTz&t2FUggim\SVw +_Fw-;Ljcx^j.x6v/e>;YbP++=>DM!yi$)w?O(}B/eRH!RH!RH!}WY]&v]!?.aYG:Nk.,28~\NjTM`E-/3
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 0c 58 26 b8 7b c7 9d 77 e0 d5 7f fc c7 b8 ec d2 cb b0 bc b2 82 e0 59 aa f0 c5 2f 7d 89 36 11 1f 88 c3 0f df 2e de a7 ae 50 de e0 2d 4b 2e d1 92 6c 04 b3 37 55 62 d7 16 0f 1b 13 25 cf 57 69 53 8e f3 4b 4a ee d1 c8 93 49 39 ef 58 92 4e bb 23 5e 5f b2 71 6f fb a3 b1 1e 06 40 c8 67 4a d7 f3 46 32 97 1f 87 5c e5 76 55 69 63 4f 36 a2 6d 1b 12 bf ee c9 6e bc cf 79 5c 12 af b6 2a 6d ea 0d c5 13 ab 2c ed 53 91 46 c7 a1 1a 6f 3c 87 8d e8 ac 27 9f 83 24 4e 47 ce 63 90 eb 4b 4a b1 ae 22 6f 46 ab 33 d6 65 45 3c ec b4 b4 4b 3c d4 e2 7a 65 93 3d 89 c6 d7 7a a9 95 cc 66 3b d7 e1 74 c0 f7 aa c8 fd 2b 42 b1 70 de 8b ec 19 68 60 50 dc 16 03 a6 5d 59 ce 7e dc 78 73 b9 9c d3 98 75 5e b1 1e e1 01 74 19 6f c4 d0 37 f8 b1 e4 31 73 40 c0 03 b3 d8 aa e9 5a 2e d3 5d ef 5e 2a 89 47 Data Ascii: X&{wY/}6.P-K.l7Ub%WiSKJI9XN#^_qo@gJF2\vUicO6mny\m,SFo<'$NGcKJ"oF3eE<K<ze=zf;t+Bph`P]Y~xsu^to71s@Z.]^G
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 80 6f 92 e2 ab 35 ce 9b ac b1 3c 7f 00 25 7a 7c f8 49 a7 40 35 67 b0 ed a4 f3 b0 b2 fb 6a 82 c0 5b 68 9d 5d 11 6f ea 89 4d 27 a0 5c 99 24 16 4e 10 39 dd 8d 99 ea 02 01 e0 e2 fb f3 a1 22 45 08 e8 42 0a 29 a4 90 42 0a 29 a4 90 42 0a 29 e4 9e 2b c3 55 da 50 a0 2f af 95 cd b4 69 42 9b 15 49 d3 86 5f a3 4d a1 52 03 d5 f2 44 11 06 ba 90 42 0e 39 09 80 42 8d bd 12 81 38 20 e7 3d a3 d6 bd 2e 2b 11 78 d0 7a 1c cc 44 e5 e4 01 6d 5c 5a 3e 2c b4 bf 57 87 fa c3 b5 d9 fc ab 7a 3d f8 a4 5d 28 48 db 76 0b d1 02 cc d1 63 2d 0c ed 8b ca 8a ee cb 03 f1 7c 3b e0 cb c8 02 97 6c bf 35 d6 83 9a a1 8e 78 03 5f 45 e5 68 bb d1 9f 66 b4 e4 37 de f9 5f aa 33 40 d0 8d 99 f3 d8 93 fb 33 7a b2 fd b0 80 12 08 f0 4c 36 9d b5 ce 80 9e d8 36 5c 7f b2 ba 54 02 70 18 d6 5c f6 83 1f e0 ae 1d Data Ascii: o5<%z\|I@5gj[h]oM'\$N9"EB)B)B)+UP/iBI_MRDB9B8 =.+xzDm\Z>,Wz=](Hvc-\|;l5x_Ehf7_3@3zL66\Tp\
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 5b 3e 10 27 8a c9 01 40 b5 8b e0 16 7f 26 08 6f 3d 42 e2 35 02 dc f1 1e 3e b3 21 78 bd fe 5e 75 f9 8c 09 4e 2f 51 46 45 d1 4b 90 38 ba 81 76 12 47 98 e2 01 2f 3b 81 c4 24 45 26 a0 4c 77 8d 06 49 f4 64 2a 9b f6 16 67 12 9f 17 eb 2f 50 6c 60 02 ac ac 98 c7 fa 38 5e cb 86 61 aa 7b 8a df 8c f5 5e f0 c3 8b c3 aa c7 cf c6 63 76 57 df 22 08 de 20 24 27 e5 f5 0c 21 af 2b 3c 9c 22 fc ed 18 68 17 08 cc 67 12 5f fa fa 11 34 a3 39 4c ee be 8b dd db 6f 8e 4f a0 d8 9b 21 b8 0d 70 7c 74 8c 50 be 95 31 3a 5f 70 76 2b fc 6c 41 d0 97 a8 2e c5 f0 c5 eb ae c9 15 f9 aa 86 93 a5 78 45 e0 e9 c9 8b 88 da b6 31 11 10 be 74 d7 1e 2c 17 35 43 e4 0a 3f 1b b3 0b fa 0a da f5 12 76 10 08 8f 76 77 a1 9d 9f 31 d0 bf 71 e5 1a b8 d3 0f e1 75 0f b1 ad 10 ae 8f 46 e0 10 9c fb 62 23 24 7f b0 Data Ascii: [>'@&o=B5>!x^uN/QFEK8vG/;$E&LwId*g/Pl`8^a{^cvW" $'!+<"hg_49LoO!p\|tP1:_pv+lA.xE1t,5C?vvw1quFb#$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.16	49831	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:38 UTC	678	OUT	GET /shared/cms/lrs1c69a1j/section-images/166ba0e92d8b4ad0b18bdf3455bfce5c.jpg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:38 UTC	709	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:38 GMT Content-Type: image/jpeg Content-Length: 230923 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"3860b-18c5b6fa681" Last-Modified: Tue, 12 Dec 2023 00:31:32 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170638Z-16579567576l4p9bs8an1npq1n00000003bg00000000shbb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:38 UTC	15675	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 06 06 06 06 07 06 07 08 08 07 0a 0b 0a 0b 0a 0f 0e 0c 0c 0e 0f 16 10 11 10 11 10 16 22 15 19 15 15 19 15 22 1e 24 1e 1c 1e 24 1e 36 2a 26 26 2a 36 3e 34 32 34 3e 4c 44 44 4c 5f 5a 5f 7c 7c a7 01 06 06 06 06 07 06 07 08 08 07 0a 0b 0a 0b 0a 0f 0e 0c 0c 0e 0f 16 10 11 10 11 10 16 22 15 19 15 15 19 15 22 1e 24 1e 1c 1e 24 1e 36 2a 26 26 2a 36 3e 34 32 34 3e 4c 44 44 4c 5f 5a 5f 7c 7c a7 ff c2 00 11 08 04 b0 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1d 00 01 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 ff da 00 08 01 01 00 00 00 00 f9 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 af 64 bb e2 d4 83 a2 ca 00 Data Ascii: JFIF""$$6&&6>424>LDDL_Z_\|\|""$$6&&6>424>LDDL_Z_\|\|"d
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 52 44 53 13 45 6a 2c 5b 9b ee 6f 91 67 75 95 00 00 00 01 8b 48 cb 90 00 d6 f2 a0 3e af ee ff 00 3a 5d 60 05 14 c5 ba ea b1 6b 63 eb 5e 7d 81 85 ae 4c 5d e8 3d 8b dc 36 69 91 13 04 38 bf 20 d5 7a 2f b1 41 62 db 0e cd b9 a8 f0 9f 1f 74 9b ce 7a ae 83 d5 33 bc 97 89 de 67 d5 4f 37 b4 e9 bd 4b 65 72 d6 55 71 cc e9 2b d5 59 c7 bf c8 cc 75 77 2f ed b2 31 f0 2b ba af 3e bd 3d 37 33 f3 69 e7 fc 19 ee fd 8a e5 ea 21 15 dd 52 55 35 45 ba 2a ad 6d 4a aa 98 b3 5d 75 a8 b5 66 d5 c9 a6 9b b8 f8 f4 32 2e 61 fc d8 f4 2e b0 00 00 00 06 be d0 da 48 00 3c 6b 18 0f ab fb bf ce 97 58 01 b1 ed f8 dd 05 51 37 68 c9 58 f4 ee ab c2 35 a3 63 d4 fb b7 ac 57 66 ed 54 45 c2 0e 17 c9 78 dd 9f a3 fb 55 2c 4c 7b 56 eb 88 2e 78 97 88 3a 7c 84 75 36 fd 1b c7 f9 cd be cb 6f 6b 45 b2 df 76 Data Ascii: RDSEj,[oguH>:]`kc^}L]=6i8 z/Abtz3gO7KerUq+Yuw/1+>=73i!RU5E*mJ]uf2.a.H<kXQ7hX5cWfTExU,L{V.x:\|u6okEv
2024-08-30 17:06:38 UTC	16384	IN	Data Raw: 04 8c 90 7e 6d bf 05 0c d0 b1 a4 3f 0c d9 0d 76 92 47 c9 63 06 18 41 87 a6 1c 47 2b fa c7 53 a3 77 6d 59 38 41 8d 6e 0b a3 54 68 33 2a 6e d7 7a 8f 09 98 65 a3 fb 07 85 7e 3e 49 d8 78 d9 13 1c e9 ba cf 65 c1 b6 fc 3d 9c 19 b2 3c 5c a3 b4 c8 b4 fe f1 a2 82 53 14 81 ca 17 57 af 15 1e 38 15 33 c9 eb 4c 43 40 1a 7f f0 16 22 5c d9 2e dd b0 0e 66 16 87 0b 85 46 f1 b1 3d 90 49 84 7c ac 8b 2c b5 e0 6d a8 75 7c d6 10 61 67 7b 21 30 1d 76 c9 76 cf 15 0c 26 59 43 01 f3 3c 07 15 26 13 0f f4 84 50 b0 91 1b c3 7f 50 9f 1c 0f c3 4f 23 61 31 18 dc 06 da d6 bb bc d6 11 b5 c4 31 63 dd 59 a9 c0 2e 48 63 1e ca 65 44 f7 67 0b ae 00 9b 28 9d 8e 78 79 6f 45 c3 6d fd d0 5c af 1b 19 17 d8 c4 c3 9b d5 b4 00 4b 6d 5c 83 29 66 38 33 73 da 47 f9 ae 5a 8e ce 50 96 9f 9a 87 9e 0c ac e8 Data Ascii: ~m?vGcAG+SwmY8AnTh3*nze~>Ixe=<\SW83LC@"\.fF=I\|,mu\|ag{!0vv&YC<&PPO#a11cY.HceDg(xyoEm\Km\)f83sGZP
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: e7 c2 f6 8e 24 27 31 ed a5 cd 22 bb 2a b0 78 6c cc 4c 0c 95 ae 0c 7f c2 aa 66 86 4d 23 46 c0 e2 3f 15 c9 18 51 3e 6d 4f 66 89 b8 78 1b b2 30 a8 38 7b 74 08 80 55 ad e0 83 1a 0e c5 41 c1 16 33 ba 17 28 6b 8c 9b cf 9c 7b 8e 4d fb 94 5f 1f 9f bd 97 77 e0 c0 d1 10 32 81 e7 a7 b7 44 4f ba 6d 2b cc 1c aa 38 7b 64 d0 73 47 d9 fd 99 71 00 8e 3b 56 02 48 9f 84 8a c3 b1 a0 11 e3 ec 4a f6 46 c2 e7 9a 37 7a bb 70 d9 5a 8e 62 6b fb 25 a6 95 44 34 93 b1 75 6e a0 5d 51 b9 32 8e 56 83 b5 db 16 5b 37 39 59 fc 61 69 53 aa 0d 07 f3 84 22 8b 7c cd 40 40 1d b4 91 44 fb 7c 50 2c 68 ec d4 a2 5a ed 68 07 b4 79 f0 92 49 1f 23 e2 5e ce d6 6e de 1b 10 92 49 b9 1e 73 33 8b ad 90 58 4a c4 47 2c b8 ae 4e 6c 4e b5 d9 0d eb 70 50 3e 37 c5 8e 60 9e 69 7e a5 d5 bf 67 c1 46 c3 8e e4 f8 d8 Data Ascii: $'1"*xlLfM#F?Q>mOfx08{tUA3(k{M_w2DOm+8{dsGq;VHJF7zpZbk%D4un]Q2V[79YaiS"\|@@D\|P,hZhyI#^nIs3XJG,NlNpP>7`i~gF
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 0a 61 03 7a 8d 8e 2e a8 53 ca eb 9c cd 47 f9 a6 4a 62 70 20 ea a1 c5 5e d2 ed fb c2 6b e6 92 b6 33 e2 e4 f1 8b 00 12 d1 5e 1e 0b 25 8f 17 04 e8 f1 2c 76 8f ea a7 c5 19 8c 3e fa 14 d9 38 39 09 c7 e6 6a 38 f0 df e8 d0 c4 e3 27 d9 5f 92 6e 16 67 76 e4 a2 e8 cc 65 0e a7 cd 38 fd 4b b4 fc bc f8 59 a7 8e 46 e5 3b 57 11 a6 e2 81 c2 8c 44 99 20 e7 00 69 5e c5 77 d1 49 2c 92 ba e7 ba a5 61 a2 ce 9e 36 71 3a f9 2c 5b 1f 2c 12 38 db d4 7d 5b 47 03 d4 3a 6e 53 e5 c1 48 c4 4d 3d 40 4b 8f 12 15 d1 e6 60 98 e8 83 ae 8d 80 d7 c7 82 e8 ec cb a6 fe 95 65 7c 14 ec c3 01 33 7e a4 5b d8 a5 6e a8 e2 8c 30 87 3e 6b 7e ab 26 e0 3c 4e 94 f5 4d 87 0d 1e 48 79 8a 8e 60 2f ad 6e d7 82 fa a8 b0 f1 3f 29 af 26 47 8a 9e 01 3e 38 33 b1 50 08 85 1b 1b 9c 0e fa 81 54 d8 b0 ec 64 01 d9 5d Data Ascii: az.SGJbp ^k3^%,v>89j8'_ngve8KYF;WD i^wI,a6q:,[,8}[G:nSHM=@K`e\|3~[n0>k~&<NMHy`/n?)&G>83PTd]
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 3f cc 99 86 04 75 9c 9d 06 1d bd a7 af f6 21 f9 96 6e 08 6e 2b a4 e1 07 f4 6b a6 41 fb a5 d3 e3 fd d0 5f 48 0e e3 57 d2 3f c2 d5 f4 8b b8 35 1e 52 93 c1 1e 52 9b f8 7d 17 d2 58 8e 23 d1 7d 25 88 e2 3d 11 e5 1c 40 e1 e8 be 92 9f f8 7d 17 d2 53 70 6f a2 fa 4a 4e e3 3d 17 d2 27 f7 4c 5f 48 37 f7 0c 5d 3a 1d f8 71 ea 86 33 09 fb 97 7a ae 91 81 3f bc 0b fd 89 ff 00 d3 91 e6 10 8a 2c ba 47 33 2b a6 f4 d2 4e 20 f0 b1 49 87 64 95 2d d1 c9 cd 2c 75 08 f6 4e df 64 0f 60 fb b9 3b 6f fe 63 ee 39 37 ee 51 7c 7e 7e f7 93 3e fd 0f c7 e5 ec d5 1e 71 cc 79 9e d6 b8 51 c0 11 c0 a9 f9 1f 0c fd 59 56 1f 0d 8a 7e 4e c4 c1 ba e1 c4 2a 2c 3f 26 cf 88 3d d1 c4 8f 92 97 92 e1 85 8d 71 71 71 b8 78 04 62 15 35 76 8a 91 8d d5 55 55 e6 a2 d1 55 57 9a a8 57 9e 88 10 b3 4a 15 a5 78 f3 Data Ascii: ?u!nn+kA_HW?5RR}X#}%=@}SpoJN='L_H7]:q3z?,G3+N Id-,uNd`;oc97Q\|~~>qyQYV~N*,?&=qqqxb5vUUUWWJx
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 5d 4e 82 3c f7 85 8b 85 18 d5 ec 12 b0 21 4d 8d 25 d6 07 ac e9 ab 12 89 4b 9a a9 e9 34 62 f8 b9 6b 70 62 83 41 c5 e2 59 58 ea 22 56 61 7b 10 da 2e da 50 e6 91 98 93 5a 02 cd 7e 11 1c f7 9d 5c 03 96 f4 94 2e b5 02 36 56 b7 e3 13 75 f0 a3 1a 94 eb 5f 1b 13 69 5e 2c 74 96 52 90 10 fe 30 0d ab 65 c0 6d 13 4c 31 9b d1 9a 16 9f 93 ae 83 e4 7b fe ff 00 9a 21 8f 56 32 4d ee 1c e2 7b cf 31 52 dc 4d e0 e2 18 64 b1 59 da 99 59 e5 68 de 74 7a 11 1d 85 1b e9 1e b2 cf 49 fd 44 7b ef 5e a5 b6 a0 ec cd 99 85 fd 74 86 e6 8e 6d d0 d4 30 dc 50 d4 ff 00 69 6d 70 0b a2 9c f7 95 6a 17 65 00 0f 2c bf d1 95 8e 97 7f a4 06 bd a0 6f 30 d8 85 8a 86 3a 87 11 c0 f2 43 72 dd ea 60 1f 68 0c a6 a3 65 87 51 4f ac a0 63 65 b1 65 a3 c8 9a 35 a9 5b d5 42 4a 96 b6 0e 90 ba 26 bf ab 39 5b fb Data Ascii: ]N<!M%K4bkpbAYX"Va{.PZ~\.6Vu_i^,tR0emL1{!V2M{1RMdYYhtzID{^tm0Pimpje,o0:Cr`heQOcee5[BJ&9[
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 05 07 89 67 a9 3e b5 18 23 a5 49 c8 35 aa 40 ae fe 94 cb 99 c2 bd 3c 6e 65 4f 6b 76 62 19 28 2f 7b 2d cc ac 37 bb 8e d3 9f 7b 9e 7f 23 df f7 fc dd 4f 53 4e 96 af 14 74 02 67 9b a5 44 02 d6 71 08 51 bb 6b 2c a6 98 a8 b8 60 ef 2d 2d 49 6c cb ec 62 36 1a 97 9e f2 a4 a2 dd 5f 66 6b 18 28 8f 33 77 2e d7 9d 7e a2 8e b8 01 62 58 a6 5d f2 95 7f 94 c3 47 86 23 61 6e 3f cf 8c 52 e9 ea 10 82 a7 53 9f 90 28 d8 cf ac e3 7f 30 75 a8 33 d0 52 88 7d c8 d2 2a 05 a8 ec 43 0d b3 35 70 a1 8c f9 66 19 78 8c 7a d7 47 d1 6c 97 35 3a e4 74 bf 81 db a5 a1 8c 58 66 1a 91 a3 05 3f 28 97 f0 1a ff 00 25 7c 70 f0 82 83 d1 72 fa a5 03 01 6c 74 f7 9f 5f e6 34 c1 87 00 01 36 d0 cb 6b ca a5 9b 76 98 07 95 bc 4c ea 95 c6 66 77 22 a9 61 1c b4 cd 26 1c 42 32 32 fa 4f 18 62 08 a3 00 00 97 3a Data Ascii: g>#I5@<neOkvb(/{-7{#OSNtgDqQk,`--Ilb6_fk(3w.~bX]G#an?RS(0u3R}*C5pfxzGl5:tXf?(%\|prlt_46kvLfw"a&B22Ob:
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 5b ba 04 6a 8e bb 4a 5b a3 57 f3 34 48 23 1d a0 42 60 7e e9 a6 01 41 a9 06 cb 65 d6 7d 50 e9 29 79 77 22 fb 47 78 79 19 88 65 25 65 fa 23 46 20 58 10 6c 91 53 89 51 66 ac c1 f2 8a f2 88 0c be 83 78 10 cb 01 51 c3 68 03 03 4d a2 b3 75 0a b9 f6 88 d5 97 72 15 58 5e 51 71 84 c1 0d ea 62 fd 36 1b ca 1c 69 c4 57 ce 80 5f e0 22 b1 a3 31 df 43 e1 fc e5 04 58 68 42 d9 89 63 21 16 83 6e a0 f9 af a1 34 fc 20 af 80 34 dc 01 76 ba c3 3d 6f e0 5e ab e0 65 86 6d c1 ae f2 a2 63 22 b7 94 45 31 4f 7a 4b 13 6d 31 71 cd 46 91 76 ed 9e 50 86 09 b9 05 bb 66 ff 00 88 ea 7b 5e 31 bc d5 e8 4a 7e 13 e1 75 f8 0d 4f 8b da 39 f9 1e ff 00 bf e6 fb 3e f8 ac 4b 75 51 ac 82 56 03 70 22 dd d8 1a 66 8e 87 07 ee d6 33 0c ef f8 58 07 d3 bb 7d 25 d7 5a 52 b8 cb 31 2e df ac e1 d6 3a 46 84 38 Data Ascii: [jJ[W4H#B`~Ae}P)yw"Gxye%e#F XlSQfxQhMurX^Qqb6iW_"1CXhBc!n4 4v=o^emc"E1OzKm1qFvPf{^1J~uO9>KuQVp"f3X}%ZR1.:F8
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 59 92 8e 15 0e 11 df e0 45 75 b8 47 c7 e0 e4 a3 01 01 12 9e 48 50 25 8b dc 1c 43 45 f7 53 af d3 7e d6 db 7d 70 80 46 13 10 8d 99 6a 2c e7 3d 27 51 74 e7 a0 34 89 1b fd e2 36 ab 95 61 b9 d2 6d f4 65 f7 f0 82 89 1c 52 59 da 1f 6e 75 45 3e 83 32 9c 35 c4 06 e0 eb 30 bd e0 c1 61 fc c2 fd c4 fa 2a 69 03 78 ce 7e 92 8b c8 4a a2 82 3a ed 9a 76 c1 49 4c d3 88 88 27 46 af 4e 00 86 16 c9 6c 56 7c c5 10 68 61 ef 0b e0 07 37 ba 44 68 ab 9f b5 2c 1f 38 99 66 4b 48 d6 b8 cf 60 11 aa 5a 84 d5 2a fb 4d 45 63 97 45 b2 01 a6 2b f5 26 01 9e d6 23 f2 42 e7 d6 fa 33 2b 60 5a 35 44 0b 85 d2 32 a6 a0 2e 50 26 8a 8b 55 95 73 2f 0a 83 a3 10 8b 03 c9 0e 4d a3 30 a6 08 35 f3 f4 75 0d 1d 2a c6 90 bd 59 3f 2e ff 00 73 f2 2f f7 05 86 b4 0a 0f 8e eb c3 63 e7 bb 1d ae 0d 6e 00 b6 19 c8 Data Ascii: YEuGHP%CES~}pFj,='Qt46ameRYnuE>250aix~J:vIL'FNlV\|ha7Dh,8fKH`ZMEcE+&#B3+`Z5D2.P&Us/M05u*Y?.s/cn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.16	49832	151.101.193.229	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:38 UTC	619	OUT	GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:39 UTC	762	IN	HTTP/1.1 200 OK Connection: close Content-Length: 19286 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: text/css; charset=utf-8 X-JSD-Version: 2.12.0 X-JSD-Version-Type: version ETag: W/"4b56-YiPl+RKtjZAxTh+GFWDs5rHZulk" Accept-Ranges: bytes Age: 1333477 Date: Fri, 30 Aug 2024 17:06:38 GMT X-Served-By: cache-fra-etou8220159-FRA, cache-ewr-kewr1740024-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 3a 72 6f 6f 74 2c 0a 3a 68 6f 73 74 2c 0a 2e 73 6c 2d 74 68 65 6d 65 2d 6c 69 67 68 74 20 7b 0a 20 20 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 20 6c 69 67 68 74 3b 0a 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 67 72 61 79 2d 35 30 3a 20 68 73 6c 28 30 20 30 25 20 39 37 2e 35 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 67 72 61 79 2d 31 30 30 3a 20 68 73 6c 28 32 34 30 20 34 2e 38 25 20 39 35 2e 39 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 67 72 61 79 2d 32 30 30 3a 20 68 73 6c 28 32 34 30 20 35 2e 39 25 20 39 30 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 67 72 61 79 2d 33 30 30 3a 20 68 73 6c 28 32 34 30 20 34 2e 39 25 20 38 33 2e 39 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 67 72 61 79 2d 34 30 30 3a 20 68 73 6c 28 32 34 30 Data Ascii: :root,:host,.sl-theme-light { color-scheme: light; --sl-color-gray-50: hsl(0 0% 97.5%); --sl-color-gray-100: hsl(240 4.8% 95.9%); --sl-color-gray-200: hsl(240 5.9% 90%); --sl-color-gray-300: hsl(240 4.9% 83.9%); --sl-color-gray-400: hsl(240
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 38 30 30 3a 20 68 73 6c 28 31 35 20 37 39 2e 31 25 20 33 33 2e 37 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6f 72 61 6e 67 65 2d 39 30 30 3a 20 68 73 6c 28 31 35 2e 33 20 37 34 2e 36 25 20 32 37 2e 38 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6f 72 61 6e 67 65 2d 39 35 30 3a 20 68 73 6c 28 31 35 2e 32 20 36 39 2e 31 25 20 31 39 25 29 3b 0a 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 61 6d 62 65 72 2d 35 30 3a 20 68 73 6c 28 34 38 20 31 30 30 25 20 39 36 2e 31 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 61 6d 62 65 72 2d 31 30 30 3a 20 68 73 6c 28 34 38 20 39 36 2e 35 25 20 38 38 2e 38 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 61 6d 62 65 72 2d 32 30 30 3a 20 68 73 6c 28 34 38 20 39 36 2e 36 25 20 37 36 2e 37 25 29 3b 0a 20 Data Ascii: 800: hsl(15 79.1% 33.7%); --sl-color-orange-900: hsl(15.3 74.6% 27.8%); --sl-color-orange-950: hsl(15.2 69.1% 19%); --sl-color-amber-50: hsl(48 100% 96.1%); --sl-color-amber-100: hsl(48 96.5% 88.8%); --sl-color-amber-200: hsl(48 96.6% 76.7%);
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 73 6c 2d 63 6f 6c 6f 72 2d 6c 69 6d 65 2d 35 30 30 3a 20 68 73 6c 28 38 33 2e 37 20 38 30 2e 35 25 20 34 34 2e 33 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6c 69 6d 65 2d 36 30 30 3a 20 68 73 6c 28 38 34 2e 38 20 38 35 2e 32 25 20 33 34 2e 35 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6c 69 6d 65 2d 37 30 30 3a 20 68 73 6c 28 38 35 2e 39 20 37 38 2e 34 25 20 32 37 2e 33 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6c 69 6d 65 2d 38 30 30 3a 20 68 73 6c 28 38 36 2e 33 20 36 39 25 20 32 32 2e 37 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6c 69 6d 65 2d 39 30 30 3a 20 68 73 6c 28 38 37 2e 36 20 36 31 2e 32 25 20 32 30 2e 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6c 69 6d 65 2d 39 35 30 3a 20 68 73 6c 28 38 36 2e 35 Data Ascii: sl-color-lime-500: hsl(83.7 80.5% 44.3%); --sl-color-lime-600: hsl(84.8 85.2% 34.5%); --sl-color-lime-700: hsl(85.9 78.4% 27.3%); --sl-color-lime-800: hsl(86.3 69% 22.7%); --sl-color-lime-900: hsl(87.6 61.2% 20.2%); --sl-color-lime-950: hsl(86.5
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 74 65 61 6c 2d 31 30 30 3a 20 68 73 6c 28 31 36 37 2e 32 20 38 35 2e 35 25 20 38 39 2e 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 74 65 61 6c 2d 32 30 30 3a 20 68 73 6c 28 31 36 38 2e 34 20 38 33 2e 38 25 20 37 38 2e 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 74 65 61 6c 2d 33 30 30 3a 20 68 73 6c 28 31 37 30 2e 36 20 37 36 2e 39 25 20 36 34 2e 33 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 74 65 61 6c 2d 34 30 30 3a 20 68 73 6c 28 31 37 32 2e 35 20 36 36 25 20 35 30 2e 34 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 74 65 61 6c 2d 35 30 30 3a 20 68 73 6c 28 31 37 33 2e 34 20 38 30 2e 34 25 20 34 30 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 74 65 61 6c 2d 36 30 Data Ascii: %); --sl-color-teal-100: hsl(167.2 85.5% 89.2%); --sl-color-teal-200: hsl(168.4 83.8% 78.2%); --sl-color-teal-300: hsl(170.6 76.9% 64.3%); --sl-color-teal-400: hsl(172.5 66% 50.4%); --sl-color-teal-500: hsl(173.4 80.4% 40%); --sl-color-teal-60
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 6b 79 2d 39 30 30 3a 20 68 73 6c 28 32 30 32 20 38 30 2e 33 25 20 32 33 2e 39 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 6b 79 2d 39 35 30 3a 20 68 73 6c 28 32 30 32 2e 33 20 37 33 2e 38 25 20 31 36 2e 35 25 29 3b 0a 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 62 6c 75 65 2d 35 30 3a 20 68 73 6c 28 32 31 33 2e 38 20 31 30 30 25 20 39 36 2e 39 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 62 6c 75 65 2d 31 30 30 3a 20 68 73 6c 28 32 31 34 2e 33 20 39 34 2e 36 25 20 39 32 2e 37 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 62 6c 75 65 2d 32 30 30 3a 20 68 73 6c 28 32 31 33 2e 33 20 39 36 2e 39 25 20 38 37 2e 33 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 62 6c 75 65 2d 33 30 30 3a 20 68 Data Ascii: --sl-color-sky-900: hsl(202 80.3% 23.9%); --sl-color-sky-950: hsl(202.3 73.8% 16.5%); --sl-color-blue-50: hsl(213.8 100% 96.9%); --sl-color-blue-100: hsl(214.3 94.6% 92.7%); --sl-color-blue-200: hsl(213.3 96.9% 87.3%); --sl-color-blue-300: h
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 76 69 6f 6c 65 74 2d 35 30 30 3a 20 68 73 6c 28 32 35 38 2e 33 20 38 39 2e 35 25 20 36 36 2e 33 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 76 69 6f 6c 65 74 2d 36 30 30 3a 20 68 73 6c 28 32 36 32 2e 31 20 38 33 2e 33 25 20 35 37 2e 38 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 76 69 6f 6c 65 74 2d 37 30 30 3a 20 68 73 6c 28 32 36 33 2e 34 20 37 30 25 20 35 30 2e 34 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 76 69 6f 6c 65 74 2d 38 30 30 3a 20 68 73 6c 28 32 36 33 2e 34 20 36 39 2e 33 25 20 34 32 2e 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 76 69 6f 6c 65 74 2d 39 30 30 3a 20 68 73 6c 28 32 36 33 2e 35 20 36 37 2e 34 25 20 33 34 2e 39 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 Data Ascii: %); --sl-color-violet-500: hsl(258.3 89.5% 66.3%); --sl-color-violet-600: hsl(262.1 83.3% 57.8%); --sl-color-violet-700: hsl(263.4 70% 50.4%); --sl-color-violet-800: hsl(263.4 69.3% 42.2%); --sl-color-violet-900: hsl(263.5 67.4% 34.9%); --sl-c
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 6e 6b 2d 35 30 3a 20 68 73 6c 28 33 32 37 2e 33 20 37 33 2e 33 25 20 39 37 2e 31 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 69 6e 6b 2d 31 30 30 3a 20 68 73 6c 28 33 32 35 2e 37 20 37 37 2e 38 25 20 39 34 2e 37 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 69 6e 6b 2d 32 30 30 3a 20 68 73 6c 28 33 32 35 2e 39 20 38 34 2e 36 25 20 38 39 2e 38 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 69 6e 6b 2d 33 30 30 3a 20 68 73 6c 28 33 32 37 2e 34 20 38 37 2e 31 25 20 38 31 2e 38 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 69 6e 6b 2d 34 30 30 3a 20 68 73 6c 28 33 32 38 2e 36 20 38 35 2e 35 25 20 37 30 2e 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 69 6e 6b 2d 35 30 30 3a 20 68 73 6c 28 33 33 30 2e 34 20 38 31 2e Data Ascii: nk-50: hsl(327.3 73.3% 97.1%); --sl-color-pink-100: hsl(325.7 77.8% 94.7%); --sl-color-pink-200: hsl(325.9 84.6% 89.8%); --sl-color-pink-300: hsl(327.4 87.1% 81.8%); --sl-color-pink-400: hsl(328.6 85.5% 70.2%); --sl-color-pink-500: hsl(330.4 81.
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 2d 70 72 69 6d 61 72 79 2d 37 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 6b 79 2d 37 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2d 38 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 6b 79 2d 38 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2d 39 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 6b 79 2d 39 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2d 39 35 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 6b 79 2d 39 35 30 29 3b 0a 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 73 75 63 63 65 73 73 2d 35 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 67 72 65 65 6e 2d 35 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f Data Ascii: -primary-700: var(--sl-color-sky-700); --sl-color-primary-800: var(--sl-color-sky-800); --sl-color-primary-900: var(--sl-color-sky-900); --sl-color-primary-950: var(--sl-color-sky-950); --sl-color-success-50: var(--sl-color-green-50); --sl-colo
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 72 65 64 2d 35 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 64 61 6e 67 65 72 2d 31 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 72 65 64 2d 31 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 64 61 6e 67 65 72 2d 32 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 72 65 64 2d 32 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 64 61 6e 67 65 72 2d 33 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 72 65 64 2d 33 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 64 61 6e 67 65 72 2d 34 30 30 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 72 65 64 2d 34 30 30 29 3b 0a 20 20 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 64 61 6e 67 65 72 2d 35 30 30 3a 20 76 61 72 Data Ascii: 0: var(--sl-color-red-50); --sl-color-danger-100: var(--sl-color-red-100); --sl-color-danger-200: var(--sl-color-red-200); --sl-color-danger-300: var(--sl-color-red-300); --sl-color-danger-400: var(--sl-color-red-400); --sl-color-danger-500: var
2024-08-30 17:06:39 UTC	1378	IN	Data Raw: 72 64 65 72 2d 72 61 64 69 75 73 2d 70 69 6c 6c 3a 20 39 39 39 39 70 78 3b 0a 0a 20 20 2d 2d 73 6c 2d 73 68 61 64 6f 77 2d 78 2d 73 6d 61 6c 6c 3a 20 30 20 31 70 78 20 32 70 78 20 68 73 6c 28 32 34 30 20 33 2e 38 25 20 34 36 2e 31 25 20 2f 20 36 25 29 3b 0a 20 20 2d 2d 73 6c 2d 73 68 61 64 6f 77 2d 73 6d 61 6c 6c 3a 20 30 20 31 70 78 20 32 70 78 20 68 73 6c 28 32 34 30 20 33 2e 38 25 20 34 36 2e 31 25 20 2f 20 31 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 73 68 61 64 6f 77 2d 6d 65 64 69 75 6d 3a 20 30 20 32 70 78 20 34 70 78 20 68 73 6c 28 32 34 30 20 33 2e 38 25 20 34 36 2e 31 25 20 2f 20 31 32 25 29 3b 0a 20 20 2d 2d 73 6c 2d 73 68 61 64 6f 77 2d 6c 61 72 67 65 3a 20 30 20 32 70 78 20 38 70 78 20 68 73 6c 28 32 34 30 20 33 2e 38 25 20 34 36 2e 31 25 20 2f 20 Data Ascii: rder-radius-pill: 9999px; --sl-shadow-x-small: 0 1px 2px hsl(240 3.8% 46.1% / 6%); --sl-shadow-small: 0 1px 2px hsl(240 3.8% 46.1% / 12%); --sl-shadow-medium: 0 2px 4px hsl(240 3.8% 46.1% / 12%); --sl-shadow-large: 0 2px 8px hsl(240 3.8% 46.1% /

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.16	49833	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:39 UTC	659	OUT	GET /assets/js/index-ba29222d.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:39 UTC	1314	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:39 GMT Content-Type: text/javascript Content-Length: 179767 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa85a1f37" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: vVvnxnsyAkuC4SUi.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170639Z-16579567576pg4fvvmc18u0v4g00000003s000000000cwm9 x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:39 UTC	15070	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 2e 72 65 6c 4c 69 73 74 3b 69 66 28 74 26 26 74 2e 73 75 70 70 6f 72 74 73 26 26 74 2e 73 75 70 70 6f 72 74 73 28 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 29 29 72 65 74 75 72 6e 3b 66 6f 72 28 63 6f 6e 73 74 20 72 20 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 27 6c 69 6e 6b 5b 72 65 6c 3d 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 5d 27 29 29 73 28 72 29 3b 6e 65 77 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 28 72 3d 3e 7b 66 6f 72 28 63 6f 6e 73 74 20 69 20 6f 66 20 72 29 69 66 28 69 2e 74 79 70 65 3d 3d 3d 22 63 68 69 6c 64 4c 69 73 74 22 29 66 6f Data Ascii: (function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const r of document.querySelectorAll('link[rel="modulepreload"]'))s(r);new MutationObserver(r=>{for(const i of r)if(i.type==="childList")fo
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 29 2c 74 3d 73 7d 7d 73 65 74 43 6f 6e 6e 65 63 74 65 64 28 74 29 7b 74 68 69 73 2e 5f 24 41 4d 3d 3d 3d 76 6f 69 64 20 30 26 26 28 74 68 69 73 2e 5f 24 43 76 3d 74 2c 74 68 69 73 2e 5f 24 41 50 3f 2e 28 74 29 29 7d 7d 63 6c 61 73 73 20 6d 74 7b 67 65 74 20 74 61 67 4e 61 6d 65 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 74 61 67 4e 61 6d 65 7d 67 65 74 20 5f 24 41 55 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 24 41 4d 2e 5f 24 41 55 7d 63 6f 6e 73 74 72 75 63 74 6f 72 28 74 2c 65 2c 73 2c 72 2c 69 29 7b 74 68 69 73 2e 74 79 70 65 3d 31 2c 74 68 69 73 2e 5f 24 41 48 3d 76 2c 74 68 69 73 2e 5f 24 41 4e 3d 76 6f 69 64 20 30 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 3d 74 2c 74 68 69 73 2e 6e 61 6d 65 3d 65 2c 74 68 69 73 2e 5f 24 Data Ascii: ),t=s}}setConnected(t){this._$AM===void 0&&(this._$Cv=t,this._$AP?.(t))}}class mt{get tagName(){return this.element.tagName}get _$AU(){return this._$AM._$AU}constructor(t,e,s,r,i){this.type=1,this._$AH=v,this._$AN=void 0,this.element=t,this.name=e,this._$
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 66 69 67 3d 74 2c 74 68 69 73 2e 61 70 70 49 6e 73 69 67 68 74 73 52 65 73 6f 6c 76 65 72 3d 6e 75 6c 6c 2c 74 68 69 73 2e 61 64 6f 62 65 41 6e 61 6c 79 74 69 63 73 52 65 73 6f 6c 76 65 72 3d 6e 75 6c 6c 2c 74 68 69 73 2e 67 6c 6f 62 61 6c 50 72 6f 70 65 72 74 69 65 73 3d 7b 7d 2c 74 68 69 73 2e 76 69 73 69 62 6c 65 4f 62 73 65 72 76 65 72 3d 6e 75 6c 6c 2c 74 68 69 73 2e 65 76 65 6e 74 49 64 4e 61 6d 65 3d 22 74 65 6c 65 6d 65 74 72 79 2d 65 76 65 6e 74 2d 69 64 22 2c 74 68 69 73 2e 61 72 65 61 49 64 4e 61 6d 65 3d 22 74 65 6c 65 6d 65 74 72 79 2d 61 72 65 61 2d 69 64 22 2c 74 68 69 73 2e 64 61 74 61 4e 61 6d 65 3d 22 74 65 6c 65 6d 65 74 72 79 2d 64 61 74 61 22 2c 74 68 69 73 2e 6f 70 65 72 61 74 69 6f 6e 49 64 3d 22 22 2c 74 68 69 73 2e 6f 70 65 72 61 Data Ascii: fig=t,this.appInsightsResolver=null,this.adobeAnalyticsResolver=null,this.globalProperties={},this.visibleObserver=null,this.eventIdName="telemetry-event-id",this.areaIdName="telemetry-area-id",this.dataName="telemetry-data",this.operationId="",this.opera
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 61 6e 73 6c 61 74 69 6f 6e 43 6f 64 65 7d 7d 65 6c 73 65 20 74 68 69 73 2e 66 61 6c 6c 62 61 63 6b 4c 6f 63 61 6c 65 3d 74 68 69 73 2e 6c 6f 63 61 6c 65 3b 63 6f 6e 73 74 20 61 3d 74 68 69 73 2e 67 65 74 53 75 70 70 6f 72 74 65 64 4c 6f 63 61 6c 65 46 72 6f 6d 42 72 6f 77 73 65 72 4c 61 6e 67 75 61 67 65 28 29 3f 3f 74 3b 69 66 28 61 3d 3d 3d 74 29 74 68 69 73 2e 62 72 6f 77 73 65 72 4c 6f 63 61 6c 65 3d 74 68 69 73 2e 6c 6f 63 61 6c 65 3b 65 6c 73 65 20 69 66 28 61 3d 3d 3d 65 29 74 68 69 73 2e 62 72 6f 77 73 65 72 4c 6f 63 61 6c 65 3d 74 68 69 73 2e 66 61 6c 6c 62 61 63 6b 4c 6f 63 61 6c 65 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 6c 3d 61 77 61 69 74 20 74 68 69 73 2e 6c 6f 61 64 54 72 61 6e 73 6c 61 74 69 6f 6e 46 69 6c 65 28 61 2e 74 72 61 6e 73 6c 61 74 Data Ascii: anslationCode}}else this.fallbackLocale=this.locale;const a=this.getSupportedLocaleFromBrowserLanguage()??t;if(a===t)this.browserLocale=this.locale;else if(a===e)this.browserLocale=this.fallbackLocale;else{const l=await this.loadTranslationFile(a.translat
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 6f 72 6d 56 61 6c 69 64 69 74 79 3d 28 29 3d 3e 7b 69 66 28 74 68 69 73 2e 66 6f 72 6d 26 26 21 74 68 69 73 2e 66 6f 72 6d 2e 6e 6f 56 61 6c 69 64 61 74 65 29 7b 63 6f 6e 73 74 20 65 3d 74 68 69 73 2e 66 6f 72 6d 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 2a 22 29 3b 66 6f 72 28 63 6f 6e 73 74 20 73 20 6f 66 20 65 29 69 66 28 74 79 70 65 6f 66 20 73 2e 63 68 65 63 6b 56 61 6c 69 64 69 74 79 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 21 73 2e 63 68 65 63 6b 56 61 6c 69 64 69 74 79 28 29 29 72 65 74 75 72 6e 21 31 7d 72 65 74 75 72 6e 21 30 7d 2c 74 68 69 73 2e 72 65 70 6f 72 74 46 6f 72 6d 56 61 6c 69 64 69 74 79 3d 28 29 3d 3e 7b 69 66 28 74 68 69 73 2e 66 6f 72 6d 26 26 21 74 68 69 73 2e 66 6f 72 6d 2e 6e 6f 56 61 6c 69 64 61 74 65 29 7b 63 Data Ascii: ormValidity=()=>{if(this.form&&!this.form.noValidate){const e=this.form.querySelectorAll("*");for(const s of e)if(typeof s.checkValidity=="function"&&!s.checkValidity())return!1}return!0},this.reportFormValidity=()=>{if(this.form&&!this.form.noValidate){c
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 61 62 65 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 76 61 72 28 2d 2d 73 6c 2d 73 70 61 63 69 6e 67 2d 6c 61 72 67 65 29 3b 0a 20 20 7d 0a 0a 20 20 2e 62 75 74 74 6f 6e 2d 2d 68 61 73 2d 70 72 65 66 69 78 2e 62 75 74 74 6f 6e 2d 2d 73 6d 61 6c 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 76 61 72 28 2d 2d 73 6c 2d 73 70 61 63 69 6e 67 2d 78 2d 73 6d 61 6c 6c 29 3b 0a 20 20 7d 0a 0a 20 20 2e 62 75 74 74 6f 6e 2d 2d 68 61 73 2d 70 72 65 66 69 78 2e 62 75 74 74 6f 6e 2d 2d 73 6d 61 6c 6c 20 2e 62 75 74 74 6f 6e 5f 5f 6c 61 62 65 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 76 61 72 28 2d 2d 73 6c 2d 73 70 61 63 69 6e 67 2d 78 2d 73 6d 61 6c 6c 29 3b 0a 20 Data Ascii: abel { padding: 0 var(--sl-spacing-large); } .button--has-prefix.button--small { padding-inline-start: var(--sl-spacing-x-small); } .button--has-prefix.button--small .button__label { padding-inline-start: var(--sl-spacing-x-small);
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 22 22 2c 74 68 69 73 2e 76 61 72 69 61 6e 74 3d 22 64 65 66 61 75 6c 74 22 2c 74 68 69 73 2e 73 69 7a 65 3d 22 6d 65 64 69 75 6d 22 2c 74 68 69 73 2e 63 61 72 65 74 3d 21 31 2c 74 68 69 73 2e 64 69 73 61 62 6c 65 64 3d 21 31 2c 74 68 69 73 2e 6c 6f 61 64 69 6e 67 3d 21 31 2c 74 68 69 73 2e 6f 75 74 6c 69 6e 65 3d 21 31 2c 74 68 69 73 2e 70 69 6c 6c 3d 21 31 2c 74 68 69 73 2e 63 69 72 63 6c 65 3d 21 31 2c 74 68 69 73 2e 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 2c 74 68 69 73 2e 6e 61 6d 65 3d 22 22 2c 74 68 69 73 2e 76 61 6c 75 65 3d 22 22 2c 74 68 69 73 2e 68 72 65 66 3d 22 22 2c 74 68 69 73 2e 72 65 6c 3d 22 6e 6f 72 65 66 65 72 72 65 72 20 6e 6f 6f 70 65 6e 65 72 22 7d 67 65 74 20 76 61 6c 69 64 69 74 79 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 73 Data Ascii: "",this.variant="default",this.size="medium",this.caret=!1,this.disabled=!1,this.loading=!1,this.outline=!1,this.pill=!1,this.circle=!1,this.type="button",this.name="",this.value="",this.href="",this.rel="noreferrer noopener"}get validity(){return this.is
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 7b 6f 2e 41 6c 6c 3d 22 61 6c 6c 22 2c 6f 2e 54 68 72 65 65 3d 22 54 4f 33 22 2c 6f 2e 46 6f 75 72 3d 22 54 4f 34 22 2c 6f 2e 46 69 76 65 3d 22 54 4f 35 22 2c 6f 2e 53 69 78 3d 22 54 4f 36 22 2c 6f 2e 53 65 76 65 6e 3d 22 54 4f 37 22 2c 6f 2e 45 69 67 68 74 3d 22 54 4f 38 22 2c 6f 2e 4e 69 6e 65 3d 22 54 4f 39 22 2c 6f 2e 54 65 6e 3d 22 54 4f 31 30 22 2c 6f 2e 45 6c 65 76 65 6e 3d 22 54 4f 31 31 22 2c 6f 2e 54 77 65 6c 76 65 3d 22 54 4f 31 32 22 2c 6f 2e 54 68 69 72 74 65 65 6e 3d 22 54 4f 31 33 22 2c 6f 2e 46 6f 75 72 74 65 65 6e 3d 22 54 4f 31 34 22 2c 6f 2e 46 69 66 74 65 65 6e 3d 22 54 4f 31 35 22 2c 6f 2e 53 69 78 74 65 65 6e 3d 22 54 4f 31 36 22 2c 6f 2e 53 65 76 65 6e 74 65 65 6e 3d 22 54 4f 31 37 22 7d 29 28 78 65 7c 7c 28 78 65 3d 7b 7d 29 29 3b Data Ascii: {o.All="all",o.Three="TO3",o.Four="TO4",o.Five="TO5",o.Six="TO6",o.Seven="TO7",o.Eight="TO8",o.Nine="TO9",o.Ten="TO10",o.Eleven="TO11",o.Twelve="TO12",o.Thirteen="TO13",o.Fourteen="TO14",o.Fifteen="TO15",o.Sixteen="TO16",o.Seventeen="TO17"})(xe\|\|(xe={}));
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 6e 3d 7b 6f 72 64 65 72 42 79 3a 65 2c 70 67 4e 6f 3a 73 2c 6e 6f 49 74 65 6d 73 3a 72 7d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 65 74 4a 73 6f 6e 57 69 74 68 4d 61 72 6b 65 74 4c 6f 63 61 6c 65 28 69 2c 6e 29 7d 61 73 79 6e 63 20 67 65 74 43 61 63 68 65 64 4d 61 72 6b 65 74 28 74 29 7b 63 6f 6e 73 74 20 65 3d 41 28 29 3b 69 66 28 65 3f 2e 6d 61 72 6b 65 74 44 65 74 61 69 6c 73 29 72 65 74 75 72 6e 20 74 68 69 73 2e 63 61 63 68 65 64 4d 61 72 6b 65 74 3d 65 2e 6d 61 72 6b 65 74 44 65 74 61 69 6c 73 2c 65 2e 6d 61 72 6b 65 74 44 65 74 61 69 6c 73 3b 63 6f 6e 73 74 20 73 3d 74 3f 3f 22 64 65 66 61 75 6c 74 22 3b 6c 65 74 20 72 3d 74 68 69 73 2e 6d 61 72 6b 65 74 73 2e 67 65 74 28 73 29 3b 69 66 28 21 72 29 7b 63 6f 6e 73 74 20 69 3d 7b 67 6c 3a 6e 65 77 Data Ascii: n={orderBy:e,pgNo:s,noItems:r};return this.getJsonWithMarketLocale(i,n)}async getCachedMarket(t){const e=A();if(e?.marketDetails)return this.cachedMarket=e.marketDetails,e.marketDetails;const s=t??"default";let r=this.markets.get(s);if(!r){const i={gl:new
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 7c 7c 22 22 2c 65 3d 3e 75 60 3c 63 6f 6c 6c 65 63 74 69 6f 6e 73 2d 70 61 67 65 20 63 6f 6c 6c 65 63 74 69 6f 6e 2d 6e 61 6d 65 3d 22 24 7b 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 2e 70 61 72 61 6d 73 3f 2e 63 6f 6c 6c 65 63 74 69 6f 6e 4e 61 6d 65 7c 7c 22 22 29 7d 22 20 63 6f 6c 6c 65 63 74 69 6f 6e 2d 74 79 70 65 3d 22 6d 6f 76 69 65 73 22 20 63 61 74 65 67 6f 72 79 3d 22 24 7b 65 2e 71 75 65 72 79 3f 2e 63 61 74 65 67 6f 72 79 7c 7c 22 22 7d 22 20 6d 65 64 69 61 2d 74 79 70 65 3d 22 6d 6f 76 69 65 73 22 3e 3c 2f 63 6f 6c 6c 65 63 74 69 6f 6e 73 2d 70 61 67 65 3e 60 2c 28 29 3d 3e 70 28 28 29 3d 3e 69 6d 70 6f 72 74 28 22 2e 2f 63 6f 6c 6c 65 63 74 69 6f 6e 73 2d 65 66 39 66 34 37 34 38 2e 6a 73 22 29 2c 5b 22 61 73 73 65 74 73 2f Data Ascii: \|\|"",e=>u`<collections-page collection-name="${decodeURIComponent(e.params?.collectionName\|\|"")}" collection-type="movies" category="${e.query?.category\|\|""}" media-type="movies"></collections-page>`,()=>p(()=>import("./collections-ef9f4748.js"),["assets/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.16	49835	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:39 UTC	678	OUT	GET /shared/cms/lrs1c69a1j/section-images/935d5e3b261649808ca8fbeb888a5d63.png HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:39 UTC	708	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:39 GMT Content-Type: image/png Content-Length: 600262 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"928c6-190dc808597" Last-Modified: Mon, 22 Jul 2024 22:12:08 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170639Z-16579567576qxwrndb60my3nes00000003hg00000000uyaw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:39 UTC	15676	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 22 00 00 03 26 08 06 00 00 00 78 8b 99 0a 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 09 28 5b 49 44 41 54 78 01 ec fd 77 9c 1d 47 96 df 0b 9e b8 b6 2c aa 60 0a a6 08 6f 68 40 03 82 a0 f7 6d d9 be 7b 7a ba 29 cd 8e c6 49 2b cd be 79 9a 7e 9f 7d ab d5 1f a3 cf 13 c8 f7 3e d2 7e 3e bb ab b7 6f 47 9a 99 7d 2b 69 76 ac 66 9a dd d3 3d dd d3 96 ed d0 f4 0e 24 41 12 04 48 78 57 30 05 a0 0a 55 28 77 5d 6c 9c b8 19 79 23 f3 66 e6 cd 6b ab 0a f8 7d c9 c2 bd 37 4d 64 a4 89 c8 cc f3 8b 73 0e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDR"&xpHYs%%IR$sRGBgAMAa([IDATxwG,`oh@m{z)I+y~}>~>oG}+ivf=$AHxW0U(w]ly#fk}7Mds
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: e1 d6 9e bf 66 ae b1 aa fb b8 af b3 b6 c5 eb b2 0e 20 82 43 2f 89 e0 e7 f7 a0 75 82 b6 13 b4 bd 20 3c 76 15 cf 87 ac 5e ae e6 21 8e 79 ff ae 35 5f f8 cf b9 6c f2 f4 06 3c d7 b8 9b 8a d1 2e ed 63 6d 42 2a 85 6e a7 55 b4 b7 9d b6 b2 f4 56 f4 c7 8b ad 57 0a bf eb d5 b3 27 c1 7d 75 f8 d5 7a 6d 23 6a 5c 49 ed 3b 1e b5 ae e0 66 ce 2f 68 15 5f 78 e2 e1 a6 85 08 ce eb c9 61 d6 4b a5 d2 73 ab 56 ad fa 04 0f 58 ee ea ea d2 27 95 05 09 25 3c e8 ef 4a 88 d0 d1 56 f8 bb b2 31 ea 4f 2b 3f 6d f9 ae 6a bd 87 5a df af b7 66 bb 60 68 7e b8 39 b8 ee 71 44 08 fe 2a ec ac f4 4e 2c 36 77 39 23 42 18 01 c2 c0 ae 55 26 f1 0c e7 87 60 af 08 55 e6 a0 2e b0 03 96 9b 7b 06 56 d3 6f af db 4e 6b 06 ba 69 d5 50 37 ad 5c d1 45 a7 cf 5e a4 65 74 9a 6e da 90 a1 54 5f 1f e5 b3 cb 68 66 d9 Data Ascii: f C/u <v^!y5_l<.cmBnUVW'}uzm#j\I;f/h_xaKsVX'%<JV1O+?mjZf`h~9qDN,6w9#BU&`U.{VoNkiP7\E^etnT_hf
2024-08-30 17:06:39 UTC	16384	IN	Data Raw: 38 ea 0a ff 71 5e 5a 1e 08 6d d6 e3 90 f1 66 80 b4 2f 4f 84 ff 80 c0 3b a2 83 40 88 00 75 c3 a1 99 8c 17 04 37 60 fe 1e a4 2c 72 a3 e7 4f cb 2d 8a ba ba ba dc f0 4c 8e 1b 95 8e ef 66 77 26 a7 4f 9f 6e 4b 27 c0 55 86 c2 01 00 00 00 00 00 00 00 00 00 00 ae 0f a2 2d 61 93 57 c6 69 7c ec 12 6d bf 63 17 f5 2f 19 a0 4c 26 4b 83 83 cb 68 db 4d b7 d2 95 2b 63 34 7a e1 1c cd 27 3c 58 79 ed da b5 da 4e c8 89 aa f9 8f bd 22 78 60 33 47 5a b1 43 bf 9b 1c 11 c6 2b 82 e1 e8 2d c6 23 c2 f9 d3 61 9e 1c 41 a2 8d 69 b6 41 10 29 02 a0 7e dc 46 ce f9 21 b8 f1 da ea a2 42 c7 61 33 ca a3 d5 01 e8 f5 54 c7 60 62 b9 b9 c9 aa b9 23 31 42 04 b5 a9 13 40 8e 08 00 00 00 00 00 00 00 00 00 00 00 ca 4c 4f 4d 51 b1 58 a4 ee ee 6e cf f4 25 03 83 1c 3a 9d a6 a6 ae d2 7c c2 e1 db 4d e4 14 Data Ascii: 8q^Zmf/O;@u7`,rO-Lfw&OnK'U-aWi\|mc/L&KhM+c4z'<XyN"x`3GZC+-#aAiA)~F!Ba3T`b#1B@LOMQXn%:\|M
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 83 18 41 aa cd b5 c3 72 a4 f0 86 77 99 f3 06 f1 2e 9c a6 88 15 e6 b8 6a c5 94 7f f3 b5 c3 95 55 fe ba 5b 23 8b 10 2e 75 23 62 78 87 f6 53 f5 c9 87 cc 72 9f 11 8f e6 a2 38 14 a8 8f ec 9e 6b 28 7f e5 75 74 4e fd 85 29 14 0a 85 42 a1 50 28 14 0a 85 42 a1 b8 60 e1 5b 71 3c 3b 41 bd 5e a7 6a b5 1a 7e 2a 86 2a f1 3a 3b cf 0a d1 fb 5b b6 6c 71 c4 83 8a 40 c4 08 f0 8b 58 82 6f 34 82 43 cb 25 22 78 35 3c b6 08 c4 8b 0b f8 a0 50 90 f0 35 4e c4 ea 42 85 08 c5 59 41 7c ab c5 15 45 dc e8 b8 e1 f1 5d 82 55 8b 42 29 4b f1 e5 06 65 d3 74 2a 3e 44 88 23 47 8e f0 67 a5 e0 9f 43 dd d3 ed e9 a5 e2 3b 3e 48 d9 eb 6f 67 52 1d 84 3d 7f 82 9c 11 85 16 04 6c 3d d1 3b 40 c5 77 7d c8 90 d5 d7 b5 10 ef de f8 68 74 44 b0 74 02 eb 05 b8 4f ca e6 c2 58 0a 31 e4 8b 81 8b a5 78 9e ba 7a Data Ascii: Arw.jU[#.u#bxSr8k(utN)BP(B`[q<;A^j~*:;[lq@Xo4C%"x5<P5NBYA\|E]UB)Ket>D#GgC;>HogR=l=;@w}htDtOX1xz
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 17 bc 00 e4 f3 79 b3 74 c8 10 fe e4 7b 1e f5 f5 0d d0 73 fb 0e 52 09 f1 22 7c 8f c5 88 b1 13 d3 34 3b 55 59 55 21 c2 e4 0d d6 10 2c 40 80 47 8e 7b d7 31 3c b3 2f 1c 34 2c 21 42 2f 3d f8 ed 48 2c 63 8a 5d 3a 3c fe c0 6d 13 be eb f8 7c 75 b1 a8 10 21 ca 10 08 14 88 0e b6 f8 60 05 f8 e0 e8 e3 a6 82 51 c9 52 f9 3e 82 84 e0 3b 44 08 d9 2f 8c 0b e1 1b c5 ca 15 93 1a 85 62 b5 01 4b 08 88 10 ff ee 4f 67 68 d3 a0 4b 3f fe fa 22 dd b1 27 47 c5 dc 85 d1 01 55 6a 3e 1d 3d 5d a7 e7 0e d7 e8 a7 7f 67 8a fe d9 3b ba e9 ad d7 e5 69 b0 47 3b 58 85 62 a9 88 bb 59 b2 dd 31 d9 eb 93 82 56 c7 c5 0a 7d c9 51 28 14 0a 85 42 a1 50 28 14 0a c5 ea c1 1a 8f 52 ab 18 81 b8 0f a5 f9 79 3a f4 da 01 58 17 84 6e 99 aa 74 f8 d0 7e ba fe ed 5b a8 bb bb 27 4a 06 43 db 62 5f 8e 56 1b 08 56 Data Ascii: yt{sR"\|4;UYU!,@G{1</4,!B/=H,c]:<m\|u!`QR>;D/bKOghK?"'GUj>=]g;iG;XbY1V}Q(BP(Ry:Xnt~['JCb_VV
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: db 37 ef 87 75 6a 4c a5 f7 e4 14 2d 87 4a 85 f8 4e 4a f2 4d 17 12 ec ef c7 b2 42 91 94 d7 5c b3 9d 10 f4 89 a7 90 e2 b2 89 f6 50 5c f4 ad fd 1a d7 63 0b 16 5e 8b 48 82 cd 5e 48 c0 73 9e 42 f1 38 e0 ba db 58 b9 c5 ca c9 0f dd 94 e2 b7 e7 f8 61 b9 85 82 46 fc 3a 12 85 94 58 3b 08 4f e2 fb 1e 2d 5e 2a 6c 98 1c 5c 53 5d 84 ac 58 da e1 f5 3b 96 90 10 c5 36 e2 54 c2 f3 98 ca ae f3 77 3f ba 16 87 ec 06 10 88 f4 5e 3d e1 39 16 8a 5b 4d 79 6b 6a 7f ed 2e a3 b9 cf 48 15 21 50 3f f5 c6 39 50 57 0a 85 42 a1 50 28 02 44 43 c4 45 5e b1 f0 c8 1d dc d0 cd 9f 08 67 f0 ca bf dc 80 45 84 88 11 00 44 08 00 93 e1 b1 34 7c b4 53 2c 16 23 11 02 61 04 e0 c1 c7 0e 56 2d 4b 58 44 60 a2 3d 3e 86 eb f6 43 8b 08 47 c5 88 d5 43 a2 10 61 2a 80 2b 02 15 84 2f 62 ba 42 8d e1 07 59 2e 99 Data Ascii: 7ujL-JNJMB\P\c^H^HsB8XaF:X;O-^l\S]X;6Tw?^=9[Mykj.H!P?9PWBP(DCE^gED4\|S,#aV-KXD`=>CGCa+/bBY.
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 9b 33 00 00 fa cd ea c6 88 f6 ce f7 e9 f2 da 88 7a e6 f7 e2 c0 6f f0 d9 01 f7 14 c2 e3 26 cc b0 9d 3d 7b 86 16 0d 01 00 47 d5 f0 09 01 72 60 cd bc ab 73 b3 73 d7 cc 51 35 04 63 35 cc 43 5d b8 78 d1 6a 45 1c 3a 74 88 96 96 9c cf 94 55 93 7e 6d f2 86 fc 0c 06 03 ba 31 84 7d 40 78 62 51 47 c4 98 af 33 e0 e7 7e 57 f1 5d f5 3d ae 52 aa 08 fe e5 ef f1 b5 5d f8 a4 c4 a8 2b 42 3b bc 9c 7e e6 df 0b 52 24 1a 26 97 47 35 d8 5a 0a 1a 4f 7c 9f df db 3c 60 29 fe 6d 93 3b e9 31 f2 f4 ba 64 0b 42 16 74 f3 b9 6d 48 fe d8 58 00 50 37 7f aa 42 5c c9 98 df 96 2e a5 63 7a 1e 47 1a 56 8c 9a 4a ce 59 ba 90 45 01 1e 66 9f ba 70 2d b9 a0 1b 91 b5 46 d0 a8 a3 52 97 25 97 77 bd 2d 0d 6b bd f5 e9 27 79 3c cc dc 32 33 14 1d 73 8f 7f 96 fb 7d 4b ce 92 18 74 5e eb 1e a4 96 bc 5d aa 41 Data Ascii: 3zo&={Gr`ssQ5c5C]xjE:tU~m1}@xbQG3~W]=R]+B;~R$&G5ZO\|<`)m;1dBtmHXP7B\.czGVJYEfp-FR%w-k'y<23s}Kt^]A
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: c7 f8 25 25 e2 fd 52 7e 93 1c df e3 e8 a8 9a 41 3b 29 f9 b8 25 4e 5b 6c 0b a8 e2 71 35 f4 43 a5 9a a7 a0 a7 8e 4b 15 08 09 dd 08 33 49 b4 18 94 a4 b6 87 ff d2 1c 8c f9 27 0f 11 d3 d4 41 09 30 0b c9 66 cf 26 bf 15 4d 5c 14 fb 89 26 d6 65 53 b6 54 b5 5b 6b 86 32 ee 36 ed 43 c4 e7 c6 39 0e 1d de 5e 25 ee 49 5b fa b9 b8 3e eb 1a 03 6b 80 ca b7 59 31 b4 6e 1b 7b d3 30 f2 a4 78 30 0d 23 c6 b5 50 0c 75 f5 a6 9c 64 e9 93 2c ab f6 fe 1b e7 f0 74 0e b0 a3 9f ec bb 1c 55 a5 42 5a a5 ee 2c f3 52 4b a0 37 bb 17 ae b5 74 4b 67 22 c7 8d cf b5 98 03 dd 23 ca 9b 02 4c e7 9b 70 22 5c 95 e1 5e 2d 13 6f e4 d6 03 bc 7e de 08 f9 f6 75 13 c6 3a 15 e7 20 67 aa b0 b2 87 4f 78 0c b1 0e 8f f9 00 09 3b 8d 0e d5 28 6c 2f 11 cf e9 de 98 63 a3 7d c2 48 eb bb 84 5c a5 e0 35 ad ec e1 82 Data Ascii: %%R~A;)%N[lq5CK3I'A0f&M\&eST[k26C9^%I[>kY1n{0x0#Pud,tUBZ,RK7tKg"#Lp"\^-o~u: gOx;(l/c}H\5
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 3b 39 d3 4c 15 25 a7 ff fd 29 fe 1a 44 44 6f ae 08 9c bf d4 25 e9 2e 10 ee 6b 9e 84 08 4e ab a9 e5 35 d3 ba 09 d0 64 f7 a5 d9 89 68 61 7e f2 1a a8 09 ca a8 29 9e 4b c1 48 9f 09 da 31 d1 e1 3f 91 ad c2 18 a2 e2 9b 94 e4 43 80 6c e5 38 74 18 98 13 82 42 f6 5b 0f 44 c5 19 62 e7 45 ae 56 f9 d4 b2 52 7c 82 39 e6 75 07 6b b6 b5 2f 85 53 c3 be 5e a4 89 95 3c bf b9 c8 f7 5d 35 e2 2b f4 95 96 38 24 10 b9 5d 69 a4 4b 39 04 5b 8b f6 55 f1 53 a9 68 8a cf f7 21 dd 98 e0 49 c4 e4 ff f7 fd a7 01 c6 2a 37 1e 4a 2d a6 b6 a9 72 6a 69 7b 30 43 b4 83 db e2 49 ef 67 20 37 ca 85 2c 13 8f e4 e7 b4 68 2a 0e 24 d4 c8 93 5b 49 1e 35 03 dd de 94 4e 45 01 b7 e7 b5 14 e6 9d 5a 90 51 be 85 6c d8 40 70 a8 d4 dc 91 25 2a 38 5f d6 bf 81 8e f3 b9 0d e8 cd 2a 51 ed 23 f2 6d 20 da a2 0a d7 Data Ascii: ;9L%)DDo%.kN5dha~)KH1?Cl8tB[DbEVR\|9uk/S^<]5+8$]iK9[USh!I7J-rji{0CIg 7,h$[I5NEZQl@p%8_Q#m
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 3f 01 6e 5c 3b 3b c0 ee 20 ab 25 81 09 e3 68 3c b6 24 85 8f c4 4c 90 fb 76 f7 38 a0 88 9e 25 18 0c a8 ab 7b 06 58 36 e1 c7 06 d0 35 fd 6e 6d a5 b6 a4 84 d5 90 a8 9c 06 45 e5 c1 2f 2c 6f 01 64 0c a1 0e 1c fc 4a 98 70 93 89 dd f1 6e 1f 83 ca ed 74 b7 66 a5 3c e9 a1 c8 69 12 38 c7 be 7e 29 5d b9 7b a9 72 66 73 04 bf 16 70 df 66 3d 88 4f dd 5c 8a 39 51 c5 fb 36 0d d6 f4 ba c1 88 9f 37 e0 f7 0d 9b 3e d1 b0 52 d6 ef 03 7c 4f da e2 10 35 58 6c de 27 57 fb 3c d9 bd 6b 9a c1 74 2d 9c 4b 3a 6a 66 64 80 ed cb 34 36 f5 61 12 53 53 3a 4b 6b b4 aa fb c4 86 3a d8 31 b8 5c c4 5a 60 a4 b5 0c 29 70 26 90 22 12 2b 6d bf 38 75 e0 b9 25 13 bc a6 82 fd 84 56 01 34 19 3c e0 01 e0 4d 5b e7 a8 b8 04 93 5e 00 cf a7 ce 8c 57 30 f5 e5 c2 d7 9e ac 80 38 10 4b 39 2d 06 4b 5c 54 42 d3 Data Ascii: ?n\;; %h<$Lv8%{X65nmE/,odJpntf<i8~)]{rfspf=O\9Q67>R\|O5Xl'W<kt-K:jfd46aSS:Kk:1\Z`)p&"+m8u%V4<M[^W08K9-K\TB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.16	49834	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:39 UTC	641	OUT	GET /assets/js/index-d0ec2dcd.css HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:39 UTC	1305	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:39 GMT Content-Type: text/css Content-Length: 3413 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858ac55" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: tttaen4f7060QcEr.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170639Z-165795675766wv96mecap1swx400000003rg00000000em6b x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:39 UTC	3413	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 68 65 61 64 65 72 2d 66 6f 6e 74 3a 20 53 65 67 6f 65 20 55 49 20 56 61 72 69 61 62 6c 65 20 44 69 73 70 6c 61 79 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 20 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 2d 2d 62 6f 64 79 2d 66 6f 6e 74 3a 20 53 65 67 6f 65 20 55 49 20 56 61 72 69 61 62 6c 65 20 54 65 78 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e Data Ascii: :root{--header-font: Segoe UI Variable Display, "Segoe UI", system-ui, -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif;--body-font: Segoe UI Variable Text, "Segoe UI", system-ui, -apple-system, BlinkMacSystemFon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.16	49836	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:39 UTC	678	OUT	GET /shared/cms/lrs1c69a1j/section-images/2068e415cbe2442b82f2fba24ee0c202.png HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:39 UTC	708	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:39 GMT Content-Type: image/png Content-Length: 358295 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"57797-190c6ac82c8" Last-Modified: Thu, 18 Jul 2024 16:28:32 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170639Z-16579567576h266g9d6dee9ff800000003v000000000cfqr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:39 UTC	15676	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 0c a8 00 00 09 78 08 03 00 00 00 ce 29 9e bd 00 00 02 f7 50 4c 54 45 00 00 00 2b 2b 2b 19 19 19 12 12 12 0e 0e 0e 0d 0d 0d 10 10 10 0a 0a 0a 10 10 10 0b 0b 0b 0b 0b 0b 08 08 08 09 09 09 07 07 07 07 07 07 06 06 06 09 09 09 0c 0c 0c 0b 0b 0b 07 07 07 0a 0a 0a 07 07 07 07 07 07 07 07 07 08 08 08 04 04 04 06 06 06 04 04 04 03 03 03 06 06 06 04 04 04 03 03 03 05 05 05 06 06 06 73 73 73 fb fb fb 07 07 07 05 05 05 04 04 04 05 05 05 04 04 04 e8 e8 e8 e1 e1 e1 88 88 88 e9 e9 e9 87 87 87 79 79 78 c9 c9 c9 a6 a6 a6 af af 71 68 68 68 fd fd fd f3 f3 f3 ea ea ea 8d 8d 8d d1 d1 d1 ec ec ec eb eb eb e4 e4 e4 e9 e9 e9 d6 d6 d6 ea ea ea 96 96 96 eb eb eb e4 e4 e4 de de de e3 e3 e3 e9 e9 e9 fe fe 00 fb fb fb e7 e7 e7 fb Data Ascii: PNGIHDRx)PLTE+++sssyyxqhhh
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 1a 5f 61 8f 3f a0 9d 72 1b ec f1 ec f5 7b 4e cd b5 f4 81 36 d7 c1 fc 68 bc fe 79 3e 2b 2c 34 f6 da f5 f5 32 5b c1 a0 ca 24 20 2a 4e ea d7 fa 89 a8 e4 a0 98 7e 5e 54 bd f3 99 d2 7a 6f 6b 42 54 ca 87 b4 95 81 fd 2d 8b 2e 0b 24 da 73 22 28 47 3b ad 58 8c 47 58 9a df 4d 72 75 71 44 65 94 8f d4 1a 8b 0a 4b 05 b3 56 d2 c4 21 ff 91 7e 28 39 a2 c2 12 e5 40 54 46 3b 8b b2 61 d8 c7 b3 36 9d 9d 40 6a 83 f6 6a 28 2a 2e 51 01 26 6f 88 de 73 26 93 76 f7 cd d5 74 50 51 81 39 2a ae ae 5f 9a 86 11 15 e4 dc c9 f8 aa a6 5f 98 72 14 d4 14 c4 ff 48 7a 2f 0b 0f fd 8c 7b bc 78 9d 89 15 fe ed a0 55 cb eb 2a 4b 66 43 90 40 a4 9f 6a e5 91 a9 60 b7 d0 71 40 c5 b1 14 c6 64 ea 97 af ae 5f c0 f3 7c 8b 52 1a 2d 8d 45 65 d5 ae 6f 12 e0 e5 0f ba 91 24 52 7b b7 25 0a 72 cc 2e 7f 6d d4 65 Data Ascii: _a?r{N6hy>+,42[$ N~^TzokBT-.$s"(G;XGXMruqDeKV!~(9@TF;a6@jj(.Q&os&vtPQ9__rHz/{xUKfC@j`q@d_\|R-Eeo$R{%r.me
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 12 16 f0 89 d0 4b d2 39 6e 4f 35 ff 0d dd 5d 52 f3 be e6 3b 8e f9 ce 5d 29 e1 b4 0b ff f1 f6 0f 7d 63 d7 46 54 88 31 33 dd 89 a9 eb 17 22 2a 00 b4 88 a8 24 89 1d f8 48 a2 62 02 2a d5 cf 08 a6 02 02 18 96 a8 bc 52 15 fa 9e 39 4c 05 9c 32 d2 bf f9 d4 77 fd 02 97 f3 e5 57 a5 2a 4f b9 7e 6a fc db f3 0f 85 6c f3 10 cd 64 fa 9b 98 ca 00 ba 43 81 ff 11 32 15 5f 54 18 63 77 9e a8 70 88 0a 00 81 93 e9 e7 73 4f 54 dc cc 2f 12 15 a4 7e 81 cb 19 80 a8 b8 aa 82 89 8f e0 42 06 36 99 fe bf e1 9b 52 15 c5 af e7 e7 e7 9f 8f 74 f8 6c e7 ab 04 cf 51 b9 9f 45 37 61 08 df 7d 07 ff 21 94 fb 45 78 35 2a 4a 54 4c d7 af b9 ea fa 05 51 01 e0 52 66 9f 8f 93 e9 17 8b 69 ec 4c a6 47 31 3d 18 08 57 77 fd 1a a1 48 05 b4 2f 52 f1 34 05 a2 d2 12 8a a2 18 1e 65 b8 a6 d8 c9 f4 8b fb de ab Data Ascii: K9nO5]R;])}cFT13"$HbR9L2wWO~jldC2_TcwpsOT/~B6RtlQE7a}!Ex5JTLQRfiLG1=WwH/R4e
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: b7 2a 4f f5 db 4f ca ce ba 78 2f ef b6 f3 46 cd 78 92 73 79 c4 30 26 b4 ee 8c d4 d9 eb c6 ed ad b1 03 ac 1d 0a f9 a6 a1 06 07 4b ec 6e 35 88 6f 7f e5 f5 dd 18 51 21 84 6c 40 f4 1b 02 2a 0a 45 85 90 27 4e a6 77 51 c1 57 bf b8 3e 71 75 46 3d ec 02 f2 24 51 31 b1 08 5e f1 0c 51 c1 86 49 e9 04 b9 3f 2e 2a 87 8d a2 72 f6 63 51 54 de bf 7b 37 7c 65 51 19 8e 17 17 95 fa bf f3 dd 22 ea a2 a2 ad de c5 33 b9 5b 56 83 36 75 07 51 81 26 fd aa 8a 8a 8f 3d 6e b7 f1 57 8a 0a de 2a 37 e9 31 a5 69 29 2a 89 26 9c 26 50 54 08 21 eb 10 f1 44 7c 67 7a 85 a2 42 c8 63 a2 f2 eb 46 54 8e 63 51 d9 ef 39 45 a5 1c 53 c1 ad 4d 34 8d dc 1a ca cd 72 55 57 20 56 f4 7d 6f 39 3b 41 ab b7 c7 36 2b 44 86 ac 9e 7a 18 18 97 ca 8a 8d de dc 07 70 74 cf f9 a3 e8 f7 49 99 b4 86 ea 3e 81 d7 e4 db Data Ascii: OOx/Fxsy0&Kn5oQ!l@E'NwQW>quF=$Q1^QI?.rcQT{7\|eQ"3[V6uQ&=nW71i)*&&PT!D\|gzBcFTcQ9ESM4rUW V}o9;A6+DzptI>
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 0a dc 36 bb 8f ca bb 77 77 1e 54 2e 93 0a 36 7c 04 00 00 80 07 e0 34 a8 78 96 db f0 31 32 a4 c4 1a 15 78 c8 5c 50 79 f3 e2 10 54 b0 46 c5 38 0d 29 78 f4 0b 00 00 00 ae 16 82 0a dc b0 7b 0f 2a 8f ce a7 54 1c ac 51 01 00 00 80 eb e6 7f 11 18 c7 97 7e 19 d3 a3 5f f3 f9 12 41 05 1e ac 63 50 79 73 a7 41 c5 79 74 06 8b e9 01 00 00 e0 ca f9 97 6f fd 22 97 41 85 20 a8 c0 c3 e5 82 ca db 37 6f ee 39 a8 7c 7f c3 47 3c fa 05 00 00 00 d7 c8 27 3f 1b 54 9a 5f 09 2a c2 13 be 7f 6c 24 20 3e fb 9a 17 c5 e6 c0 5f 45 8d c5 51 9a a6 42 04 ec 5f 12 69 1a 9c 8f 64 14 d5 42 98 4e 45 7f bf 53 9e b7 88 43 33 aa a1 69 f6 97 08 ba 76 11 b0 3b e6 f6 51 79 6d 83 8a 5b 4c ef 82 ca 1d 45 95 f3 98 82 d7 13 03 00 00 c0 f5 fb 2a a8 b8 98 72 30 3d fa b5 d9 fc 52 50 99 27 a9 10 3e b3 c2 88 Data Ascii: 6wwT.6\|4x12x\PyTF8)x{TQ~_AcPysAyto"A 7o9\|G<'?T_l$ >_EQB_idBNESC3iv;Qym[LE*r0=RP'>
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 51 e9 7b 8c 17 63 2b 68 37 21 d8 6c 21 18 0f 83 84 6f 6c 97 7e 4d 11 a4 71 ac ad 8d 51 64 40 2b a1 fa 86 1f 45 54 be ea 49 8e 56 eb cd d2 af c9 43 89 dc 1c e9 7a 8d 8a 57 00 da 90 0b 4e e0 6e 4b 49 82 98 56 32 a6 d6 a8 f8 d1 b5 54 1a fd 28 e9 64 14 93 e4 ef 89 8a 1e 11 04 c3 9d cf bf 20 2a 35 45 a4 70 8e 38 aa 8f a9 e0 54 2a c0 d6 64 62 81 f4 29 f2 fb 7c f8 50 97 7e bd ff b2 f4 0b aa 72 8f 2f 7c 3c 7d cb 4a 54 9e 50 54 0e 80 a2 42 08 21 84 ec c5 cc 15 f5 15 78 ca 1f 16 15 ef bf 8a 8a d4 89 04 05 56 a2 a2 66 ae 17 d3 0f 83 0d 61 25 2a e2 18 0b 51 49 61 25 2a 65 bb 21 72 df bb 10 62 1c 7f 28 2a 36 af 44 a5 08 56 88 11 a2 22 c5 f4 20 85 a5 33 01 b9 d0 e6 18 21 2a ce 7d 47 54 a4 4b 91 2e de e9 d6 f6 5d 51 51 02 52 18 e2 d7 c7 54 32 6e af 80 6c 01 45 65 27 14 Data Ascii: Q{c+h7!l!ol~MqQd@+ETIVCzWNnKIV2T(d 5Ep8Tdb)\|P~r/\|<}JTPTB!xVfa%QIa%e!rb(6DV" 3!}GTK.]QQRT2nlEe'
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 25 c0 63 18 89 a2 33 c4 8e bb c2 65 20 33 4b 84 11 fc d0 14 fc b0 76 af 1f 22 d5 4c 05 77 66 8e 36 fa 84 79 c0 a3 cd ec 01 81 14 55 dd 75 dd 5d d1 1b c1 8f c4 22 5f a3 61 40 ac 6c 3f 33 f2 08 d7 ad 32 dd 4a 86 51 85 ea e1 ed 41 d0 c4 57 d7 75 31 69 60 a1 55 0f 81 2b 70 48 d7 45 54 8c e1 63 58 55 38 31 1c 12 53 52 55 65 b0 14 66 88 a9 28 95 ed ed 0a 8d 2f 1b 8a 69 ea 6c f7 39 53 34 3e b8 c2 e6 e8 3d 53 3a 28 d3 1e 34 c6 8d c4 e7 0d d3 d8 16 94 a1 69 35 a6 1c a3 5c 96 a1 2b b4 24 c5 a2 60 04 55 59 7c 56 a9 7c 56 49 34 ab 32 69 74 b6 28 90 7f b7 d9 a2 50 a4 bc af 3c ad e0 27 c3 18 98 06 8c 9f 2a da 5f 03 65 2b 10 e8 21 eb 10 07 2a 94 f7 d5 60 04 51 a8 5f 68 6c d5 cc 75 85 99 2b f1 99 ab 30 c7 d3 84 d1 95 65 b9 78 f7 09 d0 0e 6c 81 1e c0 c6 f3 aa b2 ac 73 1e Data Ascii: %c3e 3Kv"Lwf6yUu]"_a@l?32JQAWu1i`U+pHETcXU81SRUef(/il9S4>=S:(4i5\+$`UY\|V\|VI42it(P<'_e+!`Q_hlu+0exls
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 28 cc 99 3d db 2e cb 5e 3b 4d a7 2c fb 2a 4f f2 d9 3e d8 92 0a 57 95 b2 a8 38 4e 21 2a ae 10 15 c1 0e c3 45 e5 c6 33 16 15 a4 d1 9f e0 29 42 54 04 5b 8d 10 15 c1 c5 47 47 3c c3 57 54 7a fd 7e 97 44 c5 ac e4 e4 e9 08 9e 37 46 80 96 24 7e f9 c2 47 df 5f 2b 2a aa 2c 5b 79 80 4e 34 1a 45 1e 39 9d 1b 1c 66 59 8b 02 e0 55 b0 6a 93 d0 2f e8 b9 d9 74 3c 6f 4e b5 ae 46 9a fc 4a 90 83 30 1c 4a 1c 4a 7f 58 fa 65 7d dd 75 47 ac 29 71 ac 4b 05 85 a8 64 83 c1 5a 51 61 d1 32 bf f4 9c 9f 7c 5b 71 5d 77 8f 40 0c 2c 11 5c 54 c2 7e bf 9c 2c d3 2e c2 e0 86 a6 b5 25 62 55 54 68 b8 6a c5 70 75 1b 8d 94 8b 0a 86 2b cb 32 d4 27 6d 80 89 ca 41 b7 5b 16 15 c4 a8 7e 92 8c 29 c5 a2 51 5a 10 a8 a0 1a f2 a1 44 51 22 69 33 5c 54 3a b5 5a 79 9e fc 20 98 c0 23 fa 7d 3e 5c fc 20 64 a4 a9 Data Ascii: (=.^;M,O>W8N!E3)BT[GG<WTz~D7F$~G_+*,[yN4E9fYUj/t<oNFJ0JJXe}uG)qKdZQa2\|[q]w@,\T~,.%bUThjpu+2'mA[~)QZDQ"i3\T:Zy #}>\ d
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 85 78 2e f7 a7 00 54 50 78 f5 f2 e5 cb 8a 2e fe e0 e0 28 9b fd 87 6d a5 f5 fb ef cf fe fe 3b 35 3f 6f 08 2a eb eb eb a8 7f 7a f6 ec 99 d1 f2 fe 4e a5 8e 4c 0f 7f 5c f8 72 81 dc fb 5f ed c6 2f 5e a0 e8 eb f5 fa 3a 0f 2a e3 2f 5f 26 b3 d9 17 bf 1b a2 ca ce c1 41 fc 12 1d c7 1e 3f ce 2d 2f af e8 0f e0 f6 e6 e6 9f 13 13 39 e1 5e 70 0c 07 99 cc c4 e6 e6 26 be b9 71 40 05 f5 4a 87 fa 29 7f bb 4b 4b e9 57 af 78 50 39 3b 3b 7b f0 60 7a 6e 6e ce 70 ec e3 83 07 77 eb 0e 2a d8 0b 66 22 2e 15 20 c1 4f 3f dd b9 73 e7 f8 c1 83 bd bd 3d 43 50 39 3c 4c 1c 1f 3f b9 73 c7 b0 58 ec ce ee ee f6 c9 c9 c6 6f 66 50 65 f2 ec 6c 6a f7 5c b8 df dc ad 5b 97 03 95 d1 44 62 91 5c 0c 07 8e 2d 5c 3c 73 b3 4c 50 79 f4 e8 11 76 bf bd b4 b4 ab 3f 2f bc 01 0f b6 b7 f7 c4 a0 72 76 b6 95 4e Data Ascii: x.TPx.(m;5?ozNL\r_/^:/_&A?-/9^p&q@J)KKWxP9;;{`znnpw*f". O?s=CP9<L?sXofPelj\[Db\-\<sLPyv?/rvN
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 42 54 4c e9 b4 95 50 70 59 2c 71 55 89 4a 28 95 5a 99 9f 37 53 5f cb fe 7e 7c 73 53 dc 6e e2 f5 6c 96 d2 1f 37 6f cf e5 72 42 4e b2 f8 7c 4e d2 4a d2 e7 2b 29 2a 2a 89 44 82 25 2a 66 f3 92 56 ab 93 52 54 d6 8f 8f e5 11 95 91 fa 64 7a e0 32 99 1e 2b 2a dd 62 6c 6c 0c 56 7e 3d 79 f2 64 70 7c 1c 45 05 69 a3 a2 52 4b 51 a9 17 95 49 90 94 0a 95 59 7a 4c a6 47 7a 0c e1 a2 f2 89 64 c3 f4 ef 35 4c a9 b4 0e d3 57 2d 45 d9 61 7a af c1 30 db f9 c1 67 5e ef f2 7f 14 55 16 3a dc 50 ec 20 74 6c 0e 07 1c 29 1b 60 0a ac 0c 17 b8 55 76 51 81 62 12 44 a9 10 3a cb 30 4f 2f a5 a8 ac 79 bd 7a 05 44 25 e2 72 79 08 85 fd 68 54 a7 2a 51 01 a2 76 fb 6b 42 61 de e9 2c c0 3c bd e4 bb 89 5f da ed 59 81 27 19 13 09 da 53 74 ba 5c 3e 05 45 85 ff db 4c dc 3e 5f 41 52 51 31 1a a5 16 95 Data Ascii: BTLPpY,qUJ(Z7S_~\|sSnl7orBN\|NJ+)*D%fVRTdz2+bllV~=ydp\|EiRKQIYzLGzd5LW-Eaz0g^U:P tl)`UvQbD:0O/yzD%ryhTQvkBa,<_Y'St\>EL>_ARQ1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.16	49837	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	656	OUT	GET /assets/js/index-b83114d1.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://apps.microsoft.com/assets/js/index-ba29222d.js Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:40 UTC	1314	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:40 GMT Content-Type: text/javascript Content-Length: 298103 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa85c2d77" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: oUDtJMWGdkuSOFGm.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170640Z-16579567576j7nvvu5n0ytgs1c00000003tg00000000n0yh x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:40 UTC	15070	IN	Data Raw: 69 6d 70 6f 72 74 7b 61 38 20 61 73 20 68 2c 61 39 20 61 73 20 4f 65 2c 61 61 20 61 73 20 59 2c 61 62 20 61 73 20 5a 6e 2c 61 63 20 61 73 20 58 65 2c 61 64 20 61 73 20 6a 2c 61 65 20 61 73 20 41 2c 61 66 20 61 73 20 62 2c 61 67 20 61 73 20 51 2c 61 68 20 61 73 20 48 74 2c 61 69 20 61 73 20 70 6f 2c 61 6a 20 61 73 20 68 72 2c 61 6b 20 61 73 20 6a 72 2c 61 6c 20 61 73 20 55 6f 2c 61 6d 20 61 73 20 65 72 2c 61 6e 20 61 73 20 4c 74 2c 61 6f 20 61 73 20 65 61 2c 61 70 20 61 73 20 72 65 2c 61 71 20 61 73 20 24 2c 61 72 20 61 73 20 48 6f 2c 61 73 20 61 73 20 74 61 2c 61 74 20 61 73 20 4f 74 2c 61 75 20 61 73 20 6e 61 2c 61 76 20 61 73 20 74 72 2c 61 77 20 61 73 20 4c 6f 2c 61 78 20 61 73 20 6e 72 2c 61 79 20 61 73 20 6c 69 2c 61 7a 20 61 73 20 44 6f 2c 61 41 20 Data Ascii: import{a8 as h,a9 as Oe,aa as Y,ab as Zn,ac as Xe,ad as j,ae as A,af as b,ag as Q,ah as Ht,ai as po,aj as hr,ak as jr,al as Uo,am as er,an as Lt,ao as ea,ap as re,aq as $,ar as Ho,as as ta,at as Ot,au as na,av as tr,aw as Lo,ax as nr,ay as li,az as Do,aA
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 6a 65 63 74 28 65 29 7b 63 6f 6e 73 74 20 74 3d 7b 7d 2c 6e 3d 65 2e 73 70 6c 69 74 28 22 26 22 29 2c 72 3d 6f 3d 3e 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6f 2e 72 65 70 6c 61 63 65 28 2f 5c 2b 2f 67 2c 22 20 22 29 29 3b 72 65 74 75 72 6e 20 6e 2e 66 6f 72 45 61 63 68 28 6f 3d 3e 7b 69 66 28 6f 2e 74 72 69 6d 28 29 29 7b 63 6f 6e 73 74 5b 61 2c 73 5d 3d 6f 2e 73 70 6c 69 74 28 2f 3d 28 2e 2b 29 2f 67 2c 32 29 3b 61 26 26 73 26 26 28 74 5b 72 28 61 29 5d 3d 72 28 73 29 29 7d 7d 29 2c 74 7d 73 74 61 74 69 63 20 74 72 69 6d 41 72 72 61 79 45 6e 74 72 69 65 73 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6d 61 70 28 74 3d 3e 74 2e 74 72 69 6d 28 29 29 7d 73 74 61 74 69 63 20 72 65 6d 6f 76 65 45 6d 70 74 79 53 74 72 69 6e 67 73 46 72 6f 6d 41 72 Data Ascii: ject(e){const t={},n=e.split("&"),r=o=>decodeURIComponent(o.replace(/\+/g," "));return n.forEach(o=>{if(o.trim()){const[a,s]=o.split(/=(.+)/g,2);a&&s&&(t[r(a)]=r(s))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromAr
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 74 75 73 22 2c 22 6d 61 74 73 48 74 74 70 53 74 61 74 75 73 22 2c 22 72 65 66 72 65 73 68 54 6f 6b 65 6e 53 69 7a 65 22 2c 22 71 75 65 75 65 64 54 69 6d 65 4d 73 22 2c 22 73 74 61 72 74 54 69 6d 65 4d 73 22 2c 22 73 74 61 74 75 73 22 2c 22 6d 75 6c 74 69 4d 61 74 63 68 65 64 41 54 22 2c 22 6d 75 6c 74 69 4d 61 74 63 68 65 64 49 44 22 2c 22 6d 75 6c 74 69 4d 61 74 63 68 65 64 52 54 22 5d 29 3b 2f 2a 21 20 40 61 7a 75 72 65 2f 6d 73 61 6c 2d 63 6f 6d 6d 6f 6e 20 76 31 34 2e 31 33 2e 30 20 32 30 32 34 2d 30 37 2d 30 31 20 2a 2f 63 6f 6e 73 74 20 48 65 3d 28 69 2c 65 2c 74 2c 6e 2c 72 29 3d 3e 28 2e 2e 2e 6f 29 3d 3e 7b 74 2e 74 72 61 63 65 28 60 45 78 65 63 75 74 69 6e 67 20 66 75 6e 63 74 69 6f 6e 20 24 7b 65 7d 60 29 3b 63 6f 6e 73 74 20 61 3d 6e 3f 2e 73 Data Ascii: tus","matsHttpStatus","refreshTokenSize","queuedTimeMs","startTimeMs","status","multiMatchedAT","multiMatchedID","multiMatchedRT"]);/! @azure/msal-common v14.13.0 2024-07-01 /const He=(i,e,t,n,r)=>(...o)=>{t.trace(`Executing function ${e}`);const a=n?.s
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 69 6e 20 61 75 74 68 6f 72 69 74 79 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 29 2c 57 72 28 65 2c 74 2c 21 31 29 2c 59 2e 43 4f 4e 46 49 47 3b 69 66 28 74 68 69 73 2e 6c 6f 67 67 65 72 2e 76 65 72 62 6f 73 65 28 22 44 69 64 20 6e 6f 74 20 66 69 6e 64 20 63 6c 6f 75 64 20 64 69 73 63 6f 76 65 72 79 20 6d 65 74 61 64 61 74 61 20 69 6e 20 74 68 65 20 63 6f 6e 66 69 67 2e 2e 2e 20 41 74 74 65 6d 70 74 69 6e 67 20 74 6f 20 67 65 74 20 63 6c 6f 75 64 20 64 69 73 63 6f 76 65 72 79 20 6d 65 74 61 64 61 74 61 20 66 72 6f 6d 20 74 68 65 20 68 61 72 64 63 6f 64 65 64 20 76 61 6c 75 65 73 2e 22 29 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73 6b 69 70 41 75 74 68 6f 72 69 74 79 4d 65 74 61 64 61 74 61 43 61 63 68 65 29 74 68 69 73 2e 6c 6f 67 67 65 72 2e 76 65 72 Data Ascii: in authority configuration"),Wr(e,t,!1),Y.CONFIG;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.ver
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 60 29 2c 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 74 68 69 73 2c 44 65 2e 70 72 6f 74 6f 74 79 70 65 29 2c 74 68 69 73 2e 6e 61 6d 65 3d 22 43 61 63 68 65 45 72 72 6f 72 22 2c 74 68 69 73 2e 65 72 72 6f 72 43 6f 64 65 3d 65 2c 74 68 69 73 2e 65 72 72 6f 72 4d 65 73 73 61 67 65 3d 6e 7d 7d 2f 2a 21 20 40 61 7a 75 72 65 2f 6d 73 61 6c 2d 63 6f 6d 6d 6f 6e 20 76 31 34 2e 31 33 2e 30 20 32 30 32 34 2d 30 37 2d 30 31 20 2a 2f 63 6c 61 73 73 20 76 74 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 2c 74 2c 6e 2c 72 29 7b 74 68 69 73 2e 63 6c 69 65 6e 74 49 64 3d 65 2c 74 68 69 73 2e 63 72 79 70 74 6f 49 6d 70 6c 3d 74 2c 74 68 69 73 2e 63 6f 6d 6d 6f 6e 4c 6f 67 67 65 72 3d 6e 2e 63 6c 6f 6e 65 28 76 69 2c 54 6f 29 2c 74 68 69 73 2e 73 74 61 Data Ascii: `),Object.setPrototypeOf(this,De.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}/! @azure/msal-common v14.13.0 2024-07-01 /class vt{constructor(e,t,n,r){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(vi,To),this.sta
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 75 6c 6c 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 73 28 69 29 7b 72 65 74 75 72 6e 7b 63 6c 69 65 6e 74 43 61 70 61 62 69 6c 69 74 69 65 73 3a 5b 5d 2c 61 7a 75 72 65 43 6c 6f 75 64 4f 70 74 69 6f 6e 73 3a 79 73 2c 73 6b 69 70 41 75 74 68 6f 72 69 74 79 4d 65 74 61 64 61 74 61 43 61 63 68 65 3a 21 31 2c 2e 2e 2e 69 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 6f 28 69 29 7b 72 65 74 75 72 6e 20 69 2e 61 75 74 68 4f 70 74 69 6f 6e 73 2e 61 75 74 68 6f 72 69 74 79 2e 6f 70 74 69 6f 6e 73 2e 70 72 6f 74 6f 63 6f 6c 4d 6f 64 65 3d 3d 3d 45 65 2e 4f 49 44 43 7d 2f 2a 21 20 40 61 7a 75 72 65 2f 6d 73 61 6c 2d 63 6f 6d 6d 6f 6e 20 76 31 34 2e 31 33 2e 30 20 32 30 32 34 2d 30 37 2d 30 31 20 2a 2f 63 6c 61 73 73 20 66 65 20 65 78 74 65 6e 64 73 20 4e 7b 63 6f 6e 73 74 72 75 63 Data Ascii: ull}}function Is(i){return{clientCapabilities:[],azureCloudOptions:ys,skipAuthorityMetadataCache:!1,...i}}function ro(i){return i.authOptions.authority.options.protocolMode===Ee.OIDC}/! @azure/msal-common v14.13.0 2024-07-01 /class fe extends N{construc
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 78 70 69 72 65 73 5f 69 6e 2c 31 30 29 3a 65 2e 72 65 66 72 65 73 68 5f 74 6f 6b 65 6e 5f 65 78 70 69 72 65 73 5f 69 6e 3b 6b 3d 6e 2b 78 7d 76 3d 43 69 28 74 68 69 73 2e 68 6f 6d 65 41 63 63 6f 75 6e 74 49 64 65 6e 74 69 66 69 65 72 2c 6c 2c 65 2e 72 65 66 72 65 73 68 5f 74 6f 6b 65 6e 2c 74 68 69 73 2e 63 6c 69 65 6e 74 49 64 2c 65 2e 66 6f 63 69 2c 61 2c 6b 29 7d 6c 65 74 20 5f 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 65 2e 66 6f 63 69 26 26 28 5f 3d 7b 63 6c 69 65 6e 74 49 64 3a 74 68 69 73 2e 63 6c 69 65 6e 74 49 64 2c 65 6e 76 69 72 6f 6e 6d 65 6e 74 3a 6c 2c 66 61 6d 69 6c 79 49 64 3a 65 2e 66 6f 63 69 7d 29 2c 7b 61 63 63 6f 75 6e 74 3a 6d 2c 69 64 54 6f 6b 65 6e 3a 75 2c 61 63 63 65 73 73 54 6f 6b 65 6e 3a 66 2c 72 65 66 72 65 73 68 54 6f 6b 65 6e Data Ascii: xpires_in,10):e.refresh_token_expires_in;k=n+x}v=Ci(this.homeAccountIdentifier,l,e.refresh_token,this.clientId,e.foci,a,k)}let _=null;return e.foci&&(_={clientId:this.clientId,environment:l,familyId:e.foci}),{account:m,idToken:u,accessToken:f,refreshToken
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 69 73 2e 63 6f 6e 66 69 67 2e 73 79 73 74 65 6d 4f 70 74 69 6f 6e 73 2e 70 72 65 76 65 6e 74 43 6f 72 73 50 72 65 66 6c 69 67 68 74 26 26 65 2e 63 63 73 43 72 65 64 65 6e 74 69 61 6c 29 73 77 69 74 63 68 28 65 2e 63 63 73 43 72 65 64 65 6e 74 69 61 6c 2e 74 79 70 65 29 7b 63 61 73 65 20 58 2e 48 4f 4d 45 5f 41 43 43 4f 55 4e 54 5f 49 44 3a 74 72 79 7b 63 6f 6e 73 74 20 72 3d 6e 74 28 65 2e 63 63 73 43 72 65 64 65 6e 74 69 61 6c 2e 63 72 65 64 65 6e 74 69 61 6c 29 3b 6e 2e 61 64 64 43 63 73 4f 69 64 28 72 29 7d 63 61 74 63 68 28 72 29 7b 74 68 69 73 2e 6c 6f 67 67 65 72 2e 76 65 72 62 6f 73 65 28 22 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 68 6f 6d 65 20 61 63 63 6f 75 6e 74 20 49 44 20 66 6f 72 20 43 43 53 20 48 65 61 64 65 72 3a 20 22 2b 72 29 7d Data Ascii: is.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case X.HOME_ACCOUNT_ID:try{const r=nt(e.ccsCredential.credential);n.addCcsOid(r)}catch(r){this.logger.verbose("Could not parse home account ID for CCS Header: "+r)}
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 66 6f 72 6d 61 6e 63 65 43 6c 69 65 6e 74 3a 20 45 6d 69 74 74 69 6e 67 20 70 65 72 66 6f 72 6d 61 6e 63 65 20 65 76 65 6e 74 73 22 2c 74 29 2c 74 68 69 73 2e 63 61 6c 6c 62 61 63 6b 73 2e 66 6f 72 45 61 63 68 28 28 6e 2c 72 29 3d 3e 7b 74 68 69 73 2e 6c 6f 67 67 65 72 2e 74 72 61 63 65 28 60 50 65 72 66 6f 72 6d 61 6e 63 65 43 6c 69 65 6e 74 3a 20 45 6d 69 74 74 69 6e 67 20 65 76 65 6e 74 20 74 6f 20 63 61 6c 6c 62 61 63 6b 20 24 7b 72 7d 60 2c 74 29 2c 6e 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 5b 65 5d 29 7d 29 7d 74 72 75 6e 63 61 74 65 49 6e 74 65 67 72 61 6c 46 69 65 6c 64 73 28 65 29 7b 74 68 69 73 2e 69 6e 74 46 69 65 6c 64 73 2e 66 6f 72 45 61 63 68 28 74 3d 3e 7b 74 20 69 6e 20 65 26 26 74 79 70 65 6f 66 20 65 5b 74 5d 3d 3d 22 6e 75 6d 62 65 72 22 Data Ascii: formanceClient: Emitting performance events",t),this.callbacks.forEach((n,r)=>{this.logger.trace(`PerformanceClient: Emitting event to callback ${r}`,t),n.apply(null,[e])})}truncateIntegralFields(e){this.intFields.forEach(t=>{t in e&&typeof e[t]=="number"
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 6d 65 54 69 6d 65 6f 75 74 3a 30 2c 77 69 6e 64 6f 77 48 61 73 68 54 69 6d 65 6f 75 74 3a 74 3f 2e 6c 6f 61 64 46 72 61 6d 65 54 69 6d 65 6f 75 74 7c 7c 6a 73 2c 69 66 72 61 6d 65 48 61 73 68 54 69 6d 65 6f 75 74 3a 74 3f 2e 6c 6f 61 64 46 72 61 6d 65 54 69 6d 65 6f 75 74 7c 7c 63 6f 2c 6e 61 76 69 67 61 74 65 46 72 61 6d 65 57 61 69 74 3a 30 2c 72 65 64 69 72 65 63 74 4e 61 76 69 67 61 74 69 6f 6e 54 69 6d 65 6f 75 74 3a 57 73 2c 61 73 79 6e 63 50 6f 70 75 70 73 3a 21 31 2c 61 6c 6c 6f 77 52 65 64 69 72 65 63 74 49 6e 49 66 72 61 6d 65 3a 21 31 2c 61 6c 6c 6f 77 4e 61 74 69 76 65 42 72 6f 6b 65 72 3a 21 31 2c 6e 61 74 69 76 65 42 72 6f 6b 65 72 48 61 6e 64 73 68 61 6b 65 54 69 6d 65 6f 75 74 3a 74 3f 2e 6e 61 74 69 76 65 42 72 6f 6b 65 72 48 61 6e 64 73 Data Ascii: meTimeout:0,windowHashTimeout:t?.loadFrameTimeout\|\|js,iframeHashTimeout:t?.loadFrameTimeout\|\|co,navigateFrameWait:0,redirectNavigationTimeout:Ws,asyncPopups:!1,allowRedirectInIframe:!1,allowNativeBroker:!1,nativeBrokerHandshakeTimeout:t?.nativeBrokerHands

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.16	49838	20.42.73.24	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	706	OUT	OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1 Host: browser.events.data.microsoft.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time Origin: https://www.microsoft.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:40 UTC	606	IN	HTTP/1.1 200 OK Cache-Control: public, 3600 Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody Access-Control-Max-Age: 3600 Access-Control-Allow-Origin: https://www.microsoft.com Date: Fri, 30 Aug 2024 17:06:39 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.16	49839	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	651	OUT	GET /shared/edgeweb/img/pinning-browser.b02edf1.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:40 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:40 GMT Content-Type: image/svg+xml Content-Length: 1379 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"563-19180c4539f" Last-Modified: Fri, 23 Aug 2024 19:43:55 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170640Z-16579567576h9nndaeer0cv35w00000003kg00000000a0ct x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:40 UTC	1379	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 37 39 32 22 20 68 65 69 67 68 74 3d 22 36 30 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 37 39 32 20 36 30 30 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 3e 3c 64 65 66 73 3e 3c 66 69 6c 74 65 72 20 78 3d 22 2d 31 2e 36 25 22 20 79 3d 22 2d 33 25 22 20 77 69 64 74 68 3d 22 31 30 33 2e 31 25 22 20 68 65 69 67 68 74 3d 22 31 30 39 2e 34 25 22 20 66 69 6c 74 65 72 55 6e 69 74 73 3d 22 6f 62 6a 65 63 74 42 6f 75 6e 64 69 6e 67 42 6f 78 22 20 69 64 3d 22 61 22 3e 3c 66 65 4f 66 66 73 65 74 20 64 79 3d 22 31 30 22 20 69 6e 3d Data Ascii: <svg width="1792" height="600" viewBox="0 0 1792 600" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><filter x="-1.6%" y="-3%" width="103.1%" height="109.4%" filterUnits="objectBoundingBox" id="a"><feOffset dy="10" in=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.16	49842	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	644	OUT	GET /louserzed-strings/en-gb/strings.json?v=6c6e9856f9 HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:40 UTC	1287	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:40 GMT Content-Type: application/json Content-Length: 32920 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27f1224fb98" Last-Modified: Mon, 19 Aug 2024 21:30:54 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: VnCvecXef0+vAI29.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170640Z-16579567576ztstdfgdnkw0mpw00000003y0000000001yrg x-fd-int-roxy-purgeid: 66820184 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-08-30 17:06:40 UTC	15097	IN	Data Raw: 7b 0d 0a 20 20 22 41 62 6f 75 74 50 61 67 65 2e 44 69 73 63 6c 61 69 6d 65 72 50 6c 75 73 22 3a 20 22 53 63 72 65 65 6e 73 20 73 69 6d 75 6c 61 74 65 64 2e 20 46 65 61 74 75 72 65 73 20 61 6e 64 20 61 70 70 20 61 76 61 69 6c 61 62 69 6c 69 74 79 20 6d 61 79 20 76 61 72 79 20 62 79 20 72 65 67 69 6f 6e 2e 20 41 70 70 73 2c 20 67 61 6d 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 65 6e 74 2f 73 75 62 73 63 72 69 70 74 69 6f 6e 73 20 73 6f 6c 64 20 73 65 70 61 72 61 74 65 6c 79 3b 20 66 72 65 65 20 61 70 70 73 20 6d 61 79 20 63 6f 6e 74 61 69 6e 20 61 64 73 20 6f 72 20 69 6e 2d 61 70 70 20 70 75 72 63 68 61 73 65 73 2e 22 2c 0d 0a 20 20 22 41 62 6f 75 74 50 61 67 65 2e 44 69 73 63 6c 61 69 6d 65 72 4f 6e 65 22 3a 20 22 4f 6e 6c 79 20 61 70 70 6c 69 Data Ascii: { "AboutPage.DisclaimerPlus": "Screens simulated. Features and app availability may vary by region. Apps, games, and other content/subscriptions sold separately; free apps may contain ads or in-app purchases.", "AboutPage.DisclaimerOne": "Only appli
2024-08-30 17:06:40 UTC	16384	IN	Data Raw: 20 22 44 65 76 65 6c 6f 70 65 64 20 62 79 22 2c 0d 0a 20 20 22 50 72 6f 64 75 63 74 44 65 74 61 69 6c 73 2e 44 69 72 65 63 74 6f 72 73 22 3a 20 22 44 69 72 65 63 74 6f 72 73 22 2c 0d 0a 20 20 22 50 72 6f 64 75 63 74 44 65 74 61 69 6c 73 2e 44 75 72 61 74 69 6f 6e 22 3a 20 22 44 75 72 61 74 69 6f 6e 22 2c 0d 0a 20 20 22 50 72 6f 64 75 63 74 44 65 74 61 69 6c 73 2e 46 65 61 74 75 72 65 73 48 65 61 64 65 72 22 3a 20 22 46 65 61 74 75 72 65 73 22 2c 0d 0a 20 20 22 50 72 6f 64 75 63 74 44 65 74 61 69 6c 73 2e 46 72 65 65 22 3a 20 22 46 72 65 65 22 2c 0d 0a 20 20 22 50 72 6f 64 75 63 74 44 65 74 61 69 6c 73 2e 46 72 65 65 2e 63 6f 6d 6d 65 6e 74 22 3a 20 22 54 68 65 20 66 72 65 65 20 63 6f 6d 70 61 72 69 73 6f 6e 20 73 74 72 69 6e 67 20 66 6f 72 20 74 68 65 20 Data Ascii: "Developed by", "ProductDetails.Directors": "Directors", "ProductDetails.Duration": "Duration", "ProductDetails.FeaturesHeader": "Features", "ProductDetails.Free": "Free", "ProductDetails.Free.comment": "The free comparison string for the
2024-08-30 17:06:40 UTC	1439	IN	Data Raw: 30 7d 2e 20 49 74 20 6d 61 79 20 62 65 20 75 6e 61 76 61 69 6c 61 62 6c 65 20 69 6e 20 79 6f 75 72 20 6d 61 72 6b 65 74 2e 22 2c 0d 0a 20 20 22 45 72 72 6f 72 2e 50 72 6f 64 75 63 74 44 65 6c 69 73 74 65 64 2e 54 69 74 6c 65 22 3a 20 22 50 72 6f 64 75 63 74 20 72 65 6d 6f 76 65 64 22 2c 0d 0a 20 20 22 45 72 72 6f 72 2e 50 72 6f 64 75 63 74 44 65 6c 69 73 74 65 64 2e 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 7b 30 7d 2e 20 49 74 20 6d 61 79 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 53 74 6f 72 65 2e 22 2c 0d 0a 20 20 22 45 72 72 6f 72 2e 53 65 61 72 63 68 4e 6f 74 46 6f 75 6e 64 2e 54 69 74 6c 65 22 3a 20 22 4e 6f 20 72 65 73 75 6c 74 73 20 66 6f 72 20 7b 30 7d Data Ascii: 0}. It may be unavailable in your market.", "Error.ProductDelisted.Title": "Product removed", "Error.ProductDelisted.Description": "We couldn't find {0}. It may have been removed from the Store.", "Error.SearchNotFound.Title": "No results for {0}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.16	49841	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	716	OUT	GET /api/settings/flags?gl=US&hl=en-us&sessionId= HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 X-API-Ref: db2c8457ef6ae807db500c0199cc06898be1b23d3cd9b3206a65b7c81f4185f0 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:40 UTC	1104	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:40 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-store Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: gmeUVC0ctk2sXPne.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170640Z-16579567576j7nvvu5n0ytgs1c00000003ug00000000g828 x-fd-int-roxy-purgeid: 66820184 X-Cache: PRIVATE_NOSTORE
2024-08-30 17:06:40 UTC	810	IN	Data Raw: 33 31 65 0d 0a 7b 22 63 6f 6e 74 65 78 74 22 3a 22 36 31 34 36 64 30 31 61 2d 65 33 37 30 3a 32 36 33 31 33 3b 66 31 38 64 65 37 36 65 2d 62 63 35 33 3a 32 36 33 36 32 3b 35 64 61 64 61 64 31 38 2d 65 65 34 36 3a 32 36 33 36 35 3b 31 34 65 33 61 33 64 39 2d 64 38 32 37 3a 32 39 33 38 32 3b 34 31 39 33 33 64 30 36 2d 36 64 66 61 3a 32 39 38 34 30 3b 64 33 65 31 34 65 63 34 2d 62 33 33 32 3a 32 39 38 35 31 3b 61 63 65 30 62 32 35 64 2d 32 65 32 63 3a 33 30 30 35 35 3b 39 64 62 33 62 65 66 65 2d 30 35 65 63 3a 33 32 35 38 31 3b 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 35 63 35 30 63 32 62 65 2d 32 32 38 30 2d 34 38 39 34 2d 38 62 39 64 2d 30 38 37 36 39 64 35 66 36 62 35 64 22 2c 22 73 65 73 73 69 6f 6e 44 75 72 61 74 69 6f 6e 22 3a 31 32 30 39 36 30 30 Data Ascii: 31e{"context":"6146d01a-e370:26313;f18de76e-bc53:26362;5dadad18-ee46:26365;14e3a3d9-d827:29382;41933d06-6dfa:29840;d3e14ec4-b332:29851;ace0b25d-2e2c:30055;9db3befe-05ec:32581;","sessionId":"5c50c2be-2280-4894-8b9d-08769d5f6b5d","sessionDuration":1209600

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.16	49843	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	715	OUT	GET /api/Products/ZeroStateSearch?gl=US&hl=en-us HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 X-API-Ref: ebe1c0636328a720580a52e74af985ddefbb0609f391016b633be0072e31e7fc sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:41 UTC	1072	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: ALvFaMfhb0W2VXt1.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170640Z-16579567576kv75wmks9m65qec00000003s000000000r5gk x-fd-int-roxy-purgeid: 66820184 X-Cache: TCP_MISS
2024-08-30 17:06:41 UTC	15312	IN	Data Raw: 33 36 39 36 0d 0a 7b 22 73 65 63 74 69 6f 6e 54 69 74 6c 65 22 3a 22 52 65 63 6f 6d 6d 65 6e 64 65 64 20 66 6f 72 20 79 6f 75 22 2c 22 70 72 6f 64 75 63 74 73 22 3a 5b 7b 22 70 72 6f 64 75 63 74 49 64 22 3a 22 39 4e 4d 53 34 53 46 4e 42 47 42 48 22 2c 22 62 61 6e 6e 65 72 54 65 78 74 22 3a 6e 75 6c 6c 2c 22 74 69 74 6c 65 22 3a 22 44 65 61 64 20 62 79 20 44 61 79 6c 69 67 68 74 20 57 69 6e 64 6f 77 73 22 2c 22 73 75 62 74 69 74 6c 65 22 3a 6e 75 6c 6c 2c 22 63 61 74 65 67 6f 72 69 65 73 22 3a 5b 22 41 63 74 69 6f 6e 20 26 20 61 64 76 65 6e 74 75 72 65 22 2c 22 4f 74 68 65 72 22 5d 2c 22 61 76 65 72 61 67 65 52 61 74 69 6e 67 22 3a 34 2e 31 2c 22 69 6d 61 67 65 73 22 3a 5b 7b 22 69 6d 61 67 65 54 79 70 65 22 3a 22 42 6f 78 41 72 74 22 2c 22 62 61 63 6b 67 Data Ascii: 3696{"sectionTitle":"Recommended for you","products":[{"productId":"9NMS4SFNBGBH","bannerText":null,"title":"Dead by Daylight Windows","subtitle":null,"categories":["Action & adventure","Other"],"averageRating":4.1,"images":[{"imageType":"BoxArt","backg
2024-08-30 17:06:41 UTC	16384	IN	Data Raw: 22 3a 22 22 2c 22 66 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 63 61 70 74 69 6f 6e 22 3a 22 22 2c 22 69 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 44 65 73 6b 74 6f 70 2f 30 22 2c 22 70 72 6f 64 75 63 74 43 6f 6c 6f 72 22 3a 6e 75 6c 6c 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2d 69 6d 61 67 65 73 2e 73 2d 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 69 6d 61 67 65 2f 61 70 70 73 2e 33 38 30 33 33 2e 31 33 36 35 39 39 33 31 36 30 38 31 30 35 30 30 34 2e 31 65 32 37 36 32 62 30 2d 32 64 32 32 2d 34 66 31 38 2d 62 62 35 33 2d 38 38 33 61 66 34 34 38 38 31 65 66 2e 37 63 65 35 35 30 66 33 2d 38 62 62 62 2d 34 32 35 61 2d 61 61 32 66 2d 63 30 65 33 30 32 62 33 33 39 30 30 22 2c 22 68 65 69 67 68 74 22 3a 39 Data Ascii: ":"","foregroundColor":"","caption":"","imagePositionInfo":"Desktop/0","productColor":null,"url":"https://store-images.s-microsoft.com/image/apps.38033.13659931608105004.1e2762b0-2d22-4f18-bb53-883af44881ef.7ce550f3-8bbb-425a-aa2f-c0e302b33900","height":9
2024-08-30 17:06:41 UTC	16384	IN	Data Raw: 62 2d 32 37 62 31 62 64 33 30 33 38 66 36 2e 37 38 37 64 39 32 32 35 2d 66 63 38 39 2d 34 38 65 61 2d 38 34 37 36 2d 30 32 66 31 63 62 38 35 34 64 65 63 22 2c 22 68 65 69 67 68 74 22 3a 31 30 38 30 2c 22 77 69 64 74 68 22 3a 31 30 38 30 7d 2c 7b 22 69 6d 61 67 65 54 79 70 65 22 3a 22 50 6f 73 74 65 72 22 2c 22 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 66 6f 72 65 67 72 6f 75 6e 64 43 6f 6c 6f 72 22 3a 22 22 2c 22 63 61 70 74 69 6f 6e 22 3a 22 22 2c 22 69 6d 61 67 65 50 6f 73 69 74 69 6f 6e 49 6e 66 6f 22 3a 22 22 2c 22 70 72 6f 64 75 63 74 43 6f 6c 6f 72 22 3a 6e 75 6c 6c 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2d 69 6d 61 67 65 73 2e 73 2d 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 69 6d 61 67 65 2f 61 70 70 73 Data Ascii: b-27b1bd3038f6.787d9225-fc89-48ea-8476-02f1cb854dec","height":1080,"width":1080},{"imageType":"Poster","backgroundColor":"","foregroundColor":"","caption":"","imagePositionInfo":"","productColor":null,"url":"https://store-images.s-microsoft.com/image/apps
2024-08-30 17:06:41 UTC	14170	IN	Data Raw: 74 69 6f 6e 49 6e 66 6f 22 3a 22 56 69 64 65 6f 2f 30 22 2c 22 6f 76 65 72 6c 61 79 46 69 6c 65 73 22 3a 6e 75 6c 6c 2c 22 73 6f 72 74 4f 72 64 65 72 22 3a 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 75 6e 69 76 65 72 73 61 6c 73 74 6f 72 65 2e 73 74 72 65 61 6d 69 6e 67 2e 6d 65 64 69 61 73 65 72 76 69 63 65 73 2e 77 69 6e 64 6f 77 73 2e 6e 65 74 2f 32 30 61 33 64 31 31 37 2d 33 66 66 64 2d 34 37 32 64 2d 38 62 65 30 2d 35 32 39 33 63 65 36 30 63 61 61 65 2f 32 62 34 33 31 35 62 30 2d 35 38 63 62 2d 34 39 38 65 2d 62 32 33 63 2d 38 31 65 36 36 35 32 63 2e 69 73 6d 2f 6d 61 6e 69 66 65 73 74 28 66 6f 72 6d 61 74 3d 6d 70 64 2d 74 69 6d 65 2d 63 73 66 2c 66 69 6c 74 65 72 3d 58 62 6f 78 29 22 2c 22 68 65 69 67 68 74 22 3a 31 30 38 30 2c 22 77 69 64 Data Ascii: tionInfo":"Video/0","overlayFiles":null,"sortOrder":1,"url":"https://universalstore.streaming.mediaservices.windows.net/20a3d117-3ffd-472d-8be0-5293ce60caae/2b4315b0-58cb-498e-b23c-81e6652c.ism/manifest(format=mpd-time-csf,filter=Xbox)","height":1080,"wid

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.16	49840	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	609	OUT	GET /clarity.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:40 UTC	1190	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:40 GMT Content-Type: text/javascript Content-Length: 315 Connection: close Cache-Control: public, max-age=3600 ETag: "1daf27f12247a3b" Last-Modified: Mon, 19 Aug 2024 21:30:54 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: hT0jKWJRHkWSeuaA.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170640Z-16579567576j7nvvu5n0ytgs1c00000003ug00000000g82c x-fd-int-roxy-purgeid: 66820184 X-Cache: TCP_REVALIDATED_HIT Accept-Ranges: bytes
2024-08-30 17:06:40 UTC	315	IN	Data Raw: 2f 2a 20 65 73 6c 69 6e 74 2d 64 69 73 61 62 6c 65 20 2a 2f 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 0d 0a 20 20 20 20 63 5b 61 5d 3d 63 5b 61 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 63 5b 61 5d 2e 71 3d 63 5b 61 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 3b 0d 0a 20 20 20 20 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 3b 74 2e 61 73 79 6e 63 3d 31 3b 74 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 74 61 67 2f 22 2b 69 3b 0d 0a 20 20 20 20 79 3d 6c 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 72 29 5b 30 5d 3b 79 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 74 2c 79 29 3b Data Ascii: /* eslint-disable */(function(c,l,a,r,i,t,y){ c[a]=c[a]\|\|function(){(c[a].q=c[a].q\|\|[]).push(arguments)}; t=l.createElement(r);t.async=1;t.src="https://www.clarity.ms/tag/"+i; y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y);

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.16	49847	68.67.179.87	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:40 UTC	812	OUT	GET /pixie?e=LandingPage&pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd&it=1725037594300&v=0.0.38&u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&st=1725037594300&et=1725037595842&if=0 HTTP/1.1 Host: ib.adnxs.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:41 UTC	296	IN	HTTP/1.1 200 OK Server: nginx/1.23.4 Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: image/gif Content-Length: 42 Connection: close Cache-Control: no-cache, no-store, must-revalidate X-Proxy-Origin: 8.46.123.33; 8.46.123.33; 585.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
2024-08-30 17:06:41 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.16	49845	20.42.73.24	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	996	OUT	POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1 Host: browser.events.data.microsoft.com Connection: keep-alive Content-Length: 953 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" upload-time: 1725037598555 sec-ch-ua-mobile: ?0 client-version: 1DS-Web-JS-3.2.18 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 time-delta-to-apply-millis: use-collector-delta content-type: application/x-json-stream cache-control: no-cache, no-store apikey: 6071a635faa9495f9a5e79641fcee35e-eecc90fc-dd86-4371-a263-8ec1ec7d9d06-6609 Client-Id: NO_AUTH sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR
2024-08-30 17:06:41 UTC	953	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 31 37 3a 30 36 3a 33 36 2e 35 35 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 36 30 37 31 61 36 33 35 66 61 61 39 34 39 35 66 39 61 35 65 37 39 36 34 31 66 63 65 65 33 35 65 22 2c 22 65 78 74 22 3a 7b 22 77 65 62 22 3a 7b 22 69 73 4d 61 6e 75 61 6c 22 3a 66 61 6c 73 65 2c 22 64 6f 6d 61 69 6e 22 3a 22 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 75 73 65 72 43 6f 6e 73 65 6e 74 22 3a 74 72 75 65 2c 22 63 6f 6e 73 65 6e 74 44 65 74 61 69 6c 73 22 3a 22 7b 5c 22 52 65 71 75 69 72 65 64 5c 22 3a 74 72 75 65 2c 5c 22 41 6e 61 6c 79 74 69 63 73 5c 22 3a 74 72 75 65 2c 5c 22 53 6f Data Ascii: {"name":"Ms.Web.PageView","time":"2024-08-30T17:06:36.553Z","ver":"4.0","iKey":"o:6071a635faa9495f9a5e79641fcee35e","ext":{"web":{"isManual":false,"domain":"www.microsoft.com","userConsent":true,"consentDetails":"{\"Required\":true,\"Analytics\":true,\"So
2024-08-30 17:06:41 UTC	922	IN	HTTP/1.1 200 OK Content-Length: 153 Content-Type: application/json Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; Domain=.microsoft.com; Expires=Sat, 30 Aug 2025 17:06:41 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=3ff7644f482e4ef18a6c09d30f0da6df; Domain=.microsoft.com; Expires=Fri, 30 Aug 2024 17:36:41 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2552 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://www.microsoft.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 30 Aug 2024 17:06:40 GMT Connection: close
2024-08-30 17:06:41 UTC	153	IN	Data Raw: 7b 22 61 63 63 22 3a 31 2c 22 77 65 62 52 65 73 75 6c 74 22 3a 7b 22 6d 73 66 70 63 22 3a 22 47 55 49 44 3d 38 30 36 36 39 33 33 38 31 37 63 31 34 64 64 34 62 39 35 65 63 30 66 31 34 61 65 32 66 35 32 65 26 48 41 53 48 3d 38 30 36 36 26 4c 56 3d 32 30 32 34 30 38 26 56 3d 34 26 4c 55 3d 31 37 32 35 30 33 37 36 30 31 31 30 37 22 2c 22 6d 63 31 22 3a 22 38 30 36 36 39 33 33 38 31 37 63 31 34 64 64 34 62 39 35 65 63 30 66 31 34 61 65 32 66 35 32 65 22 7d 7d Data Ascii: {"acc":1,"webResult":{"msfpc":"GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107","mc1":"8066933817c14dd4b95ec0f14ae2f52e"}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.16	49844	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	649	OUT	GET /shared/edgeweb/img/pinning-arrow.e9317cd.svg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:41 UTC	707	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: image/svg+xml Content-Length: 457 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1c9-19180c453fd" Last-Modified: Fri, 23 Aug 2024 19:43:55 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170641Z-16579567576vpzq62mgx0my8kw00000003t000000000purn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:41 UTC	457	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 32 33 22 20 68 65 69 67 68 74 3d 22 34 30 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 33 20 34 30 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 64 65 66 73 3e 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 78 31 3d 22 35 30 25 22 20 79 31 3d 22 30 25 22 20 78 32 3d 22 35 30 25 22 20 79 32 3d 22 31 30 30 25 22 20 69 64 3d 22 61 22 3e 3c 73 74 6f 70 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 33 30 43 32 45 32 22 20 6f 66 66 73 65 74 3d 22 30 25 22 2f 3e 3c 73 74 6f 70 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 30 37 37 46 44 38 22 20 6f 66 66 73 65 74 3d 22 35 33 2e 32 33 32 25 22 2f 3e 3c 73 74 6f 70 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 30 46 35 Data Ascii: <svg width="23" height="40" viewBox="0 0 23 40" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient x1="50%" y1="0%" x2="50%" y2="100%" id="a"><stop stop-color="#30C2E2" offset="0%"/><stop stop-color="#077FD8" offset="53.232%"/><stop stop-color="#0F5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.16	49846	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	678	OUT	GET /shared/cms/lrs1c69a1j/section-images/38c8c879d3854390897db9c4b7f3a682.jpg HTTP/1.1 Host: edgestatic.azureedge.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:42 UTC	682	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: image/jpeg Content-Length: 157074 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"26592-18c5b6d7e6c" Last-Modified: Tue, 12 Dec 2023 00:29:11 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20240830T170641Z-16579567576p25xcxh3nycmsaw00000003d0000000006khk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-08-30 17:06:42 UTC	15702	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 50 00 00 ff e1 03 4c 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 39 2e 31 2d 63 30 30 31 20 37 39 2e 61 38 64 34 37 35 33 34 39 2c 20 32 30 32 33 2f 30 33 2f 32 33 2d 31 33 3a 30 35 3a 34 35 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 Data Ascii: ExifII*DuckyPLhttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.a8d475349, 2023/03/23-13:05:45 "> <rdf:RDF
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 9f c4 27 43 2f 96 7d d2 7a dc 3e 7c 7d f0 df de bc 1f b4 4e fd 0d df 88 4e 86 5f 2c fb a4 f5 98 7c f8 fb e1 bf bd 58 7f 68 5d fa 13 bf 10 9d 0c be 59 f7 4a fa cc 3e 7c 7d f0 df de ac 5f b4 0f fd 09 df 88 4e 86 5f 2c fb a4 f5 98 7c f8 fb e1 bf bd 38 fe 7f 7f e8 4e fc 42 74 32 f9 67 dd 27 ac c3 e7 c7 df 03 f7 a4 cf 9f a4 fd 05 df 88 4e 86 5f 2c fb a4 f5 98 7c f8 fb e1 bf bd 16 fc fb 27 e8 2f fc 42 74 27 e5 9f 74 9e af 1f 9e 3d f0 df de 80 f9 f6 5f d0 5f f8 84 e8 4f cb 3e e9 3d 5e 3f 3c 7b e1 bf bc ff 00 ff 00 6e 4b fa 0b ff 00 10 a7 46 7e 59 f7 49 ea f1 f9 e3 df 03 f7 9c 7e 7b 9b f4 07 fe 21 3a 33 f2 cf ba 4f 57 8f cf 1e f8 6f ef 35 df 3d 4d fa 03 ff 00 10 9d 19 f9 67 dd 27 ab c7 e7 8f 7c 37 f7 98 ff 00 9e 67 fd 01 ff 00 e5 d3 a3 3f 2c fb a4 f5 78 fc f1 ef Data Ascii: 'C/}z>\|}NN_,\|Xh]YJ>\|}_N_,\|8NBt2g'N_,\|'/Bt't=__O>=^?<{nKF~YI~{!:3OWo5=Mg'\|7g?,x
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: a2 bd ac cc 24 5a a2 22 5b 54 66 91 7b 11 10 73 4e 2a 88 96 ed 51 94 5c d4 44 4b 74 a3 34 8b 9a 55 b4 a4 cb 55 b4 a2 39 a9 12 94 99 6a b6 94 91 6a b6 89 b9 ab 51 29 30 f8 2b 58 17 ae 65 c2 95 6b 79 3a 52 ca 5d ad 3b 14 b6 e2 16 0d 05 49 96 aa 17 6b 4e 80 14 b5 a5 83 54 b6 a9 66 b3 91 66 d6 21 60 da 6a 46 a9 50 d1 a6 89 65 2e 1b a3 0e 95 2d 69 50 ce 45 2d a5 5a de 44 66 5d 0d 61 a8 c3 05 57 4b a1 8c d1 87 5a 96 b1 0e 86 b3 45 75 2c aa c1 aa 2d 2a d6 fb c8 d5 2a 1b c8 a0 a8 6f 22 2d 2e d6 74 28 52 cd 67 42 2d 2c d6 d2 98 29 6d 2a d6 f8 52 ec 95 da d0 14 5a 59 ad aa 14 b0 65 14 6a 21 50 0a 96 ab 35 9c 8a 5a d2 ed 60 52 db 8c 55 6b 54 b5 54 37 91 4b 6a 96 6b 74 78 14 69 70 34 50 20 b0 6d 02 8a ab 5a 11 56 0d d8 10 54 35 05 80 1d 6b 2b 4a 34 78 15 5a 54 36 a8 Data Ascii: $Z"[Tf{sNQ\DKt4UU9jjQ)0+Xeky:R];IkNTff!`jFPe.-iPE-ZDf]aWKZEu,-o"-.t(RgB-,)mRZYej!P5Z`RUkTT7Kjktxip4P mZVT5k+J4xZT6
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 96 51 d1 ec 9c 78 f7 65 f8 3e 31 2f f1 f5 df ae 61 96 65 56 56 99 cd b5 b5 d5 97 ae 0f d6 96 96 5b d7 37 0d 92 18 db 10 91 ae 79 89 ee 85 ac 71 ab 81 c5 ee 7d 0b da c2 31 3a f9 bc 7b bf ab 79 da a9 98 8f a7 d3 de fe 98 ff 00 0a 7f c4 c5 df 7e d9 2d db 38 93 2c 87 29 cf ec 25 10 43 3c 30 cb 04 37 ce dc 92 69 3b 16 bf 79 ae 31 44 23 74 85 a6 8d 2f 60 21 bb f1 ef 31 99 9e 12 fd 0f e9 7f a8 e5 e6 62 b3 8a ca 3c 7e 9e de f7 ec 70 6a 05 15 7d 73 01 54 1a 06 d4 0c ac 45 81 5d 32 04 8c 64 4c e9 5d 00 80 ad 10 3d 50 61 24 20 54 02 05 28 15 00 80 40 20 c2 01 41 94 14 a2 05 40 2d 58 ca 05 50 a4 51 04 ce 94 08 e0 8a 5a 2b 60 a2 5a 0a 25 94 28 96 a3 52 88 42 81 68 ab 34 c4 08 42 05 21 50 84 20 42 28 83 30 2a 33 45 22 88 51 1c a1 49 1a d5 19 2d 35 a2 13 6a 05 f7 34 a0 Data Ascii: Qxe>1/aeVV[7yq}1:{y~-8,)%C<07i;y1D#t/`!1b<~pj}sTE]2dL]=Pa$ T(@ A@-XPQZ+`Z%(RBh4B!P B(0*3E"QI-5j4
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: e3 53 a9 b3 f2 cf bf f0 23 cb 7e a3 fe ec 3f c2 7e 2e fa ae 56 f5 d2 ad 28 a7 08 ab 34 f2 a1 4a 82 68 11 55 69 c2 88 2a d3 cb 52 a2 a8 3a 7a d0 a5 9b ca a4 aa 8d 38 e1 ad 45 38 28 b1 4a 04 2c e0 f5 a5 2c 1c 53 04 53 a2 9c 14 a5 89 36 05 4a 0d c9 54 58 38 03 a9 14 ed 08 a7 a0 51 4e 06 9d ba 90 50 04 69 40 34 05 0a 3e ef 2e 84 68 fb a8 1c 0a 23 50 a0 08 28 00 a2 8b 67 01 16 d4 03 42 51 67 01 03 80 8a 70 31 41 40 11 68 e1 aa 2d 1e 9a 11 a3 86 e1 81 40 e0 29 4d 51 83 71 28 a6 dd f1 22 98 37 42 06 0c e8 2a 2a 8d 6e 2a ac 2a 1a 8b 47 01 16 94 08 b1 07 14 51 26 0c 0d 39 90 54 53 a1 10 e1 14 c0 55 11 a0 04 14 14 c3 42 29 c0 14 3a 39 11 16 8c 01 a9 41 d0 00 d4 83 50 36 e8 40 c0 2c ce 36 b1 26 a0 4d 05 98 0d 89 a1 a8 e2 a0 52 71 53 8a 15 89 85 89 3e 05 16 ca 45 31 Data Ascii: S#~?~.V(4JhUiR:z8E8(J,,SS6JTX8QNPi@4>.h#P(gBQgp1A@h-@)MQq("7Bn*GQ&9TSUB):9AP6@,6&MRqS>E1
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: dc a2 cb 87 f8 a5 ac 7c 9c 3b c6 f6 36 b1 c7 79 69 74 6a e6 f6 c6 30 c3 71 03 dd 51 24 4f 34 20 97 30 b2 5d d9 1b db 6b 7e 70 9e e7 cf f3 5e 53 0d fc 66 26 38 bf 86 fc 71 fc 3f f7 cb c0 d7 19 b5 b6 75 dd ce 77 25 ae 48 e9 0d f6 79 96 d9 4f 7f 97 08 63 ad 6e 3d 6e dd 8e 8d b1 96 f9 55 79 69 1a 1e 1a ea b4 7d 49 cf 1c a3 83 f2 99 79 5d cc 32 98 98 7c 0d f2 12 03 98 fa b1 d8 b4 83 50 6b a1 70 ca 25 d2 22 bb 7b 5c ce 71 a1 c5 72 98 75 84 77 8e d5 97 4a 66 fe 24 61 4d 4a 29 c3 ab ce 88 e8 91 ad 63 5a 19 33 66 12 b5 af 71 68 70 dd 76 23 74 ef 00 6a 39 30 c5 48 9b 6b 38 88 ec 9b 75 c4 eb 00 fd e7 5a 4c f6 76 4e 6e e3 a7 15 ed 77 1e 03 ea d8 c6 01 e5 ae dd d8 0b 6b e5 54 66 a7 99 19 61 13 fc be 3d df 49 74 e5 72 58 c5 24 be b9 96 45 99 02 01 63 65 b9 7d b0 68 15 Data Ascii: \|;6yitj0qQ$O4 0]k~p^Sf&8q?uw%HyOcn=nUyi}Iy]2\|Pkp%"{\qruwJf$aMJ)cZ3fqhpv#tj90Hk8uZLvNnwkTfa=ItrX$Ece}h
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: b0 da 79 4e 70 3b 8d 1b d7 2d 21 ce a1 dd ab 48 a0 d3 a0 1d 46 12 be a7 1e c8 8f bb e2 fc c3 c5 5c 73 9b 66 3c 5f 9e d8 e5 b9 3f 11 5e 5e db 3c bd f9 64 d2 70 7c 10 b4 3d 8d 7c 4c 88 4f 1f ac 96 b5 a4 0d ea b8 8a 51 cf 3a 47 ae 33 a8 a7 c3 dd de d5 b9 95 73 ec 7a a5 e7 10 f1 ed 98 2f 8f bb dc e6 e2 92 0f 83 0d bd e5 59 52 31 39 5e 49 7f 43 a3 e0 b8 f3 eb 5a 9c ea 3e 9f 06 7a b9 5f f2 b8 1b c6 fd ed c5 35 63 e0 8c ce 3b 56 90 18 f8 b8 7b 32 12 b4 3a b4 6e f4 d9 01 1a a8 77 58 ee 5a 2e 5a b2 fa 7f c2 f5 f7 22 bf 2b cb c5 de 07 7e 91 c5 1c 56 dc 15 c4 4e 94 92 1f 70 cc 9e b4 69 dd d0 d7 f0 ab 1b 5a bc 51 c4 ee d1 ae 0e 15 a3 96 27 3c be 9f f0 eb 1e 63 7b d9 8f 87 e0 f6 bc b3 8e 3b eb b8 b6 82 ea f3 82 b8 ba 0a 34 76 f6 8d b7 cb da f2 43 1e ea f6 4f e0 e6 3a Data Ascii: yNp;-!HF\sf<_?^^<dp\|=\|LOQ:G3sz/YR19^ICZ>z_5c;V{2:nwXZ.Z"+~VNpiZQ'<c{;4vCO:
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 18 31 1f 18 f8 d5 ea 6e 27 43 65 ca ec b3 85 8e a8 f9 3c a2 af 53 71 8e 86 ca 0f ca f8 5f 63 3e c8 f8 d3 a9 b8 74 36 5c af ca 78 5e 86 81 82 b5 c2 a7 c6 ac 6e ee 33 3e 5b 61 ca ec a7 86 75 06 75 9f 1a bd 5d c6 3d 36 ca 0e ca 78 6f ea 69 af 13 e3 4e ae 69 e9 76 6d cc fc 9f 87 48 c1 cd c7 46 25 6a 37 73 62 7c ae cb 94 e4 fc 3c 3e 30 af f3 8a bd 6c d9 9f 2b b2 8b f2 7e 1d 3a 1e 29 c8 4a 46 ee 6c cf 95 da e6 83 f2 7c 8b 53 c7 26 2b 5d 5c d9 9f 2b b4 89 c9 b2 2d 6f 18 e9 a9 4e ae 64 79 4d ae 69 3b 2a c8 47 df 07 d9 27 53 34 9f 29 b5 cd 07 e5 d9 08 fb f3 7e c9 5e a6 69 3e 5f 6a 3d ae 77 65 d9 15 31 99 b4 e7 4e a6 6c 74 36 f9 a2 ec bf 21 d7 2b 7e c9 3a 99 93 b3 b5 cd 13 97 e4 43 ef ad a7 f3 95 ea 66 cf 47 6f 9a 66 c3 21 c3 ed ad 1f 5c 13 a9 9a 74 76 f9 a6 6c 72 Data Ascii: 1n'Ce<Sq_c>t6\x^n3>[auu]=6xoiNivmHF%j7sb\|<>0l+~:)JFl\|S&+]\+-oNdyMi;*G'S4)~^i>_j=we1Nlt6!+~:CfGof!\tvlr
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: a8 b5 e3 fb 0a 69 5e aa ad cd 3f ba 91 c3 eb b1 eb a2 69 5e b4 18 e6 87 55 bc c3 67 c2 4d 29 d5 1f ad 0d 2a 62 92 bc ae dd f6 de 15 d2 75 7b 87 eb 67 93 41 0c c0 6d ac 67 fe f9 34 93 b9 f4 fa 49 bf 5a 60 37 9b 20 ae b2 5a 7f b4 e5 34 a7 52 58 73 26 7d 51 e7 89 ee 1d 61 aa e9 5e a4 fd 20 de bf 1e b2 d0 76 11 bb e0 35 f6 94 a5 d6 61 7a d3 f0 69 c8 00 77 84 34 29 49 aa 01 bb 7f 27 53 fd da 25 2e b4 df 7c d6 fc 27 b1 bc ee 03 db 90 2b 4c ce 7f 52 2e cc a0 03 ee f1 83 b3 b4 6f cb 29 46 ae f4 7f 59 c1 5f bb b0 72 07 46 7d a2 53 4a 6b 86 fe b2 8b 54 bd 67 c4 15 d2 bd 48 6f eb 16 7c 52 e3 5d 04 07 11 d6 1a 13 49 ae 07 eb 16 fd 56 3a cb 5f e3 4d 32 6a 29 cc 18 35 91 ce cf 1b 4a 69 93 51 4e 62 d3 cb cd 87 b4 d4 d3 26 b8 49 d7 f1 9d a7 ec bc 4a c6 2c 4e 70 89 bf 8f Data Ascii: i^?i^UgM)*bu{gAmg4IZ`7 Z4RXs&}Qa^ v5aziw4)I'S%.\|'+LR.o)FY_rF}SJkTgHo\|R]IV:_M2j)5JiQNb&IJ,Np
2024-08-30 17:06:42 UTC	10300	IN	Data Raw: 87 90 bc 25 ad 63 2c ed 64 d6 64 1f 5d 54 b4 d1 0d ed ce b9 24 4b 3a 53 dc 3b 6a fc 77 a5 9d 39 e4 0c 8e d3 be ee 9c 52 d3 4a 66 43 ad d5 e7 05 2d bd 10 53 2d 34 3b aa be 34 b3 49 3b 67 ea 92 9e ce 75 2d ad 30 3d 62 5d 52 b7 a4 9f 1a 27 4e 39 17 b7 71 d2 e6 bb ec bd c2 8b a1 86 5d 74 6f f4 fc 68 ba 7e 9c 08 67 3b 07 41 72 8d 69 21 b8 78 ff 00 f9 84 7b 88 46 11 f4 82 f6 f2 7d 58 fa fa a5 b5 a2 07 ac 3a 98 97 a5 ac 61 65 f5 8e 57 f4 a5 ac 6d 33 d6 06 3e 53 bd b5 26 4e 92 2e 9c 1f 8c e3 ce 12 da 8d ba 44 c9 5d 15 07 95 49 96 a3 12 b9 e4 e9 c5 49 96 a2 13 2e e4 52 da a4 f7 8e ca 15 2d 74 97 78 f3 f4 29 6d 69 61 79 e5 09 66 94 cb cd 6b ed 60 a5 b5 a4 bb e7 9d 4b 5d 25 2e 3a f0 4b 5a 2e ff 00 2a 96 ba 4a 5f 8d 6a a5 ae 94 5c f4 b5 8c 59 bf 82 5a e9 2e f9 a1 4b Data Ascii: %c,dd]T$K:S;jw9RJfC-S-4;4I;gu-0=b]R'N9q]toh~g;Ari!x{F}X:aeWm3>S&N.D]II.R-tx)miayfk`K]%.:KZ.*J_j\YZ.K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.16	49848	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	626	OUT	GET /tag/inyago70pn HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
2024-08-30 17:06:41 UTC	379	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: application/x-javascript Content-Length: 522 Connection: close Cache-Control: no-cache, no-store Expires: -1 Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8 x-azure-ref: 20240830T170641Z-16579567576kv75wmks9m65qec00000003t000000000mb48 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-08-30 17:06:41 UTC	522	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 69 66 28 61 5b 63 5d 2e 76 7c 7c 61 5b 63 5d 2e 74 29 72 65 74 75 72 6e 20 61 5b 63 5d 28 22 65 76 65 6e 74 22 2c 63 2c 22 64 75 70 2e 22 2b 69 2e 70 72 6f 6a 65 63 74 49 64 29 3b 61 5b 63 5d 2e 74 3d 21 30 2c 28 74 3d 6c 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 29 2e 61 73 79 6e 63 3d 21 30 2c 74 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 73 2f 30 2e 37 2e 34 35 2f 63 6c 61 72 69 74 79 2d 65 78 74 65 6e 64 65 64 2e 6a 73 22 2c 28 79 3d 6c 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 72 29 5b 30 5d 29 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 74 2c 79 29 2c 61 5b 63 5d 28 22 Data Ascii: !function(c,l,a,r,i,t,y){if(a[c].v\|\|a[c].t)return a[c]("event",c,"dup."+i.projectId);a[c].t=!0,(t=l.createElement(r)).async=!0,t.src="https://www.clarity.ms/s/0.7.45/clarity-extended.js",(y=l.getElementsByTagName(r)[0]).parentNode.insertBefore(t,y),a[c]("

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.16	49849	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	746	OUT	GET /assets/js/applicationinsights-web-9ad09b9c.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d
2024-08-30 17:06:41 UTC	1313	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: text/javascript Content-Length: 89384 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa859fc28" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: l5cZGJgb8U+j+2/R.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170641Z-16579567576l4p9bs8an1npq1n00000003eg00000000cp2n x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:41 UTC	15071	IN	Data Raw: 69 6d 70 6f 72 74 7b 67 20 61 73 20 68 63 2c 5f 20 61 73 20 47 75 2c 53 20 61 73 20 7a 75 2c 68 20 61 73 20 41 63 2c 61 20 61 73 20 64 65 2c 69 20 61 73 20 48 2c 63 20 61 73 20 49 63 2c 73 20 61 73 20 50 72 2c 62 20 61 73 20 50 6f 2c 64 20 61 73 20 66 6e 2c 65 20 61 73 20 47 2c 6f 20 61 73 20 43 65 2c 66 20 61 73 20 51 6e 2c 6a 20 61 73 20 59 6f 2c 6b 20 61 73 20 74 72 2c 6c 20 61 73 20 57 69 2c 6d 20 61 73 20 6d 72 2c 6e 20 61 73 20 65 65 2c 70 20 61 73 20 47 74 2c 71 20 61 73 20 65 72 2c 72 20 61 73 20 5f 72 2c 75 20 61 73 20 5a 6e 2c 74 20 61 73 20 52 63 2c 76 20 61 73 20 6d 63 2c 77 20 61 73 20 62 6f 2c 78 20 61 73 20 56 6e 2c 79 20 61 73 20 43 63 2c 7a 20 61 73 20 24 2c 41 20 61 73 20 76 65 2c 42 20 61 73 20 51 74 2c 43 20 61 73 20 59 65 2c 44 20 61 Data Ascii: import{g as hc,_ as Gu,S as zu,h as Ac,a as de,i as H,c as Ic,s as Pr,b as Po,d as fn,e as G,o as Ce,f as Qn,j as Yo,k as tr,l as Wi,m as mr,n as ee,p as Gt,q as er,r as _r,u as Zn,t as Rc,v as mc,w as bo,x as Vn,y as Cc,z as $,A as ve,B as Qt,C as Ye,D a
2024-08-30 17:06:41 UTC	16384	IN	Data Raw: 20 64 75 5b 61 73 5d 28 65 2c 75 29 7d 29 2c 6f 3d 6e 65 77 20 72 28 65 2c 4c 65 28 4c 65 28 7b 7d 2c 6e 29 2c 7b 65 78 63 65 70 74 69 6f 6e 73 3a 69 7d 29 2c 74 2c 61 29 3b 72 65 74 75 72 6e 20 6f 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 49 6e 74 65 72 66 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 6e 3d 74 68 69 73 2c 74 3d 6e 2e 65 78 63 65 70 74 69 6f 6e 73 2c 61 3d 6e 2e 70 72 6f 70 65 72 74 69 65 73 2c 69 3d 6e 2e 6d 65 61 73 75 72 65 6d 65 6e 74 73 2c 6f 3d 6e 2e 73 65 76 65 72 69 74 79 4c 65 76 65 6c 2c 75 3d 6e 2e 70 72 6f 62 6c 65 6d 47 72 6f 75 70 2c 64 3d 6e 2e 69 64 2c 63 3d 6e 2e 69 73 4d 61 6e 75 61 6c 2c 6c 3d 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 26 26 55 74 28 74 2c 66 75 6e 63 74 69 6f 6e 28 54 Data Ascii: du[as](e,u)}),o=new r(e,Le(Le({},n),{exceptions:i}),t,a);return o},r.prototype.toInterface=function(){var e,n=this,t=n.exceptions,a=n.properties,i=n.measurements,o=n.severityLevel,u=n.problemGroup,d=n.id,c=n.isManual,l=t instanceof Array&&Ut(t,function(T
2024-08-30 17:06:41 UTC	16384	IN	Data Raw: 67 21 3d 22 73 74 72 69 6e 67 22 29 7b 76 61 72 20 57 3d 5a 72 28 29 3b 67 3d 57 26 26 57 5b 77 6e 5d 7c 7c 22 22 7d 61 2e 73 74 6f 70 28 5f 2c 67 2c 49 2c 79 29 2c 43 26 26 75 5b 6e 6f 5d 28 5f 2c 67 29 7d 63 61 74 63 68 28 61 65 29 7b 4a 28 31 2c 33 32 2c 22 73 74 6f 70 54 72 61 63 6b 50 61 67 65 20 66 61 69 6c 65 64 2c 20 70 61 67 65 20 76 69 65 77 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 76 65 28 61 65 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 24 28 61 65 29 7d 29 7d 7d 2c 53 5b 5f 75 5d 3d 66 75 6e 63 74 69 6f 6e 28 5f 2c 67 2c 49 29 7b 76 61 72 20 79 3d 5f 26 26 28 5f 5b 44 69 5d 7c 7c 5f 5b 45 74 5d 29 7c 7c 4b 75 28 5f 29 26 26 5f 7c 7c 7b 6e 61 6d 65 3a 5f 26 26 74 79 70 65 6f 66 20 5f 2c 6d 65 73 73 61 67 65 3a Data Ascii: g!="string"){var W=Zr();g=W&&W[wn]\|\|""}a.stop(_,g,I,y),C&&u[no](_,g)}catch(ae){J(1,32,"stopTrackPage failed, page view will not be collected: "+ve(ae),{exception:$(ae)})}},S[_u]=function(_,g,I){var y=_&&(_[Di]\|\|_[Et])\|\|Ku(_)&&_\|\|{name:_&&typeof _,message:
2024-08-30 17:06:41 UTC	16384	IN	Data Raw: 5b 64 5d 29 72 65 74 75 72 6e 20 47 28 65 2c 32 2c 35 30 2c 22 43 69 72 63 75 6c 61 72 20 72 65 66 65 72 65 6e 63 65 20 64 65 74 65 63 74 65 64 20 77 68 69 6c 65 20 73 65 72 69 61 6c 69 7a 69 6e 67 20 6f 62 6a 65 63 74 22 2c 7b 6e 61 6d 65 3a 75 7d 2c 21 30 29 2c 63 3b 69 66 28 21 6f 2e 61 69 44 61 74 61 43 6f 6e 74 72 61 63 74 29 7b 69 66 28 75 3d 3d 3d 22 6d 65 61 73 75 72 65 6d 65 6e 74 73 22 29 63 3d 69 28 6f 2c 22 6e 75 6d 62 65 72 22 2c 75 29 3b 65 6c 73 65 20 69 66 28 75 3d 3d 3d 22 70 72 6f 70 65 72 74 69 65 73 22 29 63 3d 69 28 6f 2c 22 73 74 72 69 6e 67 22 2c 75 29 3b 65 6c 73 65 20 69 66 28 75 3d 3d 3d 22 74 61 67 73 22 29 63 3d 69 28 6f 2c 22 73 74 72 69 6e 67 22 2c 75 29 3b 65 6c 73 65 20 69 66 28 45 72 28 6f 29 29 63 3d 61 28 6f 2c 75 29 3b Data Ascii: [d])return G(e,2,50,"Circular reference detected while serializing object",{name:u},!0),c;if(!o.aiDataContract){if(u==="measurements")c=i(o,"number",u);else if(u==="properties")c=i(o,"string",u);else if(u==="tags")c=i(o,"string",u);else if(Er(o))c=a(o,u);
2024-08-30 17:06:41 UTC	16384	IN	Data Raw: 2c 4f 75 3d 22 61 69 2e 61 6a 78 6d 6e 2e 22 2c 56 74 3d 22 64 69 61 67 4c 6f 67 22 2c 77 72 3d 22 5f 61 6a 61 78 44 61 74 61 22 2c 4a 72 3d 22 66 65 74 63 68 22 2c 44 74 3d 22 46 61 69 6c 65 64 20 74 6f 20 6d 6f 6e 69 74 6f 72 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 22 2c 61 63 3d 22 2c 20 6d 6f 6e 69 74 6f 72 69 6e 67 20 64 61 74 61 20 66 6f 72 20 74 68 69 73 20 61 6a 61 78 20 63 61 6c 6c 20 22 2c 43 6e 3d 61 63 2b 22 6d 61 79 20 62 65 20 69 6e 63 6f 72 72 65 63 74 2e 22 2c 77 75 3d 61 63 2b 22 77 6f 6e 27 74 20 62 65 20 73 65 6e 74 2e 22 2c 4d 75 3d 22 46 61 69 6c 65 64 20 74 6f 20 67 65 74 20 52 65 71 75 65 73 74 2d 43 6f 6e 74 65 78 74 20 63 6f 72 72 65 6c 61 74 69 6f 6e 20 68 65 61 64 65 72 20 61 73 20 69 74 20 6d 61 79 20 62 65 20 6e 6f 74 20 Data Ascii: ,Ou="ai.ajxmn.",Vt="diagLog",wr="_ajaxData",Jr="fetch",Dt="Failed to monitor XMLHttpRequest",ac=", monitoring data for this ajax call ",Cn=ac+"may be incorrect.",wu=ac+"won't be sent.",Mu="Failed to get Request-Context correlation header as it may be not
2024-08-30 17:06:41 UTC	8777	IN	Data Raw: 28 29 2c 65 65 29 7d 2c 75 5b 66 63 5d 3d 66 75 6e 63 74 69 6f 6e 28 54 2c 68 29 7b 4e 65 28 54 2e 65 78 74 2c 42 65 2e 4f 53 45 78 74 2c 75 2e 6f 73 29 7d 2c 75 5b 75 63 5d 3d 66 75 6e 63 74 69 6f 6e 28 54 2c 68 29 7b 76 61 72 20 66 3d 75 2e 61 70 70 6c 69 63 61 74 69 6f 6e 3b 69 66 28 66 29 7b 76 61 72 20 70 3d 78 65 28 54 2c 44 61 29 3b 4e 65 28 70 2c 5f 65 2e 61 70 70 6c 69 63 61 74 69 6f 6e 56 65 72 73 69 6f 6e 2c 66 2e 76 65 72 2c 65 65 29 2c 4e 65 28 70 2c 5f 65 2e 61 70 70 6c 69 63 61 74 69 6f 6e 42 75 69 6c 64 2c 66 2e 62 75 69 6c 64 2c 65 65 29 7d 7d 2c 75 5b 73 63 5d 3d 66 75 6e 63 74 69 6f 6e 28 54 2c 68 29 7b 76 61 72 20 66 3d 75 2e 64 65 76 69 63 65 3b 69 66 28 66 29 7b 76 61 72 20 70 3d 78 65 28 78 65 28 54 2c 67 61 29 2c 42 65 2e 44 65 76 Data Ascii: (),ee)},u[fc]=function(T,h){Ne(T.ext,Be.OSExt,u.os)},u[uc]=function(T,h){var f=u.application;if(f){var p=xe(T,Da);Ne(p,_e.applicationVersion,f.ver,ee),Ne(p,_e.applicationBuild,f.build,ee)}},u[sc]=function(T,h){var f=u.device;if(f){var p=xe(xe(T,ga),Be.Dev

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.16	49850	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	630	OUT	GET /s/0.7.45/clarity.js HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
2024-08-30 17:06:41 UTC	619	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:41 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 65276 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Wed, 28 Aug 2024 19:57:49 GMT ETag: "0x8DCC79BB1C5F66A" x-ms-request-id: ff5b1345-401e-0078-20ef-f98d23000000 x-ms-version: 2018-03-28 Access-Control-Allow-Origin: * x-azure-ref: 20240830T170641Z-16579567576j7nvvu5n0ytgs1c00000003w0000000009h6t Cache-Control: public, max-age=86400 x-fd-int-roxy-purgeid: 51562430 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:41 UTC	15765	IN	Data Raw: 2f 2a 20 63 6c 61 72 69 74 79 2d 6a 73 20 76 30 2e 37 2e 34 35 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2f 63 6c 61 72 69 74 79 20 28 4c 69 63 65 6e 73 65 3a 20 4d 49 54 29 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 71 75 65 75 65 28 29 7b 72 65 74 75 72 6e 20 73 72 7d 2c 67 65 74 20 73 74 61 72 74 28 29 7b 72 65 74 75 72 6e 20 63 72 7d 2c 67 65 74 20 73 74 6f 70 28 29 7b 72 65 74 75 72 6e 20 6c 72 7d 2c 67 65 74 20 74 72 61 63 6b 28 29 7b 72 65 74 75 72 6e 20 61 72 7d 7d 29 2c 65 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f Data Ascii: /* clarity-js v0.7.45: https://github.com/microsoft/clarity (License: MIT) */!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return sr},get start(){return cr},get stop(){return lr},get track(){return ar}}),e=Object.freeze({__pro
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 6c 2c 6d 65 74 61 64 61 74 61 3a 7b 61 63 74 69 76 65 3a 21 30 2c 73 75 73 70 65 6e 64 3a 21 31 2c 70 72 69 76 61 63 79 3a 66 2c 70 6f 73 69 74 69 6f 6e 3a 6e 75 6c 6c 2c 66 72 61 75 64 3a 64 2c 73 69 7a 65 3a 6e 75 6c 6c 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 61 3d 65 2e 64 61 74 61 2c 72 3d 65 2e 6d 65 74 61 64 61 74 61 2c 69 3d 72 2e 70 72 69 76 61 63 79 2c 6f 3d 61 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 7b 7d 2c 75 3d 61 2e 74 61 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 73 77 69 74 63 68 28 21 30 29 7b 63 61 73 65 20 50 74 2e 69 6e 64 65 78 4f 66 28 75 29 3e 3d 30 3a 76 61 72 20 63 3d 6f 2e 74 79 70 65 2c 73 3d 22 22 2c 6c 3d 5b 22 63 6c 61 73 73 22 2c 22 73 74 79 6c 65 22 5d 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 Data Ascii: l,metadata:{active:!0,suspend:!1,privacy:f,position:null,fraud:d,size:null}},function(t,e,n){var a=e.data,r=e.metadata,i=r.privacy,o=a.attributes\|\|{},u=a.tag.toUpperCase();switch(!0){case Pt.indexOf(u)>=0:var c=o.type,s="",l=["class","style"];Object.keys(
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 21 3d 3d 72 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 72 26 26 4b 6e 28 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 5a 6e 28 74 2c 65 29 7b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 31 29 2c 6e 75 6c 6c 21 3d 3d 74 29 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 74 29 7b 63 61 73 65 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 6f 75 6e 64 28 74 2a 65 29 3b 63 61 73 65 22 73 74 72 69 6e 67 22 3a 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 6f 75 6e 64 28 70 61 72 73 65 46 6c 6f 61 74 28 74 2e 72 65 70 6c 61 63 65 28 47 6e 2c 22 22 29 29 2a 65 29 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 76 61 72 20 51 6e 3d 5b 22 74 69 74 6c 65 22 2c 22 61 6c 74 22 2c 22 6f 6e 6c 6f 61 64 22 2c 22 6f 6e 66 6f 63 75 73 22 2c 22 6f 6e 65 72 72 Data Ascii: !==r&&"object"==typeof r&&Kn(r)}}function Zn(t,e){if(void 0===e&&(e=1),null!==t)switch(typeof t){case"number":return Math.round(te);case"string":return Math.round(parseFloat(t.replace(Gn,""))e)}return null}var Qn=["title","alt","onload","onfocus","onerr
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 28 6e 2c 22 7c 22 29 2e 63 6f 6e 63 61 74 28 61 29 3a 22 22 3b 74 20 69 6e 20 77 72 26 26 77 72 5b 74 5d 2e 69 6e 64 65 78 4f 66 28 69 29 3e 3d 30 7c 7c 28 62 72 3d 7b 63 6f 64 65 3a 74 2c 6e 61 6d 65 3a 6e 2c 6d 65 73 73 61 67 65 3a 61 2c 73 74 61 63 6b 3a 72 2c 73 65 76 65 72 69 74 79 3a 65 7d 2c 74 20 69 6e 20 77 72 3f 77 72 5b 74 5d 2e 70 75 73 68 28 69 29 3a 77 72 5b 74 5d 3d 5b 69 5d 2c 79 72 28 33 33 29 29 7d 76 61 72 20 53 72 2c 45 72 3d 7b 7d 2c 4f 72 3d 6e 65 77 20 53 65 74 2c 4e 72 3d 7b 7d 2c 54 72 3d 7b 7d 2c 4d 72 3d 7b 7d 2c 78 72 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 72 28 29 7b 6a 72 28 29 7d 66 75 6e 63 74 69 6f 6e 20 49 72 28 74 29 7b 74 72 79 7b 76 61 72 20 65 3d 74 26 26 74 2e 6c 65 6e 67 74 68 3e 30 3f 74 2e 73 70 6c 69 74 28 2f Data Ascii: (n,"\|").concat(a):"";t in wr&&wr[t].indexOf(i)>=0\|\|(br={code:t,name:n,message:a,stack:r,severity:e},t in wr?wr[t].push(i):wr[t]=[i],yr(33))}var Sr,Er={},Or=new Set,Nr={},Tr={},Mr={},xr={};function _r(){jr()}function Ir(t){try{var e=t&&t.length>0?t.split(/
2024-08-30 17:06:42 UTC	359	IN	Data Raw: 67 72 61 64 65 3a 65 74 2c 76 65 72 73 69 6f 6e 3a 6c 7d 29 2c 61 6f 3d 77 69 6e 64 6f 77 2c 72 6f 3d 22 63 6c 61 72 69 74 79 22 3b 66 75 6e 63 74 69 6f 6e 20 69 6f 28 29 7b 69 66 28 76 6f 69 64 20 30 21 3d 3d 61 6f 29 7b 69 66 28 61 6f 5b 72 6f 5d 26 26 61 6f 5b 72 6f 5d 2e 76 29 72 65 74 75 72 6e 20 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 45 72 72 6f 72 20 43 4c 30 30 31 3a 20 4d 75 6c 74 69 70 6c 65 20 43 6c 61 72 69 74 79 20 74 61 67 73 20 64 65 74 65 63 74 65 64 2e 22 29 3b 76 61 72 20 74 3d 61 6f 5b 72 6f 5d 26 26 61 6f 5b 72 6f 5d 2e 71 7c 7c 5b 5d 3b 66 6f 72 28 61 6f 5b 72 6f 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 6e 3d 31 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 65 5b 6e Data Ascii: grade:et,version:l}),ao=window,ro="clarity";function io(){if(void 0!==ao){if(ao[ro]&&ao[ro].v)return console.warn("Error CL001: Multiple Clarity tags detected.");var t=ao[ro]&&ao[ro].q\|\|[];for(ao[ro]=function(t){for(var e=[],n=1;n<arguments.length;n++)e[n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.16	49851	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:41 UTC	705	OUT	GET /p/action/355008692.js HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:42 UTC	571	IN	HTTP/1.1 200 OK Cache-Control: private,max-age=60 Content-Length: 4077 Content-Type: application/javascript; charset=utf-8 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AAA8E476FCF24EA4AF86EDEAE74F1E2C Ref B: EWR311000104017 Ref C: 2024-08-30T17:06:41Z Date: Fri, 30 Aug 2024 17:06:41 GMT Connection: close
2024-08-30 17:06:42 UTC	2704	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 63 2c 6b 2c 61 2c 62 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 63 73 20 3d 20 64 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 0d 0a 20 20 20 20 69 66 20 28 63 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 75 6f 20 3d 20 63 73 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 75 65 74 6f 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 75 6f 20 26 26 20 77 5b 75 6f 5d 20 26 26 20 74 79 70 65 6f 66 20 77 5b 75 6f 5d 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 5b 75 6f 5d 2e 73 65 74 55 73 65 72 53 69 67 6e 61 6c 73 28 7b 27 63 6f 27 3a 20 63 2c 20 27 6b 63 27 3a 20 6b 2c 20 27 61 74 27 3a 20 61 2c 20 Data Ascii: (function(w,d,c,k,a,b) { var cs = d.currentScript; if (cs) { var uo = cs.getAttribute('data-ueto'); if (uo && w[uo] && typeof w[uo].setUserSignals === 'function') { w[uo].setUserSignals({'co': c, 'kc': k, 'at': a,
2024-08-30 17:06:42 UTC	1109	IN	Data Raw: 6e 74 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 70 20 3d 20 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 73 29 3b 20 63 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 63 6c 61 72 69 74 79 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 76 65 6e 74 50 69 63 6b 65 72 2e 6a 73 27 3b 20 63 70 2e 61 73 79 6e 63 3d 74 72 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 65 76 65 6e 74 20 73 65 74 75 70 20 73 63 72 69 70 74 20 65 6c 65 6d 65 6e 74 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 73 74 20 3d 20 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 73 29 3b 20 65 73 74 2e 73 72 Data Ascii: nt var cp = d.createElement(s); cp.src = 'https://clarity.microsoft.com/eventPicker.js'; cp.async=true; cp.onload = function() { // event setup script element var est = d.createElement(s); est.sr
2024-08-30 17:06:42 UTC	264	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 73 74 2c 66 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 63 70 2c 66 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6d 65 73 73 61 67 65 27 2c 20 65 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 6c 61 75 6e 63 68 45 76 65 6e 74 53 65 74 75 70 28 29 3b 0d 0a 7d 29 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 27 73 63 72 69 70 74 27 2c 20 27 33 35 35 30 30 Data Ascii: f.parentNode.insertBefore(est,f); }; f.parentNode.insertBefore(cp,f); w.removeEventListener('message', eventListener); }); } launchEventSetup();})(window, document, 'script', '35500

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.16	49852	20.42.73.24	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:42 UTC	1188	OUT	POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1 Host: browser.events.data.microsoft.com Connection: keep-alive Content-Length: 4474 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" upload-time: 1725037600551 sec-ch-ua-mobile: ?0 client-version: 1DS-Web-JS-3.2.18 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 time-delta-to-apply-millis: 2552 content-type: application/x-json-stream cache-control: no-cache, no-store apikey: 6071a635faa9495f9a5e79641fcee35e-eecc90fc-dd86-4371-a263-8ec1ec7d9d06-6609 Client-Id: NO_AUTH sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.microsoft.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
2024-08-30 17:06:42 UTC	4474	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 73 2e 57 65 62 2e 50 61 67 65 41 63 74 69 6f 6e 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 31 37 3a 30 36 3a 33 36 2e 35 35 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 36 30 37 31 61 36 33 35 66 61 61 39 34 39 35 66 39 61 35 65 37 39 36 34 31 66 63 65 65 33 35 65 22 2c 22 65 78 74 22 3a 7b 22 77 65 62 22 3a 7b 22 69 73 4d 61 6e 75 61 6c 22 3a 74 72 75 65 2c 22 64 6f 6d 61 69 6e 22 3a 22 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 75 73 65 72 43 6f 6e 73 65 6e 74 22 3a 74 72 75 65 2c 22 63 6f 6e 73 65 6e 74 44 65 74 61 69 6c 73 22 3a 22 7b 5c 22 52 65 71 75 69 72 65 64 5c 22 3a 74 72 75 65 2c 5c 22 41 6e 61 6c 79 74 69 63 73 5c 22 3a 74 72 75 65 2c 5c 22 53 Data Ascii: {"name":"Ms.Web.PageAction","time":"2024-08-30T17:06:36.557Z","ver":"4.0","iKey":"o:6071a635faa9495f9a5e79641fcee35e","ext":{"web":{"isManual":true,"domain":"www.microsoft.com","userConsent":true,"consentDetails":"{\"Required\":true,\"Analytics\":true,\"S
2024-08-30 17:06:42 UTC	460	IN	HTTP/1.1 200 OK Content-Length: 153 Content-Type: application/json Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 time-delta-millis: 1839 Access-Control-Allow-Headers: time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://www.microsoft.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 30 Aug 2024 17:06:41 GMT Connection: close
2024-08-30 17:06:42 UTC	153	IN	Data Raw: 7b 22 61 63 63 22 3a 34 2c 22 77 65 62 52 65 73 75 6c 74 22 3a 7b 22 6d 73 66 70 63 22 3a 22 47 55 49 44 3d 38 30 36 36 39 33 33 38 31 37 63 31 34 64 64 34 62 39 35 65 63 30 66 31 34 61 65 32 66 35 32 65 26 48 41 53 48 3d 38 30 36 36 26 4c 56 3d 32 30 32 34 30 38 26 56 3d 34 26 4c 55 3d 31 37 32 35 30 33 37 36 30 31 31 30 37 22 2c 22 6d 63 31 22 3a 22 38 30 36 36 39 33 33 38 31 37 63 31 34 64 64 34 62 39 35 65 63 30 66 31 34 61 65 32 66 35 32 65 22 7d 7d Data Ascii: {"acc":4,"webResult":{"msfpc":"GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107","mc1":"8066933817c14dd4b95ec0f14ae2f52e"}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.16	49853	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:42 UTC	860	OUT	GET /assets/js/InstrumentHooks-cd565348.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
2024-08-30 17:06:42 UTC	1313	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:42 GMT Content-Type: text/javascript Content-Length: 59244 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858466c" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: 0l0hr/oi/U6M88Cw.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170642Z-16579567576vpzq62mgx0my8kw00000003t000000000puu9 x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:42 UTC	15071	IN	Data Raw: 76 61 72 20 66 72 3d 76 6f 69 64 20 30 2c 58 3d 6e 75 6c 6c 2c 7a 61 3d 22 22 2c 43 6f 3d 22 62 6f 6f 6c 65 61 6e 22 2c 5f 69 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 4e 6f 3d 22 6e 75 6d 62 65 72 22 2c 63 74 3d 22 6f 62 6a 65 63 74 22 2c 53 72 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 76 61 3d 22 5f 5f 70 72 6f 74 6f 5f 5f 22 2c 49 6f 3d 22 73 74 72 69 6e 67 22 2c 71 72 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 6c 61 3d 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 2c 48 61 3d 22 53 79 6d 62 6f 6c 22 2c 64 75 3d 22 5f 70 6f 6c 79 66 69 6c 6c 22 2c 4f 6f 3d 22 69 6e 64 65 78 4f 66 22 2c 4c 6f 3d 22 6c 61 73 74 49 6e 64 65 78 4f 66 22 2c 24 6e 3d 22 6c 65 6e 67 74 68 22 2c 43 65 3d 22 64 6f 6e 65 22 2c 6d 6f 3d 22 76 61 6c 75 65 22 2c 57 61 3d 22 6e 61 6d 65 22 2c 56 61 3d Data Ascii: var fr=void 0,X=null,za="",Co="boolean",_i="function",No="number",ct="object",Sr="prototype",va="__proto__",Io="string",qr="undefined",la="constructor",Ha="Symbol",du="_polyfill",Oo="indexOf",Lo="lastIndexOf",$n="length",Ce="done",mo="value",Wa="name",Va=
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 69 6f 6e 20 64 66 28 72 2c 6e 29 7b 72 65 74 75 72 6e 20 79 66 28 72 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 26 26 6e 28 7b 76 61 6c 75 65 3a 74 2c 72 65 6a 65 63 74 65 64 3a 21 31 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 26 26 6e 28 7b 72 65 6a 65 63 74 65 64 3a 21 30 2c 72 65 61 73 6f 6e 3a 74 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 79 66 28 72 2c 6e 2c 74 2c 69 29 7b 76 61 72 20 61 3d 72 3b 72 65 74 75 72 6e 20 6a 74 28 72 29 3f 28 6e 7c 7c 74 29 26 26 28 61 3d 72 2e 74 68 65 6e 28 6e 2c 74 29 29 3a 6e 26 26 6e 28 72 29 2c 69 26 26 28 61 3d 68 63 28 61 2c 69 29 29 2c 61 7d 66 75 6e 63 74 69 6f 6e 20 68 63 28 72 2c 6e 29 7b 76 61 72 20 74 3d 72 3b 72 65 74 75 72 6e 20 6e 26 26 28 6a 74 28 72 29 3f 72 2e 66 69 6e 61 6c 6c 79 3f 74 3d 72 2e Data Ascii: ion df(r,n){return yf(r,function(t){n&&n({value:t,rejected:!1})},function(t){n&&n({rejected:!0,reason:t})})}function yf(r,n,t,i){var a=r;return jt(r)?(n\|\|t)&&(a=r.then(n,t)):n&&n(r),i&&(a=hc(a,i)),a}function hc(r,n){var t=r;return n&&(jt(r)?r.finally?t=r.
2024-08-30 17:06:42 UTC	16384	IN	Data Raw: 29 5b 4a 74 5d 28 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 42 76 28 72 2c 6e 2c 74 29 7b 63 65 28 72 29 5b 5f 66 5d 28 6e 2c 74 29 7d 76 61 72 20 69 61 2c 42 72 2c 58 65 3d 22 74 6f 47 4d 54 53 74 72 69 6e 67 22 2c 4a 65 3d 22 74 6f 55 54 43 53 74 72 69 6e 67 22 2c 73 65 3d 22 63 6f 6f 6b 69 65 22 2c 61 61 3d 22 65 78 70 69 72 65 73 22 2c 51 65 3d 22 69 73 43 6f 6f 6b 69 65 55 73 65 44 69 73 61 62 6c 65 64 22 2c 55 61 3d 22 64 69 73 61 62 6c 65 43 6f 6f 6b 69 65 73 55 73 61 67 65 22 2c 6b 72 3d 22 5f 63 6b 4d 67 72 22 2c 4c 74 3d 6e 75 6c 6c 2c 65 61 3d 6e 75 6c 6c 2c 5a 65 3d 6e 75 6c 6c 2c 67 72 2c 72 6f 3d 7b 7d 2c 73 69 3d 7b 7d 2c 53 73 3d 28 69 61 3d 7b 63 6f 6f 6b 69 65 43 66 67 3a 64 73 28 28 42 72 3d 7b 7d 2c 42 72 5b 4c 61 5d 3d 7b 66 62 3a 22 63 6f Data Ascii: )[Jt](n)}function Bv(r,n,t){ce(r)[_f](n,t)}var ia,Br,Xe="toGMTString",Je="toUTCString",se="cookie",aa="expires",Qe="isCookieUseDisabled",Ua="disableCookiesUsage",kr="_ckMgr",Lt=null,ea=null,Ze=null,gr,ro={},si={},Ss=(ia={cookieCfg:ds((Br={},Br[La]={fb:"co
2024-08-30 17:06:42 UTC	11405	IN	Data Raw: 72 65 74 75 72 6e 20 65 7c 7c 28 65 3d 6e 65 77 20 6d 73 28 6e 2e 63 66 67 29 2c 54 5b 56 73 5d 3d 65 29 2c 65 7d 2c 54 5b 46 74 5d 3d 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 54 5b 41 6e 5d 28 29 5b 46 74 5d 28 5f 29 7d 2c 54 5b 78 74 5d 3d 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 65 26 26 65 5b 78 74 5d 28 5f 29 7d 2c 54 2e 67 65 74 43 6f 6f 6b 69 65 4d 67 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 75 7c 7c 28 75 3d 4b 6e 28 6e 2e 63 66 67 2c 54 5b 59 5d 29 29 2c 75 7d 2c 54 2e 73 65 74 43 6f 6f 6b 69 65 4d 67 72 3d 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 75 21 3d 3d 5f 26 26 28 56 6e 28 75 2c 21 31 29 2c 75 3d 5f 29 7d 2c 54 5b 61 69 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 6f 26 26 21 66 26 26 65 6e 28 6e 5b 70 72 5d 28 66 75 6e Data Ascii: return e\|\|(e=new ms(n.cfg),T[Vs]=e),e},T[Ft]=function(_){T[An]()[Ft](_)},T[xt]=function(_){e&&e[xt](_)},T.getCookieMgr=function(){return u\|\|(u=Kn(n.cfg,T[Y])),u},T.setCookieMgr=function(_){u!==_&&(Vn(u,!1),u=_)},T[ai]=function(){return!o&&!f&&en(n[pr](fun

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.16	49854	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:42 UTC	872	OUT	GET /assets/js/applicationinsights-core-js-9783d46c.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df
2024-08-30 17:06:42 UTC	1312	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:42 GMT Content-Type: text/javascript Content-Length: 5244 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858b57c" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: E0IEoSksX0yl6aAf.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170642Z-16579567576mj4tc2xukwvxfxc00000003hg000000000d7u x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:42 UTC	5244	IN	Data Raw: 69 6d 70 6f 72 74 7b 61 5a 20 61 73 20 69 2c 53 20 61 73 20 62 2c 6e 2c 61 5f 20 61 73 20 64 2c 7a 20 61 73 20 67 2c 61 24 20 61 73 20 63 2c 64 20 61 73 20 6c 2c 62 20 61 73 20 75 2c 77 20 61 73 20 6d 7d 66 72 6f 6d 22 2e 2f 49 6e 73 74 72 75 6d 65 6e 74 48 6f 6f 6b 73 2d 63 64 35 36 35 33 34 38 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 61 4a 20 61 73 20 68 2c 61 66 20 61 73 20 43 2c 62 4a 20 61 73 20 44 2c 61 61 20 61 73 20 4e 2c 61 7a 20 61 73 20 77 2c 62 50 20 61 73 20 49 2c 61 44 20 61 73 20 54 2c 62 4f 20 61 73 20 46 2c 61 56 20 61 73 20 4c 2c 61 59 20 61 73 20 4d 2c 61 57 20 61 73 20 4f 2c 61 58 20 61 73 20 55 2c 62 4b 20 61 73 20 78 2c 62 34 20 61 73 20 6a 2c 61 47 20 61 73 20 56 2c 62 75 20 61 73 20 48 2c 61 48 20 61 73 20 6b 2c 65 20 61 73 20 57 2c 57 Data Ascii: import{aZ as i,S as b,n,a_ as d,z as g,a$ as c,d as l,b as u,w as m}from"./InstrumentHooks-cd565348.js";import{aJ as h,af as C,bJ as D,aa as N,az as w,bP as I,aD as T,bO as F,aV as L,aY as M,aW as O,aX as U,bK as x,b4 as j,aG as V,bu as H,aH as k,e as W,W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.16	49855	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:42 UTC	1131	OUT	GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-GB&sw=1280&sh=1024&sc=24&tl=Welcome%20to%20Microsoft%20Edge&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&r=&lt=12430&evt=pageLoad&sv=1&cdb=AQAA&rn=74803 HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:42 UTC	864	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MUID=1560A2A6E1256FE32E35B64DE00C6E2C; domain=.bing.com; expires=Wed, 24-Sep-2025 17:06:42 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: MR=0; domain=bat.bing.com; expires=Fri, 06-Sep-2024 17:06:42 GMT; path=/; SameSite=None; Secure; Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: C8316B9FB59045C08C4D5BD104F12039 Ref B: EWR30EDGE0220 Ref C: 2024-08-30T17:06:42Z Date: Fri, 30 Aug 2024 17:06:42 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.16	49856	13.107.42.14	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:42 UTC	789	OUT	GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ HTTP/1.1 Host: px.ads.linkedin.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:43 UTC	1117	IN	HTTP/1.1 302 Found Location: /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true Set-Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; Max-Age=7776000; Expires=Thu, 28 Nov 2024 17:06:42 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure Set-Cookie: bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 30-Aug-2025 17:06:42 GMT; SameSite=None Set-Cookie: lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; Expires=Sat, 31 Aug 2024 17:06:42 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure LinkedIn-Action: 1 X-Li-Fabric: prod-lva1 X-Li-Pop: afd-prod-lva1-x X-Li-Proto: http/1.1 X-LI-UUID: AAYg6Z2MeBFRjvIkv4IDcg== X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 691F641532A24B80914490E3EA458379 Ref B: EWR30EDGE0106 Ref C: 2024-08-30T17:06:42Z Date: Fri, 30 Aug 2024 17:06:41 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.16	49858	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:43 UTC	950	OUT	GET /assets/js/Index-cbed7ffc.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://apps.microsoft.com/assets/js/index-ba29222d.js Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703
2024-08-30 17:06:43 UTC	1314	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:43 GMT Content-Type: text/javascript Content-Length: 186154 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa85a762a" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: tQFryDqEKUe5RX7N.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170643Z-16579567576phhfj0h0z9mnmag00000003eg00000000skmc x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:43 UTC	15070	IN	Data Raw: 76 61 72 20 45 61 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 24 74 3d 22 6f 62 6a 65 63 74 22 2c 68 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 49 74 3d 22 70 72 6f 74 6f 74 79 70 65 22 2c 24 63 3d 22 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 22 2c 76 72 3d 4f 62 6a 65 63 74 2c 4d 63 3d 76 72 5b 49 74 5d 2c 6c 73 3d 76 72 2e 61 73 73 69 67 6e 2c 69 45 3d 76 72 2e 63 72 65 61 74 65 2c 6a 5f 3d 76 72 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 2c 42 74 3d 4d 63 5b 24 63 5d 2c 6a 6c 3d 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 70 61 28 6e 29 7b 6e 3d 3d 3d 76 6f 69 64 20 30 26 26 28 6e 3d 21 30 29 3b 76 61 72 20 74 3d 6e 3d 3d 3d 21 31 3f 6e 75 6c 6c 3a 6a 6c 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 68 74 26 26 Data Ascii: var Ea="function",$t="object",ht="undefined",It="prototype",$c="hasOwnProperty",vr=Object,Mc=vr[It],ls=vr.assign,iE=vr.create,j_=vr.defineProperty,Bt=Mc[$c],jl=null;function pa(n){n===void 0&&(n=!0);var t=n===!1?null:jl;return t\|\|(typeof globalThis!==ht&&
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 76 61 72 20 73 3d 30 3b 73 3c 75 5b 5a 5d 3b 73 2b 2b 29 7b 76 61 72 20 63 3d 75 5b 73 5d 3b 63 26 26 28 66 2b 3d 63 5b 24 69 5d 29 7d 69 5b 24 69 5d 3d 6e 72 28 29 2d 69 2e 73 74 61 72 74 2c 69 2e 65 78 54 69 6d 65 3d 69 5b 24 69 5d 2d 66 2c 69 5b 70 73 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 21 61 26 26 64 6e 28 72 29 26 26 28 69 2e 70 61 79 6c 6f 61 64 3d 72 28 29 29 7d 7d 72 65 74 75 72 6e 20 6e 2e 50 61 72 65 6e 74 43 6f 6e 74 65 78 74 4b 65 79 3d 22 70 61 72 65 6e 74 22 2c 6e 2e 43 68 69 6c 64 72 65 6e 43 6f 6e 74 65 78 74 4b 65 79 3d 22 63 68 69 6c 64 45 76 74 73 22 2c 6e 7d 28 29 2c 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 74 29 7b 74 68 69 73 2e 63 74 78 3d 7b 7d 2c 4d 74 28 6e 2c 74 68 69 73 2c 66 75 6e 63 Data Ascii: var s=0;s<u[Z];s++){var c=u[s];c&&(f+=c[$i])}i[$i]=nr()-i.start,i.exTime=i[$i]-f,i[ps]=function(){},!a&&dn(r)&&(i.payload=r())}}return n.ParentContextKey="parent",n.ChildrenContextKey="childEvts",n}(),op=function(){function n(t){this.ctx={},Mt(n,this,func
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 5a 5d 2c 54 3d 30 3b 54 3c 5f 3b 2b 2b 54 29 7b 76 61 72 20 6c 3d 69 5b 54 5d 3b 69 66 28 6c 29 74 72 79 7b 69 66 28 6c 2e 66 6e 5b 46 63 5d 28 6e 75 6c 6c 2c 5b 75 5d 29 3d 3d 3d 21 31 29 7b 63 3d 21 30 3b 62 72 65 61 6b 7d 7d 63 61 74 63 68 28 76 29 7b 54 6e 28 73 5b 63 65 5d 28 29 2c 31 2c 36 34 2c 22 4f 6e 65 20 6f 66 20 74 65 6c 65 6d 65 74 72 79 20 69 6e 69 74 69 61 6c 69 7a 65 72 73 20 66 61 69 6c 65 64 2c 20 74 65 6c 65 6d 65 74 72 79 20 69 74 65 6d 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 73 65 6e 74 3a 20 22 2b 75 67 28 76 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 59 6e 28 76 29 7d 2c 21 30 29 7d 7d 63 7c 7c 6f 5b 43 6e 5d 28 75 2c 73 29 7d 2c 6f 5b 5f 73 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 28 29 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 Data Ascii: Z],T=0;T<_;++T){var l=i[T];if(l)try{if(l.fn[Fc](null,[u])===!1){c=!0;break}}catch(v){Tn(s[ce](),1,64,"One of telemetry initializers failed, telemetry item will not be sent: "+ug(v),{exception:Yn(v)},!0)}}c\|\|o[Cn](u,s)},o[_s]=function(){a()}});function a()
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 3d 3d 66 30 26 26 74 21 3d 3d 6e 75 6c 6c 26 26 63 30 28 22 43 6c 61 73 73 20 65 78 74 65 6e 64 73 20 76 61 6c 75 65 20 22 2b 53 74 72 69 6e 67 28 74 29 2b 22 20 69 73 20 6e 6f 74 20 61 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 6f 72 20 6e 75 6c 6c 22 29 2c 52 73 28 6e 2c 74 29 3b 66 75 6e 63 74 69 6f 6e 20 72 28 29 7b 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 6e 7d 6e 5b 44 6f 5d 3d 74 3d 3d 3d 6e 75 6c 6c 3f 6c 53 28 74 29 3a 28 72 5b 44 6f 5d 3d 74 5b 44 6f 5d 2c 6e 65 77 20 72 29 7d 2f 2a 21 0a 20 2a 20 4d 69 63 72 6f 73 6f 66 74 20 44 79 6e 61 6d 69 63 20 50 72 6f 74 6f 20 55 74 69 6c 69 74 79 2c 20 31 2e 31 2e 39 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 Data Ascii: ==f0&&t!==null&&c0("Class extends value "+String(t)+" is not a constructor or null"),Rs(n,t);function r(){this.constructor=n}n[Do]=t===null?lS(t):(r[Do]=t[Do],new r)}/! Microsoft Dynamic Proto Utility, 1.1.9 * Copyright (c) Microsoft and contributors
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 43 6f 6d 70 6c 65 74 65 64 3a 77 2c 73 65 6e 64 52 65 61 73 6f 6e 3a 4d 7d 7d 2c 70 2e 69 73 53 79 6e 63 29 7d 70 2e 73 69 7a 65 45 78 63 65 65 64 26 26 70 2e 73 69 7a 65 45 78 63 65 65 64 2e 6c 65 6e 67 74 68 3e 30 26 26 6c 74 28 70 2e 73 69 7a 65 45 78 63 65 65 64 2c 38 30 30 33 2c 70 2e 73 65 6e 64 54 79 70 65 29 2c 70 2e 66 61 69 6c 65 64 45 76 74 73 26 26 70 2e 66 61 69 6c 65 64 45 76 74 73 2e 6c 65 6e 67 74 68 3e 30 26 26 6c 74 28 70 2e 66 61 69 6c 65 64 45 76 74 73 2c 38 30 30 32 2c 70 2e 73 65 6e 64 54 79 70 65 29 7d 66 75 6e 63 74 69 6f 6e 20 62 65 28 70 2c 62 29 7b 55 26 26 57 28 70 2c 66 75 6e 63 74 69 6f 6e 28 77 29 7b 76 61 72 20 4d 3d 77 2e 74 69 6d 69 6e 67 73 3d 77 2e 74 69 6d 69 6e 67 73 7c 7c 7b 7d 3b 4d 6e 28 4d 2c 22 73 65 6e 64 45 76 Data Ascii: Completed:w,sendReason:M}},p.isSync)}p.sizeExceed&&p.sizeExceed.length>0&&lt(p.sizeExceed,8003,p.sendType),p.failedEvts&&p.failedEvts.length>0&&lt(p.failedEvts,8002,p.sendType)}function be(p,b){U&&W(p,function(w){var M=w.timings=w.timings\|\|{};Mn(M,"sendEv
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 7b 74 2e 73 65 74 49 64 3d 66 75 6e 63 74 69 6f 6e 28 72 29 7b 74 2e 63 75 73 74 6f 6d 49 64 3d 72 7d 2c 74 2e 67 65 74 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 48 6e 28 74 2e 63 75 73 74 6f 6d 49 64 29 3f 74 2e 63 75 73 74 6f 6d 49 64 3a 74 2e 61 75 74 6f 6d 61 74 69 63 49 64 7d 7d 29 7d 72 65 74 75 72 6e 20 6e 2e 5f 73 74 61 74 69 63 49 6e 69 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 63 74 28 6e 2e 70 72 6f 74 6f 74 79 70 65 2c 22 69 64 22 2c 4b 49 2c 7a 49 29 7d 28 29 2c 6e 7d 28 29 2c 6d 64 3d 22 61 69 5f 73 65 73 73 69 6f 6e 22 2c 57 49 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 74 2c 72 29 7b 76 61 72 20 65 2c 69 3d 43 67 28 74 29 2c 61 3d 64 74 28 74 29 2c 6f 3b 44 74 28 6e 2c 74 68 69 73 2c 66 75 6e 63 Data Ascii: {t.setId=function(r){t.customId=r},t.getId=function(){return Hn(t.customId)?t.customId:t.automaticId}})}return n._staticInit=function(){ct(n.prototype,"id",KI,zI)}(),n}(),md="ai_session",WI=function(){function n(t,r){var e,i=Cg(t),a=dt(t),o;Dt(n,this,func
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 3d 67 6c 6f 62 61 6c 54 68 69 73 29 2c 21 6e 26 26 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 6e 6f 26 26 28 6e 3d 73 65 6c 66 29 2c 21 6e 26 26 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 21 3d 3d 6e 6f 26 26 28 6e 3d 77 69 6e 64 6f 77 29 2c 21 6e 26 26 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 21 3d 3d 6e 6f 26 26 28 6e 3d 67 6c 6f 62 61 6c 29 2c 6e 7c 7c 7b 7d 7d 76 61 72 20 4c 64 3d 78 79 28 29 2c 74 63 3d 4c 64 5b 24 64 5d 7c 7c 28 4c 64 5b 24 64 5d 3d 7b 6f 3a 28 5a 61 3d 7b 7d 2c 5a 61 5b 6e 63 5d 3d 21 30 2c 5a 61 5b 50 6f 5d 3d 21 30 2c 5a 61 29 2c 6e 3a 31 65 33 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 66 72 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 6e 26 26 4a 75 5b 75 72 5d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6e 2c 74 29 7d 66 75 6e Data Ascii: =globalThis),!n&&typeof self!==no&&(n=self),!n&&typeof window!==no&&(n=window),!n&&typeof global!==no&&(n=global),n\|\|{}}var Ld=xy(),tc=Ld[$d]\|\|(Ld[$d]={o:(Za={},Za[nc]=!0,Za[Po]=!0,Za),n:1e3});function fr(n,t){return n&&Ju[ur].hasOwnProperty.call(n,t)}fun
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 6f 5f 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 77 6e 28 6e 5b 74 5d 29 3f 6e 5b 74 5d 28 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 75 5f 28 6e 2c 74 29 7b 76 61 72 20 72 3d 6e 7c 7c 6f 6e 3b 72 65 74 75 72 6e 20 67 72 28 74 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 72 2b 3d 22 3b 20 22 2b 65 2b 28 45 6e 28 69 29 3f 6f 6e 3a 22 3d 22 2b 69 29 7d 29 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 61 44 28 6e 29 7b 76 61 72 20 74 3d 6f 6e 3b 69 66 28 6c 61 29 7b 76 61 72 20 72 3d 6c 61 5b 24 6c 5d 7c 7c 6f 6e 3b 65 5f 21 3d 3d 72 26 26 28 69 5f 3d 70 54 28 72 29 2c 65 5f 3d 72 29 2c 74 3d 6e 74 28 69 5f 5b 6e 5d 7c 7c 6f 6e 29 7d 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 66 5f 28 6e 2c 74 29 7b 6c Data Ascii: return t}function o_(n,t){return wn(n[t])?n[t]():null}function u_(n,t){var r=n\|\|on;return gr(t,function(e,i){r+="; "+e+(En(i)?on:"="+i)}),r}function aD(n){var t=on;if(la){var r=la[$l]\|\|on;e_!==r&&(i_=pT(r),e_=r),t=nt(i_[n]\|\|on)}return t}function f_(n,t){l
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 20 4f 75 28 6e 29 7b 76 61 72 20 74 3d 22 22 3b 69 66 28 6e 26 26 28 74 3d 6e 2e 74 79 70 65 4e 61 6d 65 7c 7c 6e 5b 52 74 5d 7c 7c 22 22 2c 21 74 29 29 74 72 79 7b 76 61 72 20 72 3d 2f 66 75 6e 63 74 69 6f 6e 20 28 2e 7b 31 2c 32 30 30 7d 29 5c 28 2f 2c 65 3d 72 2e 65 78 65 63 28 6e 2e 63 6f 6e 73 74 72 75 63 74 6f 72 5b 4c 72 5d 28 29 29 3b 74 3d 65 26 26 65 5b 75 6e 5d 3e 31 3f 65 5b 31 5d 3a 22 22 7d 63 61 74 63 68 7b 7d 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 5a 66 28 6e 29 7b 69 66 28 6e 29 74 72 79 7b 69 66 28 21 7a 6e 28 6e 29 29 7b 76 61 72 20 74 3d 4f 75 28 6e 29 2c 72 3d 54 63 28 6e 2c 21 31 29 3b 72 65 74 75 72 6e 28 21 72 7c 7c 72 3d 3d 3d 22 7b 7d 22 29 26 26 28 6e 5b 4a 65 5d 26 26 28 6e 3d 6e 5b 4a 65 5d 2c 74 3d 4f 75 28 6e Data Ascii: Ou(n){var t="";if(n&&(t=n.typeName\|\|n[Rt]\|\|"",!t))try{var r=/function (.{1,200})\(/,e=r.exec(n.constructor[Lr]());t=e&&e[un]>1?e[1]:""}catch{}return t}function Zf(n){if(n)try{if(!zn(n)){var t=Ou(n),r=Tc(n,!1);return(!r\|\|r==="{}")&&(n[Je]&&(n=n[Je],t=Ou(n
2024-08-30 17:06:43 UTC	16384	IN	Data Raw: 7b 6e 61 6d 65 3a 6b 2c 70 72 6f 70 65 72 74 69 65 73 3a 51 2c 6d 65 61 73 75 72 65 6d 65 6e 74 73 3a 5f 6e 7d 29 7d 2c 69 3d 6e 65 77 20 55 5f 28 53 5b 65 74 5d 28 29 2c 22 74 72 61 63 6b 50 61 67 65 56 69 65 77 22 29 2c 69 2e 61 63 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 48 2c 7a 2c 51 2c 5f 6e 29 7b 45 6e 28 51 29 26 26 28 51 3d 7b 7d 29 2c 51 2e 64 75 72 61 74 69 6f 6e 3d 7a 5b 68 75 5d 28 29 3b 76 61 72 20 62 6e 3d 7b 6e 61 6d 65 3a 6b 2c 75 72 69 3a 48 2c 70 72 6f 70 65 72 74 69 65 73 3a 51 2c 6d 65 61 73 75 72 65 6d 65 6e 74 73 3a 5f 6e 7d 3b 53 5b 5a 72 5d 28 62 6e 2c 51 29 7d 2c 77 6c 28 29 26 26 28 63 6e 28 41 29 2c 65 6e 28 41 29 29 7d 63 61 74 63 68 28 6b 29 7b 74 68 72 6f 77 20 53 2e 73 65 74 49 6e 69 74 69 61 6c 69 7a 65 64 28 21 31 Data Ascii: {name:k,properties:Q,measurements:_n})},i=new U_(S[et](),"trackPageView"),i.action=function(k,H,z,Q,_n){En(Q)&&(Q={}),Q.duration=z[hu]();var bn={name:k,uri:H,properties:Q,measurements:_n};S[Zr](bn,Q)},wl()&&(cn(A),en(A))}catch(k){throw S.setInitialized(!1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.16	49859	20.114.189.70	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:43 UTC	627	OUT	POST /collect HTTP/1.1 Host: t.clarity.ms Connection: keep-alive Content-Length: 509 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/x-clarity-gzip sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:43 UTC	509	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a 5d 52 db 6a db 40 10 fd 95 65 1f 42 02 5b 69 2f da 95 94 60 4a 1a 4a da 26 ce 4b 0c a6 08 63 6c ed c8 16 d6 c5 95 95 c8 49 69 bf bd 33 be 10 28 82 65 ce 5c ce 9c d1 cc 6f 0e fc 3a e3 32 88 83 c8 72 a1 84 14 da 59 c1 c1 bf d6 cd db ae de 6c b8 e0 f9 fe dd 6d 3b 34 56 eb 5f e9 da 1f d3 e4 4c f0 05 d6 66 da 89 44 28 6d b4 48 15 3a 33 8b 48 fd e7 d0 89 e0 eb d2 7b 68 38 3a a8 83 89 04 9f bf 40 ff 5a 22 5f c6 4d 52 d8 c2 69 e9 5c a1 95 82 62 e9 63 99 5b a3 ed d2 6b 03 5e 62 19 bf 9b 7f 7f a6 5c 04 27 12 d2 91 f1 71 fb 5e 56 d5 22 b4 81 64 97 d3 b2 f1 ed b0 63 4f 13 a6 64 20 6f 18 3a 5c 74 c3 f6 2e ba 62 b7 db 6d 05 53 58 3e 94 7d 68 4d 1c 18 c7 2e 1f be 4d c6 8f 82 55 e5 06 d8 3d e4 9b f6 8a dd ad bb b6 86 50 a9 38 90 f4 b1 e7 45 Data Ascii: ]Rj@eB[i/`JJ&KclIi3(e\o:2rYlm;4V_LfD(mH:3H{h8:@Z"_MRi\bc[k^b\'q^V"dcOd o:\t.bmSX>}hM.MU=P8E
2024-08-30 17:06:43 UTC	276	IN	HTTP/1.1 204 No Content Server: nginx Date: Fri, 30 Aug 2024 17:06:43 GMT Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://www.microsoft.com Vary: Origin Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.16	49861	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:43 UTC	1039	OUT	GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Screenwidth-1280&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=839733 HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:43 UTC	866	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MUID=3A07D7FE513F607F01ECC3155058616C; domain=.bing.com; expires=Wed, 24-Sep-2025 17:06:43 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: MR=0; domain=bat.bing.com; expires=Fri, 06-Sep-2024 17:06:43 GMT; path=/; SameSite=None; Secure; Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 555A01AE06A94DAB857D8D3CE9E0F39D Ref B: EWR311000102045 Ref C: 2024-08-30T17:06:43Z Date: Fri, 30 Aug 2024 17:06:42 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.16	49860	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:43 UTC	887	OUT	GET /assets/js/edgefre-60438f27.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703
2024-08-30 17:06:43 UTC	1312	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:43 GMT Content-Type: text/javascript Content-Length: 5344 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858b5e0" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: IQa20xnuDUi6WkdU.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170643Z-16579567576w5bqfyu10zdac7g00000003ag00000000vy1u x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:43 UTC	5344	IN	Data Raw: 69 6d 70 6f 72 74 7b 69 20 61 73 20 75 2c 6d 20 61 73 20 70 2c 42 20 61 73 20 69 2c 49 20 61 73 20 6d 2c 5f 20 61 73 20 6c 2c 72 20 61 73 20 66 2c 74 20 61 73 20 77 2c 67 20 61 73 20 24 2c 78 20 61 73 20 61 2c 4a 20 61 73 20 62 2c 70 20 61 73 20 79 2c 6c 20 61 73 20 50 2c 73 20 61 73 20 76 2c 61 20 61 73 20 43 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 50 20 61 73 20 5f 7d 66 72 6f 6d 22 2e 2f 70 72 6f 64 75 63 74 2d 63 6f 6c 6c 65 63 74 69 6f 6e 2d 38 32 34 32 35 33 33 38 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 63 20 61 73 20 6b 7d 66 72 6f 6d 22 2e 2f 72 65 70 65 61 74 2d 63 64 38 39 38 33 64 66 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 74 20 61 73 20 49 2c 41 20 61 73 20 67 2c 70 20 61 73 20 44 7d 66 72 Data Ascii: import{i as u,m as p,B as i,I as m,_ as l,r as f,t as w,g as $,x as a,J as b,p as y,l as P,s as v,a as C}from"./index-ba29222d.js";import{P as _}from"./product-collection-82425338.js";import{c as k}from"./repeat-cd8983df.js";import{t as I,A as g,p as D}fr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.16	49862	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:43 UTC	1093	OUT	GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Screenheight-1024&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=272368 HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MUID=1560A2A6E1256FE32E35B64DE00C6E2C; MR=0
2024-08-30 17:06:43 UTC	763	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MSPTC=n8AjF0IQd-VYxJJ_GtD_9s0wbPaEGWX4g0tqcDl9280; domain=.bing.com; expires=Wed, 24-Sep-2025 17:06:43 GMT; path=/; Partitioned; secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 897990A5CF5442958148780988C5E2C5 Ref B: EWR30EDGE1019 Ref C: 2024-08-30T17:06:43Z Date: Fri, 30 Aug 2024 17:06:43 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.16	49863	13.107.42.14	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:43 UTC	1027	OUT	GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true HTTP/1.1 Host: px.ads.linkedin.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"
2024-08-30 17:06:43 UTC	1496	IN	HTTP/1.1 302 Found Location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1725037596734%26li_adsId%3D078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fep%253D0%2526es%253D139%2526form%253DMT00LJ%26cookiesTest%3Dtrue%26liSync%3Dtrue Set-Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; Max-Age=7776000; Expires=Thu, 28 Nov 2024 17:06:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure Set-Cookie: UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; Max-Age=2592000; Expires=Sun, 29 Sep 2024 17:06:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure Set-Cookie: AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA; Max-Age=2592000; Expires=Sun, 29 Sep 2024 17:06:43 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure Set-Cookie: bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 30-Aug-2025 17:06:43 GMT; SameSite=None LinkedIn-Action: 1 X-Li-Fabric: prod-lva1 X-Li-Pop: afd-prod-lva1-x X-Li-Proto: http/1.1 X-LI-UUID: AAYg6Z2XATCwa3+/G7p6tA== X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E884B1BED4694859B8756C2F11BEBF42 Ref B: EWR311000108017 Ref C: 2024-08-30T17:06:43Z Date: Fri, 30 Aug 2024 17:06:43 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.16	49864	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	1088	OUT	GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Other-Info-Pixelratio-1&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=813000 HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MR=0; MUID=3A07D7FE513F607F01ECC3155058616C
2024-08-30 17:06:44 UTC	763	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MSPTC=mkuY_oh3CUga6UDlwcXtqte4dFNbt_3JAFc_qLLpAok; domain=.bing.com; expires=Wed, 24-Sep-2025 17:06:44 GMT; path=/; Partitioned; secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: B06FC47E224D456C8DE39F8CC912E25B Ref B: EWR30EDGE1117 Ref C: 2024-08-30T17:06:44Z Date: Fri, 30 Aug 2024 17:06:43 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.16	49865	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	1125	OUT	GET /assets/js/product-collection-82425338.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:44 UTC	1314	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:44 GMT Content-Type: text/javascript Content-Length: 100491 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa859298b" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: kwJLITbrRUWvzMxL.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170644Z-16579567576phhfj0h0z9mnmag00000003mg0000000050hh x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:44 UTC	15070	IN	Data Raw: 69 6d 70 6f 72 74 7b 69 20 61 73 20 24 2c 73 20 61 73 20 74 74 2c 5f 20 61 73 20 6c 2c 64 2c 74 20 61 73 20 6b 2c 61 20 61 73 20 75 74 2c 78 20 61 73 20 61 2c 6c 20 61 73 20 62 2c 54 20 61 73 20 77 2c 72 20 61 73 20 53 2c 61 36 20 61 73 20 78 74 2c 42 20 61 73 20 75 2c 6d 20 61 73 20 63 2c 4a 20 61 73 20 78 2c 76 20 61 73 20 24 74 2c 77 20 61 73 20 6b 74 2c 79 20 61 73 20 66 2c 7a 20 61 73 20 57 2c 44 20 61 73 20 65 74 2c 45 20 61 73 20 43 74 2c 4f 20 61 73 20 50 74 2c 47 20 61 73 20 7a 74 2c 49 20 61 73 20 53 74 2c 4b 20 61 73 20 49 74 2c 61 32 20 61 73 20 67 74 2c 65 20 61 73 20 4c 74 2c 62 20 61 73 20 61 74 2c 6e 20 61 73 20 79 2c 70 20 61 73 20 6d 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 63 Data Ascii: import{i as $,s as tt,_ as l,d,t as k,a as ut,x as a,l as b,T as w,r as S,a6 as xt,B as u,m as c,J as x,v as $t,w as kt,y as f,z as W,D as et,E as Ct,O as Pt,G as zt,I as St,K as It,a2 as gt,e as Lt,b as at,n as y,p as m}from"./index-ba29222d.js";import{c
2024-08-30 17:06:44 UTC	16384	IN	Data Raw: 69 74 2d 6c 69 6e 65 2d 63 6c 61 6d 70 3a 20 35 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 24 7b 63 28 75 2e 78 73 29 7d 20 7b 0a 20 20 20 20 20 20 20 20 2e 70 72 6f 64 75 63 74 2d 77 69 64 65 2d 64 65 74 61 69 6c 73 20 2e 64 65 73 63 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 63 6c 61 6d 70 3a 20 35 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 2d 63 6c 61 6d 70 3a 20 35 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 70 72 6f 64 75 63 74 2d 77 69 64 65 2d 64 65 74 61 69 6c 73 20 2e 6e 6f 2d 72 65 76 69 65 77 20 2e 64 65 73 63 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 63 6c 61 6d 70 3a 20 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 2d 63 Data Ascii: it-line-clamp: 5; } ${c(u.xs)} { .product-wide-details .desc { line-clamp: 5; -webkit-line-clamp: 5; } .product-wide-details .no-review .desc { line-clamp: 7; -webkit-line-c
2024-08-30 17:06:44 UTC	16384	IN	Data Raw: 69 6d 61 72 79 2d 65 6c 65 6d 65 6e 74 2d 63 6f 6c 6f 72 29 3b 0a 20 20 20 20 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 2e 32 3b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 38 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 32 36 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 36 70 78 3b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 5b 64 69 72 3d 22 72 74 6c 22 5d 20 2e 6e 75 6d 62 65 72 2d 6f 76 65 72 6c 61 79 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 20 20 20 Data Ascii: imary-element-color); opacity: 0.2; display: flex; justify-content: center; width: 68px; left: 26px; bottom: 6px; position: relative; } [dir="rtl"] .number-overlay { left: 0;
2024-08-30 17:06:44 UTC	16384	IN	Data Raw: 0a 20 20 20 20 2d 2d 6d 61 78 2d 77 69 64 74 68 3a 20 32 30 72 65 6d 3b 0a 20 20 20 20 2d 2d 68 69 64 65 2d 64 65 6c 61 79 3a 20 30 6d 73 3b 0a 20 20 20 20 2d 2d 73 68 6f 77 2d 64 65 6c 61 79 3a 20 31 35 30 6d 73 3b 0a 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 63 6f 6e 74 65 6e 74 73 3b 0a 20 20 7d 0a 0a 20 20 2e 74 6f 6f 6c 74 69 70 20 7b 0a 20 20 20 20 2d 2d 61 72 72 6f 77 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 73 6c 2d 74 6f 6f 6c 74 69 70 2d 61 72 72 6f 77 2d 73 69 7a 65 29 3b 0a 20 20 20 20 2d 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 73 6c 2d 74 6f 6f 6c 74 69 70 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 29 3b 0a 20 20 7d 0a 0a 20 20 2e 74 6f 6f 6c 74 69 70 3a 3a 70 61 72 74 28 70 6f 70 75 70 29 20 7b 0a 20 20 20 20 7a 2d Data Ascii: --max-width: 20rem; --hide-delay: 0ms; --show-delay: 150ms; display: contents; } .tooltip { --arrow-size: var(--sl-tooltip-arrow-size); --arrow-color: var(--sl-tooltip-background-color); } .tooltip::part(popup) { z-
2024-08-30 17:06:44 UTC	16384	IN	Data Raw: 69 64 64 65 6e 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2f 2a 2a 20 56 61 72 69 61 62 6c 65 73 20 66 6f 72 20 77 69 64 65 20 70 72 6f 64 75 63 74 73 20 2a 2f 0a 20 20 20 20 2e 70 72 6f 64 75 63 74 73 2d 63 6f 6e 74 61 69 6e 65 72 2e 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 2d 2d 63 61 72 64 2d 68 65 69 67 68 74 3a 20 37 35 70 78 3b 0a 20 20 20 20 20 20 20 20 2d 2d 63 61 72 64 2d 77 69 64 74 68 3a 20 24 7b 49 28 22 31 30 30 25 22 2c 22 76 61 72 28 2d 2d 63 61 72 64 2d 73 70 61 63 69 6e 67 29 22 2c 22 76 61 72 28 2d 2d 77 69 64 65 2d 63 61 72 64 2d 6e 75 6d 29 22 29 7d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2f 2a 2a 20 56 61 72 69 61 62 6c 65 73 20 66 6f 72 20 77 69 64 65 2d 64 65 74 61 69 6c 73 20 70 72 6f 64 75 63 74 73 20 2a 2f 0a 20 20 20 20 2e 70 72 Data Ascii: idden; } /** Variables for wide products / .products-container.wide { --card-height: 75px; --card-width: ${I("100%","var(--card-spacing)","var(--wide-card-num)")}; } /* Variables for wide-details products */ .pr
2024-08-30 17:06:44 UTC	16384	IN	Data Raw: 2e 61 64 64 49 6d 70 72 65 73 73 69 6f 6e 54 72 61 63 6b 69 6e 67 28 74 68 69 73 29 7d 64 69 73 63 6f 6e 6e 65 63 74 65 64 43 61 6c 6c 62 61 63 6b 28 29 7b 73 75 70 65 72 2e 64 69 73 63 6f 6e 6e 65 63 74 65 64 43 61 6c 6c 62 61 63 6b 28 29 2c 74 68 69 73 2e 69 6e 66 69 6e 69 74 65 53 63 72 6f 6c 6c 65 72 2e 75 6e 77 61 74 63 68 28 29 2c 74 68 69 73 2e 70 72 6f 64 75 63 74 73 26 26 28 74 68 69 73 2e 70 72 6f 64 75 63 74 73 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 70 64 61 74 65 64 22 2c 74 68 69 73 2e 70 72 6f 64 75 63 74 73 55 70 64 61 74 65 64 4c 69 73 74 65 6e 65 72 29 2c 74 68 69 73 2e 70 72 6f 64 75 63 74 73 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 69 6e 67 63 68 61 6e 67 65 64 22 2c 74 Data Ascii: .addImpressionTracking(this)}disconnectedCallback(){super.disconnectedCallback(),this.infiniteScroller.unwatch(),this.products&&(this.products.removeEventListener("updated",this.productsUpdatedListener),this.products.removeEventListener("loadingchanged",t
2024-08-30 17:06:44 UTC	3501	IN	Data Raw: 72 22 29 7d 73 63 72 6f 6c 6c 50 72 6f 64 75 63 74 73 28 74 29 7b 6c 65 74 20 65 3d 41 72 72 61 79 2e 66 72 6f 6d 28 74 68 69 73 2e 70 72 6f 64 75 63 74 73 43 6f 6e 74 61 69 6e 65 72 52 65 66 2e 76 61 6c 75 65 3f 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 2e 70 72 6f 64 75 63 74 2d 63 61 72 64 2c 20 2e 70 72 6f 64 75 63 74 2d 73 6b 65 6c 65 74 6f 6e 22 29 7c 7c 5b 5d 29 3b 69 66 28 62 2e 69 73 52 74 6c 28 29 26 26 28 65 3d 65 2e 72 65 76 65 72 73 65 28 29 29 2c 65 26 26 74 68 69 73 2e 70 72 6f 64 75 63 74 73 43 6f 6e 74 61 69 6e 65 72 52 65 66 2e 76 61 6c 75 65 29 7b 63 6f 6e 73 74 20 72 3d 74 68 69 73 2e 70 72 6f 64 75 63 74 73 43 6f 6e 74 61 69 6e 65 72 52 65 66 2e 76 61 6c 75 65 2e 73 63 72 6f 6c 6c 4c 65 66 74 2c 69 3d 38 2c 6f 3d 74 68 Data Ascii: r")}scrollProducts(t){let e=Array.from(this.productsContainerRef.value?.querySelectorAll(".product-card, .product-skeleton")\|\|[]);if(b.isRtl()&&(e=e.reverse()),e&&this.productsContainerRef.value){const r=this.productsContainerRef.value.scrollLeft,i=8,o=th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.16	49867	150.171.28.10	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	1140	OUT	GET /action/0?ti=355008692&Ver=2&mid=61d92be6-10f8-42ba-9035-5d8cf46a0c96&sid=38f5b80066f211ef8e42955f49cff437&vid=38f5f62066f211efbd70c5325bd23ed0&vids=0&msclkid=N&ea=Action-Firstslide-AiIntro&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAA&rn=56903 HTTP/1.1 Host: bat.bing.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Edge-Shopping-Flag: 1 Sec-MS-GEC: 39EB8D917A024B6F10CCD004B3CCE9E2D19214DB9B497F37ECCD4EA6A73BA946 Sec-MS-GEC-Version: 1-117.0.2045.47 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MR=0; MUID=3A07D7FE513F607F01ECC3155058616C; MSPTC=n8AjF0IQd-VYxJJ_GtD_9s0wbPaEGWX4g0tqcDl9280
2024-08-30 17:06:44 UTC	763	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MSPTC=kplYPmvJd3U0GW8AdtrLaBOsc2CphFp9Yx0KXb7YXyA; domain=.bing.com; expires=Wed, 24-Sep-2025 17:06:44 GMT; path=/; Partitioned; secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AD3FF1221EC34F3F91479D67201270BB Ref B: EWR30EDGE0314 Ref C: 2024-08-30T17:06:44Z Date: Fri, 30 Aug 2024 17:06:43 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.16	49866	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	1113	OUT	GET /assets/js/repeat-cd8983df.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:44 UTC	1312	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:44 GMT Content-Type: text/javascript Content-Length: 1411 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a483" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: GiQ5clrBnU2oeXEF.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170644Z-16579567576ztstdfgdnkw0mpw00000003vg00000000axzd x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:44 UTC	1411	IN	Data Raw: 69 6d 70 6f 72 74 7b 55 20 61 73 20 67 2c 56 20 61 73 20 6b 2c 62 38 20 61 73 20 41 2c 58 20 61 73 20 6a 2c 62 39 20 61 73 20 70 2c 24 20 61 73 20 76 2c 62 61 20 61 73 20 24 2c 5a 20 61 73 20 43 2c 62 62 20 61 73 20 44 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 2f 2a 2a 0a 20 2a 20 40 6c 69 63 65 6e 73 65 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 37 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 2a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 42 53 44 2d 33 2d 43 6c 61 75 73 65 0a 20 2a 2f 63 6f 6e 73 74 20 77 3d 28 72 2c 66 2c 63 29 3d 3e 7b 63 6f 6e 73 74 20 68 3d 6e 65 77 20 4d 61 70 3b 66 6f 72 28 6c 65 74 20 65 3d 66 3b 65 3c 3d 63 3b 65 2b 2b 29 68 2e 73 65 74 28 72 5b 65 5d 2c Data Ascii: import{U as g,V as k,b8 as A,X as j,b9 as p,$ as v,ba as $,Z as C,bb as D}from"./index-ba29222d.js";/** * @license * Copyright 2017 Google LLC * SPDX-License-Identifier: BSD-3-Clause */const w=(r,f,c)=>{const h=new Map;for(let e=f;e<=c;e++)h.set(r[e],

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.16	49868	13.107.42.14	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	1354	OUT	GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1725037596734%26li_adsId%3D078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fep%253D0%2526es%253D139%2526form%253DMT00LJ%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1 Host: www.linkedin.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
2024-08-30 17:06:44 UTC	1080	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true&liSync=true Set-Cookie: bscookie="v=1&2024083017064475e6a515-160f-40b3-890f-04bd100b760fAQFAcXd2DQve0D16P4XYGdbKBI3nvDjq"; domain=.www.linkedin.com; Path=/; Secure; Expires=Sat, 30-Aug-2025 17:06:44 GMT; HttpOnly; SameSite=None LinkedIn-Action: 1 Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self' X-Li-Fabric: prod-lva1 X-Li-Pop: afd-prod-lva1-x X-Li-Proto: http/1.1 X-LI-UUID: AAYg6Z2jLTpOS1B5waneYQ== X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 11BCD41165A64B5AAD7A05658876FCEF Ref B: EWR30EDGE1608 Ref C: 2024-08-30T17:06:44Z Date: Fri, 30 Aug 2024 17:06:43 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.16	49869	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	639	OUT	GET /tag/uet/355008692?insights=1 HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
2024-08-30 17:06:44 UTC	379	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:44 GMT Content-Type: application/x-javascript Content-Length: 840 Connection: close Cache-Control: no-cache, no-store Expires: -1 Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2 x-azure-ref: 20240830T170644Z-16579567576pg4fvvmc18u0v4g00000003s000000000cww9 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-08-30 17:06:44 UTC	840	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 61 5b 63 5d 3d 61 5b 63 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 61 5b 63 5d 2e 71 3d 61 5b 63 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 73 79 6e 63 28 29 7b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 63 2e 67 69 66 22 7d 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 73 79 6e 63 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 73 79 6e 63 29 3b 61 5b 63 5d 28 22 6d 65 74 61 64 61 74 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 5b 63 5d 28 22 Data Ascii: !function(c,l,a,r,i,t,y){a[c]=a[c]\|\|function(){(a[c].q=a[c].q\|\|[]).push(arguments)};function sync(){(new Image).src="https://c.clarity.ms/c.gif"}"complete"==document.readyState?sync():window.addEventListener("load",sync);a[c]("metadata",(function(){a[c]("

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.16	49871	157.240.241.35	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:44 UTC	904	OUT	GET /tr/?id=1770559986549030&ev=PageView&dl=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&rl=&if=false&ts=1725037601867&sw=1280&sh=1024&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725037601863.431589390354711508&cs_est=true&ler=empty&it=1725037596688&coo=false&rqm=GET HTTP/1.1 Host: www.facebook.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:44 UTC	468	IN	HTTP/1.1 200 OK Content-Type: text/plain Access-Control-Allow-Origin: Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin Server: proxygen-bolt X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1392, tbw=3405, tp=-1, tpl=-1, uplat=0, ullat=0 Alt-Svc: h3=":443"; ma=86400 Date: Fri, 30 Aug 2024 17:06:44 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.16	49870	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:45 UTC	1121	OUT	GET /assets/js/chunk.5IDXW3BB-47ef1dc4.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:45 UTC	1313	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:45 GMT Content-Type: text/javascript Content-Length: 27765 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858cd75" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: uUb5Vca/KkyAhkMe.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170645Z-16579567576ztstdfgdnkw0mpw00000003v000000000d7td x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:45 UTC	15071	IN	Data Raw: 69 6d 70 6f 72 74 7b 62 6c 20 61 73 20 6c 2c 69 20 61 73 20 64 2c 77 20 61 73 20 70 2c 79 20 61 73 20 65 2c 64 20 61 73 20 73 2c 44 20 61 73 20 66 2c 45 20 61 73 20 6d 2c 78 20 61 73 20 79 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 2f 2a 2a 0a 20 2a 20 40 6c 69 63 65 6e 73 65 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 37 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 2a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 42 53 44 2d 33 2d 43 6c 61 75 73 65 0a 20 2a 2f 66 75 6e 63 74 69 6f 6e 20 75 28 61 29 7b 72 65 74 75 72 6e 28 6f 2c 72 29 3d 3e 6c 28 6f 2c 72 2c 7b 61 73 79 6e 63 20 67 65 74 28 29 7b 72 65 74 75 72 6e 20 61 77 61 69 74 20 74 68 69 73 2e 75 70 64 61 74 65 43 6f 6d 70 6c 65 Data Ascii: import{bl as l,i as d,w as p,y as e,d as s,D as f,E as m,x as y}from"./index-ba29222d.js";/** * @license * Copyright 2017 Google LLC * SPDX-License-Identifier: BSD-3-Clause */function u(a){return(o,r)=>l(o,r,{async get(){return await this.updateComple
2024-08-30 17:06:45 UTC	12694	IN	Data Raw: 33 64 28 31 2c 20 30 2c 20 30 2c 20 2d 32 30 64 65 67 29 22 2c 65 61 73 69 6e 67 3a 22 65 61 73 65 2d 69 6e 22 7d 2c 7b 6f 66 66 73 65 74 3a 2e 36 2c 74 72 61 6e 73 66 6f 72 6d 3a 22 70 65 72 73 70 65 63 74 69 76 65 28 34 30 30 70 78 29 20 72 6f 74 61 74 65 33 64 28 31 2c 20 30 2c 20 30 2c 20 31 30 64 65 67 29 22 2c 6f 70 61 63 69 74 79 3a 22 31 22 7d 2c 7b 6f 66 66 73 65 74 3a 2e 38 2c 74 72 61 6e 73 66 6f 72 6d 3a 22 70 65 72 73 70 65 63 74 69 76 65 28 34 30 30 70 78 29 20 72 6f 74 61 74 65 33 64 28 31 2c 20 30 2c 20 30 2c 20 2d 35 64 65 67 29 22 7d 2c 7b 6f 66 66 73 65 74 3a 31 2c 74 72 61 6e 73 66 6f 72 6d 3a 22 70 65 72 73 70 65 63 74 69 76 65 28 34 30 30 70 78 29 22 7d 5d 2c 4f 74 3d 5b 7b 6f 66 66 73 65 74 3a 30 2c 74 72 61 6e 73 66 6f 72 6d 3a 22 Data Ascii: 3d(1, 0, 0, -20deg)",easing:"ease-in"},{offset:.6,transform:"perspective(400px) rotate3d(1, 0, 0, 10deg)",opacity:"1"},{offset:.8,transform:"perspective(400px) rotate3d(1, 0, 0, -5deg)"},{offset:1,transform:"perspective(400px)"}],Ot=[{offset:0,transform:"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.16	49873	13.107.42.14	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:45 UTC	1245	OUT	GET /collect?v=2&fmt=js&pid=7850&time=1725037596734&li_adsId=078d6a50-d34e-4bd3-9bfd-1cb25e8a5a44&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fep%3D0%26es%3D139%26form%3DMT00LJ&cookiesTest=true&liSync=true HTTP/1.1 Host: px.ads.linkedin.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
2024-08-30 17:06:45 UTC	716	IN	HTTP/1.1 200 OK Content-Type: application/javascript Set-Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; Max-Age=7776000; Expires=Thu, 28 Nov 2024 17:06:45 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure Set-Cookie: bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 30-Aug-2025 17:06:45 GMT; SameSite=None LinkedIn-Action: 1 X-Li-Fabric: prod-lva1 X-Li-Pop: afd-prod-lva1-x X-Li-Proto: http/1.1 X-LI-UUID: AAYg6Z2vkPLK9Ay/byCniA== X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: DA9BA353D19244838DE2D3C61FB1E8B0 Ref B: EWR311000101053 Ref C: 2024-08-30T17:06:45Z Date: Fri, 30 Aug 2024 17:06:45 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.16	49872	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:45 UTC	1131	OUT	GET /assets/js/auto-complete-app-search-4c745443.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:45 UTC	1314	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:45 GMT Content-Type: text/javascript Content-Length: 116338 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa8596772" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: 2673ucjN90GAnDVr.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170645Z-16579567576phhfj0h0z9mnmag00000003e000000000vedp x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:45 UTC	15070	IN	Data Raw: 69 6d 70 6f 72 74 7b 69 20 61 73 20 24 2c 56 20 61 73 20 49 65 2c 54 20 61 73 20 72 65 2c 62 38 20 61 73 20 54 2c 62 62 20 61 73 20 4f 2c 55 20 61 73 20 6b 65 2c 77 20 61 73 20 70 65 2c 62 35 20 61 73 20 46 65 2c 79 20 61 73 20 6c 2c 7a 20 61 73 20 44 65 2c 72 20 61 73 20 70 2c 64 20 61 73 20 6f 2c 61 32 20 61 73 20 52 65 2c 44 20 61 73 20 4b 2c 45 20 61 73 20 67 65 2c 4f 20 61 73 20 53 65 2c 78 20 61 73 20 73 2c 47 20 61 73 20 57 2c 6c 20 61 73 20 64 2c 73 20 61 73 20 5a 2c 5f 20 61 73 20 6e 2c 74 20 61 73 20 42 2c 61 20 61 73 20 41 2c 6d 20 61 73 20 7a 2c 42 20 61 73 20 49 2c 76 20 61 73 20 4c 2c 62 63 20 61 73 20 54 65 2c 62 20 61 73 20 53 2c 62 64 20 61 73 20 4f 65 2c 62 65 20 61 73 20 41 65 2c 4e 20 61 73 20 4c 65 2c 61 33 20 61 73 20 55 65 2c 4a 20 Data Ascii: import{i as $,V as Ie,T as re,b8 as T,bb as O,U as ke,w as pe,b5 as Fe,y as l,z as De,r as p,d as o,a2 as Re,D as K,E as ge,O as Se,x as s,G as W,l as d,s as Z,_ as n,t as B,a as A,m as z,B as I,v as L,bc as Te,b as S,bd as Oe,be as Ae,N as Le,a3 as Ue,J
2024-08-30 17:06:45 UTC	16384	IN	Data Raw: 65 72 28 45 65 28 74 29 29 2c 63 3d 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 4d 6f 6e 74 68 28 29 3b 69 66 28 61 3e 63 29 72 65 74 75 72 6e 21 30 3b 69 66 28 61 3d 3d 3d 63 29 7b 63 6f 6e 73 74 20 68 3d 4e 75 6d 62 65 72 28 42 65 28 74 29 29 2c 67 3d 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 44 61 74 65 28 29 3b 72 65 74 75 72 6e 20 68 3e 67 7d 7d 72 65 74 75 72 6e 21 31 7d 63 6f 6e 73 74 20 69 74 3d 24 60 0a 20 20 20 20 2e 70 72 69 63 65 2d 63 6f 6e 74 61 69 6e 65 72 2c 20 2e 74 61 6c 6c 2d 70 72 69 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 70 78 20 38 70 78 20 33 70 78 20 38 70 78 3b 0a 20 20 20 20 20 20 20 20 66 Data Ascii: er(Ee(t)),c=new Date().getMonth();if(a>c)return!0;if(a===c){const h=Number(Be(t)),g=new Date().getDate();return h>g}}return!1}const it=$` .price-container, .tall-price-container { border-radius: 4px; padding: 2px 8px 3px 8px; f
2024-08-30 17:06:45 UTC	16384	IN	Data Raw: 2d 65 6c 65 6d 65 6e 74 2d 63 6f 6c 6f 72 29 29 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 34 36 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 31 38 30 70 78 3b 0a 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 76 61 72 28 2d 2d 73 6c 2d 66 6f 6e 74 2d 77 65 69 67 68 74 2d 73 65 6d 69 62 6f 6c 64 29 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 61 72 28 2d 2d 68 65 Data Ascii: -element-color)); height: 46px; min-height: auto; min-width: 180px; align-items: center; font-weight: var(--sl-font-weight-semibold); font-size: 18px; line-height: 24px; font-family: var(--he
2024-08-30 17:06:45 UTC	16384	IN	Data Raw: 5f 2e 43 74 61 43 6c 69 63 6b 65 64 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 6c 65 6d 65 74 72 79 2d 64 61 74 61 3d 27 7b 20 22 69 74 65 6d 49 64 22 3a 20 22 24 7b 65 2e 70 72 6f 64 75 63 74 49 64 7d 22 2c 20 22 69 74 65 6d 4e 61 6d 65 22 3a 20 22 24 7b 65 2e 74 69 74 6c 65 7d 22 20 7d 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3f 64 69 73 61 62 6c 65 64 3d 22 24 7b 74 68 69 73 2e 64 69 73 61 62 6c 65 64 7d 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 24 7b 62 Data Ascii: _.CtaClicked} telemetry-data='{ "itemId": "${e.productId}", "itemName": "${e.title}" }' tabindex="-1" ?disabled="${this.disabled}" rel="nofollow" href="${b
2024-08-30 17:06:45 UTC	16384	IN	Data Raw: 2c 0a 20 20 2e 69 6e 70 75 74 5f 5f 63 6f 6e 74 72 6f 6c 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 63 61 6e 63 65 6c 2d 62 75 74 74 6f 6e 2c 0a 20 20 2e 69 6e 70 75 74 5f 5f 63 6f 6e 74 72 6f 6c 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 72 65 73 75 6c 74 73 2d 62 75 74 74 6f 6e 2c 0a 20 20 2e 69 6e 70 75 74 5f 5f 63 6f 6e 74 72 6f 6c 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 72 65 73 75 6c 74 73 2d 64 65 63 6f 72 61 74 69 6f 6e 20 7b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 2e 69 6e 70 75 74 5f 5f 63 6f 6e 74 72 6f 6c 3a 2d 77 65 62 6b 69 74 2d 61 75 74 6f 66 69 6c 6c 2c 0a 20 20 2e 69 6e 70 75 74 5f 5f 63 6f 6e 74 72 6f 6c 3a 2d 77 65 62 6b 69 74 2d 61 75 Data Ascii: , .input__control::-webkit-search-cancel-button, .input__control::-webkit-search-results-button, .input__control::-webkit-search-results-decoration { -webkit-appearance: none; } .input__control:-webkit-autofill, .input__control:-webkit-au
2024-08-30 17:06:45 UTC	16384	IN	Data Raw: 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 70 61 73 73 77 6f 72 64 56 69 73 69 62 6c 65 22 2c 32 29 3b 6c 28 5b 6f 28 7b 61 74 74 72 69 62 75 74 65 3a 22 6e 6f 2d 73 70 69 6e 2d 62 75 74 74 6f 6e 73 22 2c 74 79 70 65 3a 42 6f 6f 6c 65 61 6e 7d 29 5d 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6e 6f 53 70 69 6e 42 75 74 74 6f 6e 73 22 2c 32 29 3b 6c 28 5b 6f 28 7b 72 65 66 6c 65 63 74 3a 21 30 7d 29 5d 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 66 6f 72 6d 22 2c 32 29 3b 6c 28 5b 6f 28 7b 74 79 70 65 3a 42 6f 6f 6c 65 61 6e 2c 72 65 66 6c 65 63 74 3a 21 30 7d 29 5d 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 72 65 71 75 69 72 65 64 22 2c 32 29 3b 6c 28 5b 6f 28 29 5d 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 70 61 74 74 65 72 6e 22 2c 32 29 3b 6c 28 5b 6f 28 7b Data Ascii: ,u.prototype,"passwordVisible",2);l([o({attribute:"no-spin-buttons",type:Boolean})],u.prototype,"noSpinButtons",2);l([o({reflect:!0})],u.prototype,"form",2);l([o({type:Boolean,reflect:!0})],u.prototype,"required",2);l([o()],u.prototype,"pattern",2);l([o({
2024-08-30 17:06:45 UTC	16384	IN	Data Raw: 74 7d 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 6c 2d 61 6e 69 6d 61 74 69 6f 6e 20 6e 61 6d 65 3d 22 70 75 6c 73 65 22 20 65 61 73 69 6e 67 3d 22 65 61 73 65 2d 6f 75 74 22 20 64 75 72 61 74 69 6f 6e 3d 22 32 35 30 22 20 3f 70 6c 61 79 3d 24 7b 74 68 69 73 2e 69 73 43 6c 69 63 6b 65 64 7d 20 69 74 65 72 61 74 69 6f 6e 73 3d 22 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 70 72 6f 64 75 63 74 2d 69 6d 61 67 65 22 20 77 69 64 74 68 3d 22 38 30 22 20 68 65 69 67 68 74 3d 22 38 30 22 20 73 72 63 3d 22 24 7b 65 7d 22 20 61 6c 74 3d 22 22 20 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 6c 2d Data Ascii: t}"></div> <sl-animation name="pulse" easing="ease-out" duration="250" ?play=${this.isClicked} iterations="1"> <img class="product-image" width="80" height="80" src="${e}" alt="" loading="lazy" /> </sl-
2024-08-30 17:06:45 UTC	2964	IN	Data Raw: 79 53 65 6c 65 63 74 6f 72 28 22 73 6c 2d 76 69 73 75 61 6c 6c 79 2d 68 69 64 64 65 6e 22 29 3b 69 66 28 74 29 7b 63 6f 6e 73 74 20 72 3d 74 68 69 73 2e 73 65 61 72 63 68 52 65 73 75 6c 74 73 2e 6c 65 6e 67 74 68 2b 74 68 69 73 2e 61 75 74 6f 73 75 67 67 65 73 74 50 72 6f 64 75 63 74 73 2e 6c 65 6e 67 74 68 3b 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 64 2e 67 65 74 46 6f 72 6d 61 74 74 65 64 28 22 53 65 61 72 63 68 2e 41 6e 6e 6f 75 6e 63 65 53 75 67 67 65 73 74 69 6f 6e 22 2c 72 2c 74 68 69 73 2e 71 75 65 72 79 29 7d 74 68 69 73 2e 69 73 53 65 61 72 63 68 69 6e 67 3d 21 31 7d 29 7d 2c 24 65 2e 64 65 62 6f 75 6e 63 65 54 69 6d 65 4d 73 29 7d 72 65 6e 64 65 72 41 6e 6e 6f 75 6e 63 65 6d 65 6e 74 28 29 7b 72 65 74 75 72 6e 20 73 60 0a 20 20 20 20 20 20 20 Data Ascii: ySelector("sl-visually-hidden");if(t){const r=this.searchResults.length+this.autosuggestProducts.length;t.textContent=d.getFormatted("Search.AnnounceSuggestion",r,this.query)}this.isSearching=!1})},$e.debounceTimeMs)}renderAnnouncement(){return s`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.16	49875	13.107.42.14	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:45 UTC	1072	OUT	POST /wa/ HTTP/1.1 Host: px.ads.linkedin.com Connection: keep-alive Content-Length: 387 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: * Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: li_sugr=f39ca0a8-c5de-4fcb-aa72-9c77f85e76d1; bcookie="v=2&e6f4abe6-c4a7-4806-80d1-ee4a9f15b121"; lidc="b=VGST06:s=V:r=V:a=V:p=V:g=3077:u=1:x=1:i=1725037602:t=1725124002:v=2:sig=AQGdE2g5RVTETIlJfj2i2kcolYLqitvK"; UserMatchHistory=AQJy9rNUSs5PdgAAAZGkQOtKXKeyxUHATsFhfvs9rKjWDge5bO_-NuD4_YJV77Ti2mYAW-x6pQeDvQ; AnalyticsSyncHistory=AQK5WozyfdfQWQAAAZGkQOtKJDCxsUtQkc9q-6juCZNwyv_6jA3JtrldqytKKEFgE7aw4x5wizvOnoMvH1Y8eA
2024-08-30 17:06:45 UTC	387	OUT	Data Raw: 7b 22 70 69 64 73 22 3a 5b 37 38 35 30 5d 2c 22 73 63 72 69 70 74 56 65 72 73 69 6f 6e 22 3a 31 37 32 2c 22 74 69 6d 65 22 3a 31 37 32 35 30 33 37 36 30 34 33 36 35 2c 22 64 6f 6d 61 69 6e 22 3a 22 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 67 62 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 30 26 65 73 3d 31 33 39 26 66 6f 72 6d 3d 4d 54 30 30 4c 4a 22 2c 22 70 61 67 65 54 69 74 6c 65 22 3a 22 57 65 6c 63 6f 6d 65 20 74 6f 20 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 2c 22 77 65 62 73 69 74 65 53 69 67 6e 61 6c 52 65 71 75 65 73 74 49 64 22 3a 22 64 35 66 34 65 33 39 35 2d 31 33 38 39 2d 34 61 33 63 2d 33 37 34 61 2d 64 36 65 37 39 61 62 66 37 66 62 Data Ascii: {"pids":[7850],"scriptVersion":172,"time":1725037604365,"domain":"microsoft.com","url":"https://microsoft.com/en-gb/edge/welcome?ep=0&es=139&form=MT00LJ","pageTitle":"Welcome to Microsoft Edge","websiteSignalRequestId":"d5f4e395-1389-4a3c-374a-d6e79abf7fb
2024-08-30 17:06:46 UTC	452	IN	HTTP/1.1 204 No Content Vary: Origin LinkedIn-Action: 1 Access-Control-Allow-Origin: https://www.microsoft.com Access-Control-Allow-Credentials: true X-Li-Fabric: prod-lva1 X-Li-Pop: afd-prod-lva1-x X-Li-Proto: http/1.1 X-LI-UUID: AAYg6Z26fb1Ij9atIFpmSg== X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: CE86C94FB7444438A2C730978468A222 Ref B: EWR30EDGE0207 Ref C: 2024-08-30T17:06:45Z Date: Fri, 30 Aug 2024 17:06:45 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.16	49874	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:45 UTC	1121	OUT	GET /assets/js/chunk.W3CH77FZ-5cd86aed.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:46 UTC	1313	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:46 GMT Content-Type: text/javascript Content-Length: 40794 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa8583e5a" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: G+ANoQQdDk2gwUhK.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170645Z-16579567576s4v5z9ks8mdk6fw00000003m000000000gsww x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:46 UTC	15071	IN	Data Raw: 69 6d 70 6f 72 74 7b 69 20 61 73 20 6d 74 2c 77 20 61 73 20 67 74 2c 79 20 61 73 20 62 2c 7a 20 61 73 20 65 74 2c 45 20 61 73 20 62 74 2c 78 20 61 73 20 59 2c 65 20 61 73 20 48 74 2c 6e 20 61 73 20 56 74 2c 64 20 61 73 20 77 2c 62 37 20 61 73 20 57 74 2c 52 20 61 73 20 6a 74 2c 47 20 61 73 20 70 74 2c 62 35 20 61 73 20 59 74 2c 62 69 20 61 73 20 58 74 2c 44 20 61 73 20 79 74 2c 4f 20 61 73 20 71 74 2c 48 20 61 73 20 55 74 2c 62 6a 20 61 73 20 4b 74 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 76 61 72 20 47 74 3d 6d 74 60 0a 20 20 3a 68 6f 73 74 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 Data Ascii: import{i as mt,w as gt,y as b,z as et,E as bt,x as Y,e as Ht,n as Vt,d as w,b7 as Wt,R as jt,G as pt,b5 as Yt,bi as Xt,D as yt,O as qt,H as Ut,bj as Kt}from"./index-ba29222d.js";var Gt=mt` :host { display: block; position: relative; backgrou
2024-08-30 17:06:46 UTC	16384	IN	Data Raw: 66 2c 69 6e 69 74 69 61 6c 50 6c 61 63 65 6d 65 6e 74 3a 69 2c 70 6c 61 63 65 6d 65 6e 74 3a 64 2c 73 74 72 61 74 65 67 79 3a 6f 2c 6d 69 64 64 6c 65 77 61 72 65 44 61 74 61 3a 75 2c 72 65 63 74 73 3a 63 2c 70 6c 61 74 66 6f 72 6d 3a 73 2c 65 6c 65 6d 65 6e 74 73 3a 7b 72 65 66 65 72 65 6e 63 65 3a 74 2c 66 6c 6f 61 74 69 6e 67 3a 65 7d 7d 29 3b 69 66 28 68 3d 76 3f 3f 68 2c 66 3d 43 3f 3f 66 2c 75 3d 7b 2e 2e 2e 75 2c 5b 79 5d 3a 7b 2e 2e 2e 75 5b 79 5d 2c 2e 2e 2e 45 7d 7d 2c 53 26 26 70 3c 3d 35 30 29 7b 70 2b 2b 2c 74 79 70 65 6f 66 20 53 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 53 2e 70 6c 61 63 65 6d 65 6e 74 26 26 28 64 3d 53 2e 70 6c 61 63 65 6d 65 6e 74 29 2c 53 2e 72 65 63 74 73 26 26 28 63 3d 53 2e 72 65 63 74 73 3d 3d 3d 21 30 3f 61 77 61 69 74 Data Ascii: f,initialPlacement:i,placement:d,strategy:o,middlewareData:u,rects:c,platform:s,elements:{reference:t,floating:e}});if(h=v??h,f=C??f,u={...u,[y]:{...u[y],...E}},S&&p<=50){p++,typeof S=="object"&&(S.placement&&(d=S.placement),S.rects&&(c=S.rects===!0?await
2024-08-30 17:06:46 UTC	9339	IN	Data Raw: 6f 72 22 29 26 26 74 68 69 73 2e 68 61 6e 64 6c 65 41 6e 63 68 6f 72 43 68 61 6e 67 65 28 29 2c 74 68 69 73 2e 61 63 74 69 76 65 26 26 28 61 77 61 69 74 20 74 68 69 73 2e 75 70 64 61 74 65 43 6f 6d 70 6c 65 74 65 2c 74 68 69 73 2e 72 65 70 6f 73 69 74 69 6f 6e 28 29 29 7d 61 73 79 6e 63 20 68 61 6e 64 6c 65 41 6e 63 68 6f 72 43 68 61 6e 67 65 28 29 7b 69 66 28 61 77 61 69 74 20 74 68 69 73 2e 73 74 6f 70 28 29 2c 74 68 69 73 2e 61 6e 63 68 6f 72 26 26 74 79 70 65 6f 66 20 74 68 69 73 2e 61 6e 63 68 6f 72 3d 3d 22 73 74 72 69 6e 67 22 29 7b 63 6f 6e 73 74 20 74 3d 74 68 69 73 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 28 29 3b 74 68 69 73 2e 61 6e 63 68 6f 72 45 6c 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 74 68 69 73 2e 61 6e 63 68 6f 72 29 7d 65 6c Data Ascii: or")&&this.handleAnchorChange(),this.active&&(await this.updateComplete,this.reposition())}async handleAnchorChange(){if(await this.stop(),this.anchor&&typeof this.anchor=="string"){const t=this.getRootNode();this.anchorEl=t.getElementById(this.anchor)}el

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.16	49876	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:46 UTC	1116	OUT	GET /assets/js/style-map-64223e1f.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:46 UTC	1220	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:46 GMT Content-Type: text/javascript Content-Length: 1004 Connection: close Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a2ec" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: h2/lG5Ta5EaDPIeX.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170646Z-16579567576c4hpgz3uh2pbn5g00000003h000000000u7ez x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:46 UTC	1004	IN	Data Raw: 69 6d 70 6f 72 74 7b 55 20 61 73 20 6c 2c 56 20 61 73 20 75 2c 62 38 20 61 73 20 63 2c 62 62 20 61 73 20 61 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 2f 2a 2a 0a 20 2a 20 40 6c 69 63 65 6e 73 65 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 38 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 2a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 42 53 44 2d 33 2d 43 6c 61 75 73 65 0a 20 2a 2f 63 6f 6e 73 74 20 6f 3d 22 69 6d 70 6f 72 74 61 6e 74 22 2c 64 3d 22 20 21 22 2b 6f 2c 68 3d 6c 28 63 6c 61 73 73 20 65 78 74 65 6e 64 73 20 75 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 73 29 7b 69 66 28 73 75 70 65 72 28 73 29 2c 73 2e 74 79 70 65 21 3d 3d 63 2e 41 54 54 52 49 42 55 54 45 7c 7c 73 2e 6e 61 6d Data Ascii: import{U as l,V as u,b8 as c,bb as a}from"./index-ba29222d.js";/** * @license * Copyright 2018 Google LLC * SPDX-License-Identifier: BSD-3-Clause */const o="important",d=" !"+o,h=l(class extends u{constructor(s){if(super(s),s.type!==c.ATTRIBUTE\|\|s.nam

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.16	49877	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:46 UTC	1121	OUT	GET /assets/js/chunk.5SKBN5CP-54fd1c52.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:46 UTC	1219	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:46 GMT Content-Type: text/javascript Content-Length: 100 Connection: close Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a164" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: nNBbzGDYNUycy470.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170646Z-16579567576gnfmq2acf56mm7000000003f000000000q4ku x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:46 UTC	100	IN	Data Raw: 69 6d 70 6f 72 74 7b 53 20 61 73 20 6f 7d 66 72 6f 6d 22 2e 2f 63 68 75 6e 6b 2e 44 42 47 37 57 34 47 53 2d 32 65 32 65 61 62 34 61 2e 6a 73 22 3b 76 61 72 20 6e 3d 6f 3b 6f 2e 64 65 66 69 6e 65 28 22 73 6c 2d 69 63 6f 6e 2d 62 75 74 74 6f 6e 22 29 3b 65 78 70 6f 72 74 7b 6e 20 61 73 20 69 7d 3b 0a Data Ascii: import{S as o}from"./chunk.DBG7W4GS-2e2eab4a.js";var n=o;o.define("sl-icon-button");export{n as i};

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.16	49878	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:47 UTC	1121	OUT	GET /assets/js/chunk.DBG7W4GS-2e2eab4a.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:47 UTC	1312	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:47 GMT Content-Type: text/javascript Content-Length: 2880 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858aa40" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: fkz4+taTg0+dnIS/.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170647Z-16579567576qxwrndb60my3nes00000003k000000000r6xz x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:47 UTC	2880	IN	Data Raw: 69 6d 70 6f 72 74 7b 69 20 61 73 20 72 2c 77 20 61 73 20 6c 2c 62 35 20 61 73 20 63 2c 79 20 61 73 20 65 2c 7a 20 61 73 20 75 2c 72 20 61 73 20 64 2c 64 20 61 73 20 69 2c 45 20 61 73 20 62 2c 62 36 20 61 73 20 61 2c 62 34 20 61 73 20 68 2c 47 20 61 73 20 70 2c 70 20 61 73 20 73 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 76 61 72 20 66 3d 72 60 0a 20 20 3a 68 6f 73 74 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 73 6c 2d 63 6f 6c 6f 72 2d 6e 65 75 74 72 61 6c 2d 36 30 30 29 3b 0a 20 20 7d 0a 0a 20 20 2e 69 63 6f 6e 2d 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 64 69 73 Data Ascii: import{i as r,w as l,b5 as c,y as e,z as u,r as d,d as i,E as b,b6 as a,b4 as h,G as p,p as s}from"./index-ba29222d.js";var f=r` :host { display: inline-block; color: var(--sl-color-neutral-600); } .icon-button { flex: 0 0 auto; dis

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.16	49879	20.114.189.70	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:47 UTC	627	OUT	POST /collect HTTP/1.1 Host: t.clarity.ms Connection: keep-alive Content-Length: 225 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/x-clarity-gzip sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Origin: https://www.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:47 UTC	225	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a 8d 90 c1 6e 83 30 0c 86 df c5 67 83 1c 27 4e c9 ae 3b ed 19 50 54 01 09 05 75 74 5d a1 55 db 69 ef 3e 23 34 69 c7 c9 17 cb fe 7e f9 ff fd 05 19 5e 6a a0 72 57 3a 01 64 64 2f 68 43 10 84 9c 6e d3 e9 31 4f c7 23 20 74 f7 a7 3f 5f b4 39 0c 9f 61 48 80 06 09 29 22 34 2a af 79 67 1d b2 53 ec bd b9 8c cb 43 b9 74 3d 97 99 fb fb d0 7e b8 64 20 62 ed d8 13 2a 07 fb 19 b0 86 d7 0d 7d 3b cd e3 61 58 66 25 60 7f 5d 17 56 84 a8 f2 81 b7 51 5e a6 31 ad 73 6f 52 e0 36 fb c2 50 5f 15 8e db a6 08 64 a5 90 54 75 bd f3 0d 75 c1 eb e1 7f 61 51 fd ac 49 9d a6 30 6c 19 83 f9 d3 fc 96 54 6b c4 cd 38 e9 6f 84 82 2a f4 47 82 12 e3 f7 0f b1 96 02 63 3c 01 00 00 Data Ascii: n0g'N;PTut]Ui>#4i~^jrW:dd/hCn1O# t?_9aH)"4ygSCt=~d b};aXf%`]VQ^1soR6P_dTuuaQI0lTk8o*Gc<
2024-08-30 17:06:47 UTC	276	IN	HTTP/1.1 204 No Content Server: nginx Date: Fri, 30 Aug 2024 17:06:47 GMT Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://www.microsoft.com Vary: Origin Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.16	49880	52.240.245.67	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:47 UTC	579	OUT	OPTIONS //v2/track HTTP/1.1 Host: northcentralus-0.in.applicationinsights.azure.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://apps.microsoft.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:47 UTC	371	IN	HTTP/1.1 204 No Content Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context Access-Control-Allow-Methods: POST Access-Control-Max-Age: 3600 Date: Fri, 30 Aug 2024 17:06:46 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.16	49881	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:47 UTC	1119	OUT	GET /assets/js/css-function-c51f2c96.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:47 UTC	1219	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:47 GMT Content-Type: text/javascript Content-Length: 286 Connection: close Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a01e" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: A6UtCWlWDkmbPJWB.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170647Z-165795675767jvm9z21nmtw4wn00000003h00000000064w2 x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:47 UTC	286	IN	Data Raw: 69 6d 70 6f 72 74 7b 62 6b 20 61 73 20 6c 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 65 2c 73 3d 22 22 29 7b 63 6f 6e 73 74 20 74 3d 60 66 69 6c 74 65 72 3a 20 24 7b 65 7d 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 24 7b 73 7d 20 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 20 30 2c 20 30 29 3b 60 3b 72 65 74 75 72 6e 20 6c 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 2c 73 2c 74 2c 24 2c 66 29 7b 6c 65 74 20 72 3d 60 63 61 6c 63 28 28 24 7b 65 7d 20 2d 20 24 7b 73 7d 20 2a 20 28 24 7b 74 7d 20 2d 20 31 29 29 20 2f 20 24 7b 74 7d 29 60 3b 72 65 74 75 72 6e 20 24 3f 72 3d 60 6d 61 78 28 24 7b 72 7d 2c 20 24 7b 24 7d 29 60 3a 66 26 26 28 72 3d 60 6d 69 6e 28 24 7b 72 7d 2c 20 24 7b 66 7d 29 Data Ascii: import{bk as l}from"./index-ba29222d.js";function i(e,s=""){const t=`filter: ${e}; transform: ${s} translate3d(0, 0, 0);`;return l(t)}function o(e,s,t,$,f){let r=`calc((${e} - ${s} * (${t} - 1)) / ${t})`;return $?r=`max(${r}, ${$})`:f&&(r=`min(${r}, ${f})

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.16	49882	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:47 UTC	1119	OUT	GET /assets/js/image-helper-554340db.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:47 UTC	1312	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:47 GMT Content-Type: text/javascript Content-Length: 9328 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa8588570" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: NNUr3u4UfkiJIhyH.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170647Z-16579567576kv75wmks9m65qec00000003s000000000r5vr x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:47 UTC	9328	IN	Data Raw: 63 6f 6e 73 74 20 64 3d 63 6c 61 73 73 7b 7d 3b 64 2e 50 53 49 44 6f 77 6e 6c 6f 61 64 55 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 67 65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 69 6e 73 74 61 6c 6c 65 72 2f 64 6f 77 6e 6c 6f 61 64 2f 22 3b 64 2e 53 74 6f 72 65 50 72 6f 74 6f 63 6f 6c 3d 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 2f 2f 22 3b 64 2e 53 74 6f 72 65 50 64 70 55 72 6c 3d 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 2f 2f 70 64 70 22 3b 64 2e 45 64 69 74 6f 72 69 61 6c 55 72 6c 3d 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 2f 2f 65 64 69 74 6f 72 69 61 6c 22 3b 64 2e 43 6f 6c 6c 65 63 74 69 6f 6e 55 72 6c 3d 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 2f 2f 63 6f 6c 6c 65 63 74 69 6f 6e 22 3b 64 2e 42 Data Ascii: const d=class{};d.PSIDownloadUrl="https://get.microsoft.com/installer/download/";d.StoreProtocol="ms-windows-store://";d.StorePdpUrl="ms-windows-store://pdp";d.EditorialUrl="ms-windows-store://editorial";d.CollectionUrl="ms-windows-store://collection";d.B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.16	49883	52.240.245.67	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:48 UTC	678	OUT	POST //v2/track HTTP/1.1 Host: northcentralus-0.in.applicationinsights.azure.com Connection: keep-alive Content-Length: 1479 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-type: application/json Accept: / Origin: https://apps.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:48 UTC	1479	OUT	Data Raw: 5b 7b 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 31 37 3a 30 36 3a 34 31 2e 37 39 37 5a 22 2c 22 69 4b 65 79 22 3a 22 35 65 34 33 61 35 66 36 2d 61 39 32 61 2d 34 30 64 61 2d 62 36 62 63 2d 35 39 66 30 32 61 37 32 37 32 61 35 22 2c 22 6e 61 6d 65 22 3a 22 4d 69 63 72 6f 73 6f 66 74 2e 41 70 70 6c 69 63 61 74 69 6f 6e 49 6e 73 69 67 68 74 73 2e 35 65 34 33 61 35 66 36 61 39 32 61 34 30 64 61 62 36 62 63 35 39 66 30 32 61 37 32 37 32 61 35 2e 45 76 65 6e 74 22 2c 22 74 61 67 73 22 3a 7b 22 61 69 2e 75 73 65 72 2e 69 64 22 3a 22 39 72 4d 70 50 30 51 6e 36 71 4e 53 58 75 69 78 65 4b 73 6a 50 4a 22 2c 22 61 69 2e 73 65 73 73 69 6f 6e 2e 69 64 22 3a 22 63 4a 37 61 31 47 72 39 75 58 4b 49 35 76 37 70 65 7a 66 6b 46 42 22 2c 22 61 69 2e 64 65 76 69 Data Ascii: [{"time":"2024-08-30T17:06:41.797Z","iKey":"5e43a5f6-a92a-40da-b6bc-59f02a7272a5","name":"Microsoft.ApplicationInsights.5e43a5f6a92a40dab6bc59f02a7272a5.Event","tags":{"ai.user.id":"9rMpP0Qn6qNSXuixeKsjPJ","ai.session.id":"cJ7a1Gr9uXKI5v7pezfkFB","ai.devi
2024-08-30 17:06:48 UTC	291	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Date: Fri, 30 Aug 2024 17:06:47 GMT Connection: close
2024-08-30 17:06:48 UTC	68	IN	Data Raw: 33 45 0d 0a 7b 22 69 74 65 6d 73 52 65 63 65 69 76 65 64 22 3a 31 2c 22 69 74 65 6d 73 41 63 63 65 70 74 65 64 22 3a 31 2c 22 61 70 70 49 64 22 3a 6e 75 6c 6c 2c 22 65 72 72 6f 72 73 22 3a 5b 5d 7d 0d 0a Data Ascii: 3E{"itemsReceived":1,"itemsAccepted":1,"appId":null,"errors":[]}
2024-08-30 17:06:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.16	49884	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:48 UTC	1130	OUT	GET /assets/js/prefers-themes-observer-d1f54912.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:48 UTC	1219	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:48 GMT Content-Type: text/javascript Content-Length: 499 Connection: close Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a0f3" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: x41MVWXZ3Euh9SMG.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170648Z-16579567576pgh4h94c7qn0kuc00000003m000000000nehu x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:48 UTC	499	IN	Data Raw: 63 6c 61 73 73 20 61 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 29 7b 74 68 69 73 2e 63 61 6c 6c 62 61 63 6b 3d 65 2c 74 68 69 73 2e 6d 61 74 63 68 4d 65 64 69 61 46 6f 72 44 61 72 6b 54 68 65 6d 65 3d 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 22 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 20 64 61 72 6b 29 22 29 2c 74 68 69 73 2e 68 61 6e 64 6c 65 54 68 65 6d 65 43 68 61 6e 67 65 3d 28 29 3d 3e 7b 74 68 69 73 2e 63 61 6c 6c 62 61 63 6b 28 21 21 74 68 69 73 2e 6d 61 74 63 68 4d 65 64 69 61 46 6f 72 44 61 72 6b 54 68 65 6d 65 2e 6d 61 74 63 68 65 73 29 7d 2c 74 68 69 73 2e 69 73 44 61 72 6b 54 68 65 6d 65 3d 21 21 74 68 69 73 2e 6d 61 74 63 68 4d 65 64 69 61 46 6f 72 44 61 72 6b 54 68 65 6d 65 2e 6d 61 74 63 68 65 73 2c 65 Data Ascii: class a{constructor(e){this.callback=e,this.matchMediaForDarkTheme=window.matchMedia("(prefers-color-scheme: dark)"),this.handleThemeChange=()=>{this.callback(!!this.matchMediaForDarkTheme.matches)},this.isDarkTheme=!!this.matchMediaForDarkTheme.matches,e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.16	49885	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:48 UTC	1114	OUT	GET /assets/js/nav-bar-1456f65b.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:49 UTC	1313	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:48 GMT Content-Type: text/javascript Content-Length: 22416 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858f690" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: 6MM/fAq5s0asjTN5.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170648Z-165795675766wv96mecap1swx400000003s000000000chg3 x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:49 UTC	15071	IN	Data Raw: 69 6d 70 6f 72 74 7b 69 20 61 73 20 78 2c 77 20 61 73 20 24 2c 79 20 61 73 20 6d 2c 7a 20 61 73 20 76 2c 72 20 61 73 20 6c 2c 64 20 61 73 20 6b 2c 45 20 61 73 20 53 2c 78 20 61 73 20 61 2c 6d 20 61 73 20 70 2c 42 20 61 73 20 64 2c 73 20 61 73 20 4c 2c 5f 20 61 73 20 69 2c 74 20 61 73 20 42 2c 61 20 61 73 20 4d 2c 4f 20 61 73 20 5f 2c 66 20 61 73 20 54 2c 76 20 61 73 20 63 2c 62 20 61 73 20 77 2c 54 20 61 73 20 4e 2c 6c 20 61 73 20 73 2c 4a 20 61 73 20 45 2c 6f 20 61 73 20 41 2c 67 20 61 73 20 52 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 63 20 61 73 20 43 7d 66 72 6f 6d 22 2e 2f 72 65 70 65 61 74 2d 63 64 38 39 38 33 64 66 2e 6a 73 22 3b 69 6d 70 6f 72 74 22 2e 2f 61 75 74 6f 2d 63 6f 6d 70 6c 65 Data Ascii: import{i as x,w as $,y as m,z as v,r as l,d as k,E as S,x as a,m as p,B as d,s as L,_ as i,t as B,a as M,O as _,f as T,v as c,b as w,T as N,l as s,J as E,o as A,g as R}from"./index-ba29222d.js";import{c as C}from"./repeat-cd8983df.js";import"./auto-comple
2024-08-30 17:06:49 UTC	7345	IN	Data Raw: 6f 4d 61 69 6e 22 29 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 6c 2d 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 60 7d 72 65 6e 64 65 72 52 69 67 68 74 45 6c 65 6d 65 6e 74 47 72 6f 75 70 69 6e 67 28 74 2c 65 29 7b 63 6f 6e 73 74 20 6f 3d 61 60 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 62 69 6c 65 2d 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 24 7b 65 7d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 7b 74 68 69 73 2e 72 65 6e 64 65 72 4d 6f 62 69 6c 65 53 65 61 72 63 68 42 75 74 74 6f 6e 28 65 29 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 75 74 6f 2d 63 6f 6d 70 6c 65 74 65 2d 61 70 70 2d 73 65 61 72 63 68 20 63 6c 61 73 Data Ascii: oMain")} </sl-button> `}renderRightElementGrouping(t,e){const o=a` <div class="mobile-button-container ${e}"> ${this.renderMobileSearchButton(e)} </div> <auto-complete-app-search clas

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.16	49886	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:49 UTC	1121	OUT	GET /assets/js/chunk.LHI6QEL2-5a70397d.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:49 UTC	1312	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:49 GMT Content-Type: text/javascript Content-Length: 1191 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a5a7" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: eA8rHcOUgk2TTpYj.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170649Z-16579567576mj4tc2xukwvxfxc00000003eg00000000ax5m x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:49 UTC	1191	IN	Data Raw: 69 6d 70 6f 72 74 7b 62 37 20 61 73 20 61 2c 52 20 61 73 20 75 7d 66 72 6f 6d 22 2e 2f 69 6e 64 65 78 2d 62 61 32 39 32 32 32 64 2e 6a 73 22 3b 76 61 72 20 73 3d 6e 65 77 20 4d 61 70 2c 66 3d 6e 65 77 20 57 65 61 6b 4d 61 70 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 72 65 74 75 72 6e 20 65 3f 3f 7b 6b 65 79 66 72 61 6d 65 73 3a 5b 5d 2c 6f 70 74 69 6f 6e 73 3a 7b 64 75 72 61 74 69 6f 6e 3a 30 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 22 72 74 6c 22 3f 7b 6b 65 79 66 72 61 6d 65 73 3a 65 2e 72 74 6c 4b 65 79 66 72 61 6d 65 73 7c 7c 65 2e 6b 65 79 66 72 61 6d 65 73 2c 6f 70 74 69 6f 6e 73 3a 65 2e 6f 70 74 69 6f 6e 73 7d 3a 65 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 Data Ascii: import{b7 as a,R as u}from"./index-ba29222d.js";var s=new Map,f=new WeakMap;function c(e){return e??{keyframes:[],options:{duration:0}}}function o(e,n){return n.toLowerCase()==="rtl"?{keyframes:e.rtlKeyframes\|\|e.keyframes,options:e.options}:e}function p(e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.16	49887	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:49 UTC	1123	OUT	GET /assets/js/collection-types-62834e09.js HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://apps.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:49 UTC	1219	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:49 GMT Content-Type: text/javascript Content-Length: 352 Connection: close Cache-Control: public,max-age=31536000,immutable ETag: "1daf27fa858a060" Last-Modified: Mon, 19 Aug 2024 21:35:06 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: f16nwMJnWE28YQ1J.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170649Z-16579567576pgh4h94c7qn0kuc00000003s0000000002814 x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-30 17:06:49 UTC	352	IN	Data Raw: 76 61 72 20 69 3b 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 6c 2e 57 69 64 65 3d 22 77 69 64 65 22 2c 6c 2e 57 69 64 65 44 65 74 61 69 6c 73 3d 22 77 69 64 65 2d 64 65 74 61 69 6c 73 22 2c 6c 2e 53 71 75 61 72 65 3d 22 73 71 75 61 72 65 22 2c 6c 2e 54 61 6c 6c 3d 22 74 61 6c 6c 22 2c 6c 2e 53 71 75 61 72 65 44 65 74 61 69 6c 73 3d 22 73 71 75 61 72 65 2d 64 65 74 61 69 6c 73 22 2c 6c 2e 52 61 6e 6b 65 64 3d 22 72 61 6e 6b 65 64 22 2c 6c 2e 4f 66 66 65 72 3d 22 6f 66 66 65 72 22 2c 6c 2e 54 72 65 6e 64 69 6e 67 3d 22 74 72 65 6e 64 69 6e 67 22 2c 6c 2e 54 61 6c 6c 54 69 6c 65 3d 22 74 61 6c 6c 2d 74 69 6c 65 22 2c 6c 2e 54 6f 70 4c 69 73 74 3d 22 74 6f 70 2d 6c 69 73 74 22 2c 6c 2e 43 6f 6c 6c 65 63 74 69 6f 6e 47 72 6f 75 70 3d 22 63 6f 6c 6c 65 63 74 69 6f Data Ascii: var i;(function(l){l.Wide="wide",l.WideDetails="wide-details",l.Square="square",l.Tall="tall",l.SquareDetails="square-details",l.Ranked="ranked",l.Offer="offer",l.Trending="trending",l.TallTile="tall-tile",l.TopList="top-list",l.CollectionGroup="collectio

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.16	49888	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:50 UTC	640	OUT	GET /s/0.7.45/clarity-extended.js HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: CLID=d17e19c37ee1460088b3ee518035e409.20240830.20250830
2024-08-30 17:06:50 UTC	619	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:50 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 65196 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Wed, 28 Aug 2024 19:57:43 GMT ETag: "0x8DCC79BAE16AF80" x-ms-request-id: f7b93af7-901e-007b-370b-fa6c47000000 x-ms-version: 2018-03-28 Access-Control-Allow-Origin: * x-azure-ref: 20240830T170650Z-16579567576kv75wmks9m65qec00000003w0000000008zkm Cache-Control: public, max-age=86400 x-fd-int-roxy-purgeid: 51562430 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:50 UTC	15765	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 71 75 65 75 65 28 29 7b 72 65 74 75 72 6e 20 73 72 7d 2c 67 65 74 20 73 74 61 72 74 28 29 7b 72 65 74 75 72 6e 20 63 72 7d 2c 67 65 74 20 73 74 6f 70 28 29 7b 72 65 74 75 72 6e 20 6c 72 7d 2c 67 65 74 20 74 72 61 63 6b 28 29 7b 72 65 74 75 72 6e 20 61 72 7d 7d 29 2c 65 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 63 6c 6f 6e 65 28 29 7b 72 65 74 75 72 6e 20 43 72 7d 2c 67 65 74 20 63 6f 6d 70 75 74 65 28 29 7b 72 65 74 75 72 6e 20 44 72 7d 2c 67 65 74 20 64 61 74 61 28 29 7b 72 65 74 75 72 6e 20 45 72 7d Data Ascii: !function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return sr},get start(){return cr},get stop(){return lr},get track(){return ar}}),e=Object.freeze({__proto__:null,get clone(){return Cr},get compute(){return Dr},get data(){return Er}
2024-08-30 17:06:50 UTC	16384	IN	Data Raw: 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 61 3d 65 2e 64 61 74 61 2c 72 3d 65 2e 6d 65 74 61 64 61 74 61 2c 69 3d 72 2e 70 72 69 76 61 63 79 2c 6f 3d 61 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 7b 7d 2c 75 3d 61 2e 74 61 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 73 77 69 74 63 68 28 21 30 29 7b 63 61 73 65 20 50 74 2e 69 6e 64 65 78 4f 66 28 75 29 3e 3d 30 3a 76 61 72 20 63 3d 6f 2e 74 79 70 65 2c 73 3d 22 22 2c 6c 3d 5b 22 63 6c 61 73 73 22 2c 22 73 74 79 6c 65 22 5d 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6f 29 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 21 6c 2e 69 6e 63 6c 75 64 65 73 28 74 29 7d 29 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 73 2b 3d 6f Data Ascii: nction(t,e,n){var a=e.data,r=e.metadata,i=r.privacy,o=a.attributes\|\|{},u=a.tag.toUpperCase();switch(!0){case Pt.indexOf(u)>=0:var c=o.type,s="",l=["class","style"];Object.keys(o).filter((function(t){return!l.includes(t)})).forEach((function(t){return s+=o
2024-08-30 17:06:50 UTC	16384	IN	Data Raw: 29 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 74 29 7b 63 61 73 65 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 6f 75 6e 64 28 74 2a 65 29 3b 63 61 73 65 22 73 74 72 69 6e 67 22 3a 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 6f 75 6e 64 28 70 61 72 73 65 46 6c 6f 61 74 28 74 2e 72 65 70 6c 61 63 65 28 47 6e 2c 22 22 29 29 2a 65 29 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 76 61 72 20 51 6e 3d 5b 22 74 69 74 6c 65 22 2c 22 61 6c 74 22 2c 22 6f 6e 6c 6f 61 64 22 2c 22 6f 6e 66 6f 63 75 73 22 2c 22 6f 6e 65 72 72 6f 72 22 2c 22 64 61 74 61 2d 64 72 75 70 61 6c 2d 66 6f 72 6d 2d 73 75 62 6d 69 74 2d 6c 61 73 74 22 2c 22 61 72 69 61 2d 6c 61 62 65 6c 22 5d 2c 24 6e 3d 2f 5b 5c 72 5c 6e 5d 2b 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 74 61 28 74 2c 65 2c Data Ascii: )switch(typeof t){case"number":return Math.round(te);case"string":return Math.round(parseFloat(t.replace(Gn,""))e)}return null}var Qn=["title","alt","onload","onfocus","onerror","data-drupal-form-submit-last","aria-label"],$n=/[\r\n]+/g;function ta(t,e,
2024-08-30 17:06:50 UTC	16384	IN	Data Raw: 2c 73 74 61 63 6b 3a 72 2c 73 65 76 65 72 69 74 79 3a 65 7d 2c 74 20 69 6e 20 77 72 3f 77 72 5b 74 5d 2e 70 75 73 68 28 69 29 3a 77 72 5b 74 5d 3d 5b 69 5d 2c 79 72 28 33 33 29 29 7d 76 61 72 20 53 72 2c 45 72 3d 7b 7d 2c 4f 72 3d 6e 65 77 20 53 65 74 2c 4e 72 3d 7b 7d 2c 54 72 3d 7b 7d 2c 4d 72 3d 7b 7d 2c 78 72 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 72 28 29 7b 6a 72 28 29 7d 66 75 6e 63 74 69 6f 6e 20 49 72 28 74 29 7b 74 72 79 7b 76 61 72 20 65 3d 74 26 26 74 2e 6c 65 6e 67 74 68 3e 30 3f 74 2e 73 70 6c 69 74 28 2f 20 28 2e 2a 29 2f 29 3a 5b 22 22 5d 2c 6e 3d 65 5b 30 5d 2e 73 70 6c 69 74 28 2f 5c 7c 28 2e 2a 29 2f 29 2c 61 3d 70 61 72 73 65 49 6e 74 28 6e 5b 30 5d 29 2c 72 3d 6e 2e 6c 65 6e 67 74 68 3e 31 3f 6e 5b 31 5d 3a 22 22 2c 69 3d 65 2e 6c Data Ascii: ,stack:r,severity:e},t in wr?wr[t].push(i):wr[t]=[i],yr(33))}var Sr,Er={},Or=new Set,Nr={},Tr={},Mr={},xr={};function _r(){jr()}function Ir(t){try{var e=t&&t.length>0?t.split(/ (.)/):[""],n=e[0].split(/\\|(.)/),a=parseInt(n[0]),r=n.length>1?n[1]:"",i=e.l
2024-08-30 17:06:50 UTC	279	IN	Data Raw: 5b 72 6f 5d 26 26 61 6f 5b 72 6f 5d 2e 76 29 72 65 74 75 72 6e 20 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 45 72 72 6f 72 20 43 4c 30 30 31 3a 20 4d 75 6c 74 69 70 6c 65 20 43 6c 61 72 69 74 79 20 74 61 67 73 20 64 65 74 65 63 74 65 64 2e 22 29 3b 76 61 72 20 74 3d 61 6f 5b 72 6f 5d 26 26 61 6f 5b 72 6f 5d 2e 71 7c 7c 5b 5d 3b 66 6f 72 28 61 6f 5b 72 6f 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 6e 3d 31 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 65 5b 6e 2d 31 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 6e 5d 3b 72 65 74 75 72 6e 20 6e 6f 5b 74 5d 2e 61 70 70 6c 79 28 6e 6f 2c 65 29 7d 2c 61 6f 5b 72 6f 5d 2e 76 3d 6c 3b 74 2e 6c 65 6e 67 74 68 3e 30 3b 29 61 6f 5b 72 6f 5d 2e 61 70 70 6c 79 28 Data Ascii: [ro]&&ao[ro].v)return console.warn("Error CL001: Multiple Clarity tags detected.");var t=ao[ro]&&ao[ro].q\|\|[];for(ao[ro]=function(t){for(var e=[],n=1;n<arguments.length;n++)e[n-1]=arguments[n];return no[t].apply(no,e)},ao[ro].v=l;t.length>0;)ao[ro].apply(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.16	49891	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:50 UTC	722	OUT	GET /image/apps.8453.13655054093851568.4a371b72-2ce8-4bdb-9d83-be49894d3fa0.7f3687b9-847d-4f86-bb5c-c73259e2b38e?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:50 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Thu, 25 Jan 2024 15:01:40 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4REMxREI2ODk1REJCODU" MS-CV: tqKjRJnG5U2Lsqeb.0 Access-Control-Expose-Headers: MS-CV Content-Length: 3031 Date: Fri, 30 Aug 2024 17:06:50 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:50 UTC	3031	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0b 6c 49 44 41 54 78 5e ed 9c 79 70 5d 55 1d c7 fb b7 7f a1 14 da 02 2d 08 6d 10 41 dc 70 77 dc 66 5c b0 2e 48 55 a4 b4 85 22 89 54 4b 41 11 b0 28 42 6b 15 6b 17 40 76 90 16 10 a7 3a 5a 28 58 8b 94 2a 32 8a 30 52 68 f6 66 4f 9b 66 69 92 57 b3 35 4b b3 1d 7f 9f 73 ef 23 37 27 e7 26 77 7b 29 33 de 1f f3 9d c7 bb ef ac df 7b ce 6f 3b 27 9d b1 a0 38 bf 7a 41 e5 8a cc fc e2 82 14 3e 58 50 b1 22 93 57 92 5f 33 43 be 74 9f 5d bf 52 e5 55 ae 48 e1 83 b3 eb 56 aa 05 25 05 3d 90 95 e1 81 7c 49 e1 83 bc 0a f8 c9 3f Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYs~lIDATx^yp]U-mApwf\.HU"TKA(Bkk@v:Z(X*20RhfOfiW5Ks#7'&w{)3{o;'8zA>XP"W_3Ct]RUHV%=\|I?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.16	49889	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:50 UTC	1279	OUT	GET /assets/icons/download-psi.svg HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" traceparent: 00-b3e13c429bf74708be9190328c1fd52b-dd2dc3aae25742db-01 request-id: \|b3e13c429bf74708be9190328c1fd52b.dd2dc3aae25742db sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=US Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:50 UTC	1293	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:50 GMT Content-Type: image/svg+xml Content-Length: 1698 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=2592000 ETag: "1daf27f12247da2" Last-Modified: Mon, 19 Aug 2024 21:30:54 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: GyDYrgcWPk6IDXD6.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170650Z-16579567576qxwrndb60my3nes00000003hg00000000uytv x-fd-int-roxy-purgeid: 66820184 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-30 17:06:50 UTC	1698	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 34 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 34 20 31 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0d 0a 3c 70 61 74 68 20 64 3d 22 4d 31 32 2e 37 36 20 31 33 2e 33 39 39 39 48 31 2e 32 34 43 31 2e 30 30 31 33 20 31 33 2e 33 39 39 39 20 30 2e 37 37 32 33 38 33 20 31 33 2e 34 39 34 38 20 30 2e 36 30 33 36 20 31 33 2e 36 36 33 36 43 30 2e 34 33 34 38 31 38 20 31 33 2e 38 33 32 33 20 30 2e 33 33 39 39 39 36 20 31 34 2e 30 36 31 33 20 30 2e 33 33 39 39 39 36 20 31 34 2e 32 39 39 39 43 30 2e 33 33 39 39 39 36 20 31 34 2e 35 33 38 36 20 30 2e 34 33 34 38 31 38 20 31 34 2e 37 36 Data Ascii: <svg width="14" height="16" viewBox="0 0 14 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M12.76 13.3999H1.24C1.0013 13.3999 0.772383 13.4948 0.6036 13.6636C0.434818 13.8323 0.339996 14.0613 0.339996 14.2999C0.339996 14.5386 0.434818 14.76

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.16	49892	40.126.24.84	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:50 UTC	1305	OUT	GET /consumers/oauth2/v2.0/authorize?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read%20offline_access%20openid%20profile&redirect_uri=https%3A%2F%2Fapps.microsoft.com%2F&client-request-id=0191a440-ffb4-7fd7-8182-8d57de1cdfd3&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.18.0&client_info=1&code_challenge=-orWUC_L9xsS7eYspw2pjVAM1rQW6ZMjMhHbe_4U_aM&code_challenge_method=S256&prompt=none&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:50 UTC	2003	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://login.live.com/oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&prompt=none&code_challenge=7FOjGIcI9_3UpJr9PTrahlZhI82GCQQ26C8UG6mV_Lo&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=0191a440ffb47fd781828d57de1cdfd3&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAAApTwJmzXqdR4BN2miheQMYaUYLua5HApSJgOA3v203QMS5RWG0eDtIKt1wc826y737UuAYNMllZodKIirWf7EZnJYFoNm_OVPgN0e4DWBjspf4eb1X8COPF89sAe3U05vAeqYgXqiicodVGdgqt-76eH6XObx1JWCI0lbqBGTm6YQj20ovjggjunIhuslv4YBUtaqsue4bNz_40z7HuuCUdQ-wd8Yo6Iz3a0hPjkOoSiAA&jshs=0# Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: fac79909-9352-4747-a822-cdc1fa821f01 x-ms-ests-server: 2.1.18794.6 - SCUS ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin X-XSS-Protection: 0 Set-Cookie: fpc=AobgVt9ht2lIjJp9wUimeug; expires=Sun, 29-Sep-2024 17:06:50 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Fri, 30 Aug 2024 17:06:50 GMT Connection: close Content-Length: 1096
2024-08-30 17:06:50 UTC	1096	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 39 32 39 64 39 37 33 61 2d 61 30 38 66 2d 34 36 61 30 2d 38 30 62 35 2d 33 63 36 39 30 65 65 31 65 65 35 66 26 61 6d 70 3b 73 63 6f 70 65 3d 55 73 65 72 2e 52 65 61 64 2b 6f 66 66 6c 69 6e 65 5f 61 63 63 65 73 73 2b 6f 70 65 6e 69 64 2b 70 72 6f 66 69 6c 65 26 61 6d 70 3b 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 61 25 32 66 25 32 Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.16	49893	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:51 UTC	722	OUT	GET /image/apps.56161.9007199266246365.1d5a6a53-3c49-4f80-95d7-78d76b0e05d0.a3e87fea-e03e-4c0a-8f26-9ecef205fa7b?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:51 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Thu, 08 Oct 2020 21:09:44 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4RDg2QkNFN0FEQUYyOEU" MS-CV: UBQ2qAKZsEWRiKbR.0 Access-Control-Expose-Headers: MS-CV Content-Length: 1903 Date: Fri, 30 Aug 2024 17:06:51 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:51 UTC	1903	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 07 04 49 44 41 54 78 5e ed 9c 69 6c 54 55 14 c7 67 ba 00 65 b1 d0 b2 94 20 88 6c 4a 10 82 46 16 4b 58 ca 56 f6 35 02 0a 11 15 91 28 c8 52 84 82 e2 86 e0 c2 07 bf 10 13 45 14 02 a8 68 40 76 81 80 2c 2d 8b 04 50 11 89 91 52 63 61 96 ce d2 d9 da d9 99 39 9e 73 de 2b ed 94 99 d7 b9 54 63 62 ee 2f b9 a1 f3 bf 77 ee 7b ef f7 ee bb f7 be f9 80 2e 1a 8d 96 60 b1 cb 52 6f b9 41 b2 3c 20 a9 17 f4 54 49 b2 ec ea 67 89 06 e8 a9 42 ca 4a 12 29 4b 00 29 4b 00 29 4b 00 29 4b 00 29 4b 00 29 4b 00 29 4b 00 29 4b 00 29 4b Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYsodIDATx^ilTUge lJFKXV5(REh@v,-PRca9s+Tcb/w{.`RoA< TIgBJ)K)K)K)K)K)K)K)K)K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.16	49894	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:51 UTC	723	OUT	GET /image/apps.25776.14473651905739879.c2c2c20a-48ca-4b7a-a0c5-392cddcd557e.dbe766f0-50a3-4270-957c-d06415f86f39?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:51 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Wed, 05 Apr 2017 17:39:16 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4RDQ3QzRBQUU1MkRBNzQ" MS-CV: oJycOGZ8TUm8f0Lt.0 Access-Control-Expose-Headers: MS-CV Content-Length: 2541 Date: Fri, 30 Aug 2024 17:06:51 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:51 UTC	2541	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 09 82 49 44 41 54 78 5e ed 5a 7d 6c 1b 67 1d 4e 05 62 d3 ba d2 6d 08 69 1a 13 4c f0 cf a4 55 43 80 56 d8 86 06 d2 b4 4d 42 1a 43 1a a2 7c 4e 8c a9 45 13 1b d5 56 84 10 9d 56 40 43 6d 29 6d 37 d8 aa 42 bb 0c d2 6d 5d 9a 95 7e 97 36 49 63 e7 cb 4d eb 24 4e 1c db 71 12 7f 9f 3f cf 3e db 67 9f ef fc 91 f4 e5 f9 5d de b4 6e ea d2 74 e9 da b8 bd 47 7e 62 c7 f7 be 77 ef ef f1 ef f7 dc ef b5 dc 60 c0 80 01 03 06 0c 18 30 60 c0 80 01 03 06 0c 18 30 60 c0 80 01 03 75 8d 2d 56 e5 ce 65 4d b1 5b f8 bf 06 66 e3 e1 f7 Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYsodIDATx^Z}lgNbmiLUCVMBC\|NEVV@Cm)m7Bm]~6IcM$Nq?>g]ntG~bw`0`0`u-VeM[f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.16	49896	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:51 UTC	723	OUT	GET /image/apps.10546.13571498826857201.6603a5e2-631f-4f29-9b08-f96589723808.dc893fe0-ecbc-4846-9ac6-b13886604095?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:51 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Wed, 16 Nov 2022 11:27:12 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4REFDN0M1ODFBNjVCNkM" MS-CV: i0zdgRZsEk+KUvnI.0 Access-Control-Expose-Headers: MS-CV Content-Length: 2901 Date: Fri, 30 Aug 2024 17:06:51 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:51 UTC	2901	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c2 00 00 0e c2 01 15 28 4a 80 00 00 0a ea 49 44 41 54 78 5e ed 9c 79 90 14 f5 15 c7 fd 53 17 13 88 09 c4 23 46 d1 44 cb 9c a5 49 e5 3e 2a 95 b2 12 53 49 09 cb 15 40 11 11 08 62 04 35 82 28 06 4b d4 55 89 1a f1 20 11 23 72 05 13 8d 12 92 98 8a 26 1c 8a 47 82 89 0a bb b3 17 7b 2f 7b 2f 7b b0 b3 17 bb 33 2f ef f3 9b 6e d3 8c bd 33 d3 33 3d b3 9b aa fe 52 af 9a 9e ee fe f5 eb 6f bf eb f7 7e 0d 27 45 a3 d1 90 4a ab 4a 73 20 23 0a fc 14 9f 14 89 44 ba 24 40 52 28 59 dd 90 d5 62 ed 07 48 00 ac 2b 20 2b 45 04 64 79 40 40 96 07 04 64 79 40 40 96 07 Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYs(JIDATx^yS#FDI>*SI@b5(KU #r&G{/{/{3/n33=Ro~'EJJs #D$@R(YbH+ +Edy@@dy@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.16	49895	40.126.24.82	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:51 UTC	4275	OUT	GET /oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=0191a440-ffc3-7eb8-a425-a4a6d555c684&prompt=none&code_challenge=7FOjGIcI9_3UpJr9PTrahlZhI82GCQQ26C8UG6mV_Lo&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=0191a440ffb47fd781828d57de1cdfd3&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAAApTwJmzXqdR4BN2miheQMYaUYLua5HApSJgOA3v203QMS5RWG0eDtIKt1wc826y737UuAYNMllZodKIirWf7EZnJYFoNm_OVPgN0e4DWBjspf4eb1X8COPF89sAe3U05vAeqYgXqiicodVGdgqt-76eH6XObx1JWCI0lbqBGTm6YQj20ovjggjunIhuslv4YBUtaqsue4bNz_40z7HuuCUdQ-wd8Yo6Iz3a0hPjkOoSiAA&jshs=0 HTTP/1.1 Host: login.live.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: DIDC=ct%3D1725037610%26hashalg%3DSHA256%26bver%3D24%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C538_BL2.0.D.CljBpfSA/pc2r4wNwU7ONRRLiFVuKQNpoiFdf/hDEmKBewo37GmSZ8l/JnKgULOS0aJpLF8eddzSBITEYej0/0Z3rrnLbNNm2IbTgDE5GPm/DfTtL2efF8P9ZKelg8RRfCj/FxqtWt7gMagFvQbAaxZXqW3LVURm/TQJgEw0mflZs7lcdEajgoAcaiBYgGH436gmntDAsgX4utEI/cj8zvkUhqi8syR5mPi14DTtJKPXSvtXymcdUQ98iiMjQCqBqNjLEBcpiHgHCk%252BZ%252BFJ7AuVPGHmURWeeDm2yk%252BKbVBmv9K3SsnLobEbIz/s4Dq/oOw7U6AJm/0ljQNewhz5DuwpVYMeGpFPwVWBm436XXKTIO1gUNN7re5QlA84 [TRUNCATED]
2024-08-30 17:06:51 UTC	2306	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: Fri, 30 Aug 2024 17:05:51 GMT Location: https://apps.microsoft.com/#error=login_required&error_description=Silent+authentication+was+denied.+The+user+must+first+sign+in+and+if+needed+grant+the+client+application+access+to+the+scope+'User.Read+offline_access+openid+profile'.&state=eyJpZCI6IjAxOTFhNDQwLWZmYjQtNzhjZC05YTkyLTNhYjMwYjNhYjU3MCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" X-WLID-Error: 0x8004100C Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C550_BAY x-ms-request-id: 20f4dfd2-249c-4664-81fc-a084e3d1a1eb PPServer: PPV: 30 H: PH1PEPF00011F8E V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Set-Cookie: MSPRequ=id=N&lt=1725037611&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: uaid=0191a440ffb47fd781828d57de1cdfd3; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: OParams=11O.DjkD7EJiBkLwHQ7kAZ94ZMS7uLNnWh!TB5fKEjsrXWw5s0RlLcO3YvuuTvtYOpxyIEUbKTrwzTCd04Mf7nTMYFVc34hXBdXXJZdTeouN9IUl!lsqn03MIShMvEpQwwB2VwzUm2tXPlcGWxgImpZ9tOa4FXRCYhyZ0ChezjYbka4HjIWVFVCoAtWocg!btzziXWuPExMVB25g!4oYHQBh31eqkqpngSjgGE59TQdYdPH5IhOHY9XhWoekZH2INsvgD4mw8k8Fdi0kD7PEw6IhTIxKvd!bdmqKWHLSjg4ZAj77Nf6uHVmchUQDLDxm9azA9g!BoQVcOezBx4vWxkaWlgrqW4wrZsjfHMjsreeeMbCGkMnvKXlA16kWB4OHo47XFVK2FZ5hIl9LwXh2wW2ns6v1SOFq65b6zQ5P7L9BFnRKQmPbxpBUmUIkCStp2etI!tNJUBGk3nOEnKzPFHugRTOV0y3Bb7tH14mKqvkPD!ha3pTnXQF5QY3RHW!F2IDpFKYyTbNXaqckODSe7!67wlTV5hhlWrmESQ1pSsfZy8kK3waeWapQjEcdgpdnnLxT87LwWzkMvCzjKIqXhMLQsokETok2JfoYS949w3vk8h1jY62NjeXWNfhOB97iB5VJhsboyOyNDDkmX5q17O4KJhhFYVhV0oopbcUloZGwFAUZCmHUpqqMmlJFaCzzyt5PyahFh6JHxKfF!VLCaUFwrOpcuRSKRV6trM!Xw5bSqsfcyQuimBLt!uwp7ZPgJZM923uVct8dpvOGZ1f7mVl9O6Z1zZI9YUggqndQgBajTRl3!SDkMdl09Sk2EUUDSuUYP0HJ6kiAsfuH6Lbg4L9dliwiI747S6RxBiiQPMMtn7tFJbmjM1jgQ95dbU0zbYjgLDLFR97Mvzz8s81cfUGCByBTxOh0gdjI0zFQfzHPIhh2kUxifafuExdOhUlVNa7xf6PfB0xzvFCeR3wtM11CTc1DLB [TRUNCATED] Date: Fri, 30 Aug 2024 17:06:51 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.16	49899	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	723	OUT	GET /image/apps.54470.14618985536919905.3e754390-a812-43d7-87fc-335159cd867b.ec54d0b7-04d6-4255-8ece-582db2dd0885?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:52 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Fri, 17 Mar 2023 21:57:40 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4REIyNzMyQTBBRDU2QjY" MS-CV: +Kmy8ShuWkqO/FOl.0 Access-Control-Expose-Headers: MS-CV Content-Length: 5021 Date: Fri, 30 Aug 2024 17:06:52 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:52 UTC	5021	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 12 73 00 00 12 73 01 8c 22 b9 07 00 00 13 32 49 44 41 54 78 5e ed 5c 67 94 95 d5 b9 3e bd 9f 99 d3 db 0c 03 28 88 28 82 a0 c0 80 52 6c 28 08 c6 28 28 4a 51 14 44 11 10 50 c4 8b 5d 51 51 69 8a a0 80 41 14 7b 8b c9 b2 ac 94 1b 5b bc 37 26 d7 b2 6e 62 96 e5 62 62 88 c6 86 31 8a 0d 19 de fb 3c ef 3e df 99 c3 e1 0c 33 87 36 98 35 3f 1e cf 7c bb be fb d9 6f db fb fb d0 96 5d b5 e5 95 dc 4f 1a fe 91 5d d1 f0 f7 36 94 87 f2 b3 b2 e1 35 1b fe f3 49 ed 3d 22 35 3f 69 43 53 20 3f e0 69 83 8d cc b1 20 77 47 1b 9a 02 f9 c9 ae dc f2 7e 1b 59 2d 40 1b 59 15 Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYsss"2IDATx^\g>((Rl(((JQDP]QQiA{[7&nbbb1<>365?\|o]O]65I="5?iCS ?i wG~Y-@Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.16	49897	20.42.73.24	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	708	OUT	OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1 Host: browser.events.data.microsoft.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time Origin: https://apps.microsoft.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:52 UTC	607	IN	HTTP/1.1 200 OK Cache-Control: public, 3600 Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody Access-Control-Max-Age: 3600 Access-Control-Allow-Origin: https://apps.microsoft.com Date: Fri, 30 Aug 2024 17:06:51 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.16	49900	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	722	OUT	GET /image/apps.4211.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.462d07a1-732f-40d7-acd3-370f7b96ba1a?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:52 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Fri, 04 Jun 2021 08:47:08 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4RDkyNzM1NTY4OTAxOTA" MS-CV: HOK8aQ4gN0CMvcUs.0 Access-Control-Expose-Headers: MS-CV Content-Length: 2746 Date: Fri, 30 Aug 2024 17:06:52 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:52 UTC	2746	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c2 00 00 0e c2 01 15 28 4a 80 00 00 0a 4f 49 44 41 54 78 5e ed 9c 0b 50 54 d7 19 c7 97 37 01 14 44 76 81 85 05 16 04 44 7c a2 89 36 be 15 c4 37 3e 12 8b 46 93 d1 ea 34 cd a3 89 9a 99 c4 47 34 ed f4 11 d1 8e d3 b4 69 5a 6b da d4 89 8d 19 53 9b a8 31 d5 24 9a 34 36 d5 b6 c4 2a 6a 34 08 5a 8d 91 0e 3e 40 9e 0b cb fd f7 fb 96 25 22 7b 60 ef bd bb 77 59 d2 fd cf fc 66 45 ee 39 f7 9e ff 9c 7b ce 77 ce f9 16 9d 4f 3e f9 e4 93 4f 3e 69 a1 30 22 95 18 47 14 12 4f 10 6b 89 0d f6 4f fe 99 ff 9f 7f 9f 46 84 13 ff 37 ba 87 e0 86 af 23 de 26 4a 89 1a a2 Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYs(JOIDATx^PT7DvD\|67>F4G4iZkS1$46*j4Z>@%"{`wYfE9{wO>O>i0"GOkOF7#&J

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.16	49898	20.114.189.70	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	629	OUT	POST /collect HTTP/1.1 Host: t.clarity.ms Connection: keep-alive Content-Length: 512 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/x-clarity-gzip sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Origin: https://apps.microsoft.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:52 UTC	512	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a 7d 52 6b 6b db 30 14 fd 2b 42 1f 46 0b 9a ad 97 25 a7 a5 8c 2e 94 6e f4 f1 25 2d 65 84 10 1c 4b b6 45 1c db b5 9d 25 dd d8 7e 7b ef 6d d3 75 ec c3 30 98 7b 8e ee e3 1c e9 fe a4 9e 9e cc 29 8f 6c a4 13 ca 04 e3 cc 9a 09 a3 a1 79 ca ca d6 f2 ae a1 8c 8a ad 19 07 fe 08 51 59 3d 4e 2a 47 99 84 3c be 60 34 83 e2 79 ca d2 57 38 57 09 13 e2 3d 96 29 a3 55 70 ce 37 f4 40 68 46 2f f6 dd b4 6d 46 bf 1f 67 7e 44 1e e7 29 38 58 6e fd f8 3d 40 f3 39 55 69 91 14 46 72 63 0a 29 84 2f 56 ce f2 3c 51 32 59 39 a9 bc e3 50 46 a7 cb af 33 cc 4d e9 e2 d0 04 27 cf e9 4d fb 23 d4 75 16 27 11 27 47 0f a1 71 ed 6e 20 b7 77 44 f0 88 9f 12 20 8c 3e 25 7b a3 8f c9 79 d7 d5 fe c1 af ae c2 18 27 ca 46 ca 90 a3 ab 2f 77 37 d7 8c d4 61 ed c9 a5 cf d7 ed 31 Data Ascii: }Rkk0+BF%.n%-eKE%~{mu0{)lyQY=N*G<`4yW8W=)Up7@hF/mFg~D)8Xn=@9UiFrc)/V<Q2Y9PF3M'M#u''Gqn wD >%{y'F/w7a1
2024-08-30 17:06:52 UTC	277	IN	HTTP/1.1 204 No Content Server: nginx Date: Fri, 30 Aug 2024 17:06:52 GMT Connection: close Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://apps.microsoft.com Vary: Origin Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.16	49903	4.152.133.8	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	607	OUT	POST /api/browser/edge/navigate/3 HTTP/1.1 Host: nav-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1951 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiajVwV2puM29mNlJZd2tWOGc2QkNVUT09IiwgImhhc2giOiI5OUMvVCtIZU50OD0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:52 UTC	1951	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:52 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:52 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1273 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:7b18f7b7-44a8-4212-9aac-12b29c628ff9
2024-08-30 17:06:52 UTC	1273	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 61 70 70 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 78 74 22 3a 22 31 3b 63 35 66 61 61 64 35 39 2d 61 32 65 33 2d 33 31 66 32 2d 62 38 36 65 2d 61 61 66 39 35 38 65 31 32 38 32 34 3b 50 48 53 48 3a 30 30 35 3b 37 45 2d 30 35 22 2c 22 72 65 73 70 6f 6e 73 65 43 61 74 65 67 6f 72 79 22 3a 22 41 6c 6c 6f 77 65 64 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 24 74 79 70 65 22 3a 22 61 6c 6c 6f 77 22 7d 7d 5d 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 78 74 22 3a 22 31 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"apps.microsoft.com","inheritance":"none"},"maxAge":100800000000,"serverContext":"1;c5faad59-a2e3-31f2-b86e-aaf958e12824;PHSH:005;7E-05","responseCategory":"Allowed","result":{"$type":"allow"}}],"serverContext":"1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.16	49902	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	1241	OUT	GET / HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:52 UTC	1045	IN	HTTP/1.1 302 Found Date: Fri, 30 Aug 2024 17:06:52 GMT Content-Length: 0 Connection: close Cache-Control: no-cache Location: /?hl=en-gb&gl=US Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: 2V9eikHBK0GNDgft.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170652Z-16579567576kv75wmks9m65qec00000003r000000000vd22 X-Cache: CONFIG_NOCACHE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.16	49905	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	723	OUT	GET /image/apps.62962.14205055896346606.c235e3d6-fbce-45bb-9051-4be6c2ecba8f.28d7c3cb-0c64-40dc-9f24-53326f80a6dd?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:52 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Mon, 05 Dec 2022 21:59:43 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4REFENzBDMDQzRDg4NTY" MS-CV: 0M5crscKLkWyfhrR.0 Access-Control-Expose-Headers: MS-CV Content-Length: 4491 Date: Fri, 30 Aug 2024 17:06:52 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:52 UTC	4491	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 11 20 49 44 41 54 78 5e ed 5b f9 93 55 c7 75 7e ff 43 54 ce 0f 89 9d c4 ec 8b 00 b1 c3 0c 33 30 fb 0c c3 00 b3 c3 0c ab 58 84 01 81 98 19 64 c9 b6 90 a2 24 96 1c 2b 52 52 89 25 16 29 89 2d 6b 97 63 57 2a 76 d9 ae 58 b6 21 56 1c 45 b1 91 cb 4e 2a a0 58 96 40 01 fc 88 e5 78 91 e6 6e 27 df d7 b7 fb d1 af b9 f7 bd fb 1e 12 25 4c ba ea ab 3e 7d fa 9c ee 73 be db 7d bb ef 63 c8 55 52 7e 31 70 c7 07 fc e1 91 ce 60 78 f4 2e 7f 78 f4 c9 60 78 e4 5b fe d0 c8 49 6f 68 e4 14 70 c6 1b 3a 70 ce 1f 1a bd 00 39 ef 0d 8d Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYsod IDATx^[Uu~CT30Xd$+RR%)-kcWvX!VENX@xn'%L>}s}cUR~1p`x.x`x[Iohp:p9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.16	49904	20.42.73.24	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	1346	OUT	POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1 Host: browser.events.data.microsoft.com Connection: keep-alive Content-Length: 809 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" upload-time: 1725037610541 sec-ch-ua-mobile: ?0 client-version: 1DS-Web-JS-3.2.14 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 time-delta-to-apply-millis: use-collector-delta content-type: application/x-json-stream cache-control: no-cache, no-store apikey: be61a02d4c674edfb65d61bd30fb65d5-ee4b86c1-d9a7-4f97-8d4b-124dd301b180-7729 Client-Id: NO_AUTH sec-ch-ua-platform: "Windows" Accept: / Origin: https://apps.microsoft.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:52 UTC	809	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 30 38 2d 33 30 54 31 37 3a 30 36 3a 34 38 2e 38 38 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 62 65 36 31 61 30 32 64 34 63 36 37 34 65 64 66 62 36 35 64 36 31 62 64 33 30 66 62 36 35 64 35 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 31 34 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 30 37 39 36 61 64 63 66 2d 38 35 32 65 2d 34 61 30 64 2d 61 33 61 30 2d 63 32 33 30 65 66 35 33 37 39 63 63 22 2c 22 65 70 6f 63 68 22 3a 22 31 31 32 31 35 34 39 37 38 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 Data Ascii: {"name":"Ms.Web.PageView","time":"2024-08-30T17:06:48.881Z","ver":"4.0","iKey":"o:be61a02d4c674edfb65d61bd30fb65d5","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.14","seq":1,"installId":"0796adcf-852e-4a0d-a3a0-c230ef5379cc","epoch":"1121549785"},"app":{"locale":"e
2024-08-30 17:06:52 UTC	461	IN	HTTP/1.1 200 OK Content-Length: 153 Content-Type: application/json Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 time-delta-millis: 2340 Access-Control-Allow-Headers: time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://apps.microsoft.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 30 Aug 2024 17:06:52 GMT Connection: close
2024-08-30 17:06:52 UTC	153	IN	Data Raw: 7b 22 61 63 63 22 3a 31 2c 22 77 65 62 52 65 73 75 6c 74 22 3a 7b 22 6d 73 66 70 63 22 3a 22 47 55 49 44 3d 38 30 36 36 39 33 33 38 31 37 63 31 34 64 64 34 62 39 35 65 63 30 66 31 34 61 65 32 66 35 32 65 26 48 41 53 48 3d 38 30 36 36 26 4c 56 3d 32 30 32 34 30 38 26 56 3d 34 26 4c 55 3d 31 37 32 35 30 33 37 36 30 31 31 30 37 22 2c 22 6d 63 31 22 3a 22 38 30 36 36 39 33 33 38 31 37 63 31 34 64 64 34 62 39 35 65 63 30 66 31 34 61 65 32 66 35 32 65 22 7d 7d Data Ascii: {"acc":1,"webResult":{"msfpc":"GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107","mc1":"8066933817c14dd4b95ec0f14ae2f52e"}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.16	49906	23.52.160.9	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:52 UTC	810	OUT	GET /image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source&w=75 HTTP/1.1 Host: images-eds-ssl.xboxlive.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:53 UTC	327	IN	HTTP/1.1 200 OK MS-CV: Z5cnPXD3w0yKPiXl.0 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: MS-CV Content-Type: image/png Last-Modified: Wed, 03 Nov 2021 21:30:43 GMT Accept-Ranges: none Content-Length: 2323 Cache-Control: private, max-age=1480845 Date: Fri, 30 Aug 2024 17:06:52 GMT Connection: close
2024-08-30 17:06:53 UTC	2323	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 08 a8 49 44 41 54 78 5e ed 9a 6b 6c 14 55 14 c7 cf cc ec 8b b6 bc 5a ca 5b 9e e5 fd 96 57 79 83 02 22 a0 42 44 25 11 f4 03 81 2f 7e 30 c4 18 03 4a c0 88 12 4d 34 46 3f a8 51 82 06 88 1f c4 4f 68 00 f1 01 08 08 04 7c 00 f2 50 94 a0 bc 0b b4 50 da 6e 77 76 66 3c ff bb 1d dc c0 76 f7 de d9 a5 50 32 bf 64 d3 6e 3b 73 e6 9e ff 3d f7 dc 7b cf 1d 6d ee c2 6b 0e f9 48 a1 d7 fd f4 91 c0 17 4b 01 5f 2c 05 7c b1 14 f0 c5 52 c0 17 4b 01 5f 2c 05 7c b1 14 f0 c5 52 c0 17 4b 01 5f 2c 05 7c b1 14 f0 c5 52 c0 17 4b 81 06 Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYsodIDATx^klUZ[Wy"BD%/~0JM4F?QOh\|PPnwvf<vP2dn;s={mkHK_,\|RK_,\|RK_,\|RK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.16	49907	4.152.133.8	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:53 UTC	607	OUT	POST /api/browser/edge/navigate/3 HTTP/1.1 Host: nav-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 1966 Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiS0ZJSEYrdUZLZXZlZU1NNE92RFBxdz09IiwgImhhc2giOiJqbGpweG5nL2w0UT0ifQ== Content-Type: application/json; charset=utf-8 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-08-30 17:06:53 UTC	1966	OUT	Data Raw: 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 20 45 64 67 2f 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 22 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 22 74 3d 47 77 41 57 41 64 39 74 42 41 41 55 61 6e 50 58 Data Ascii: {"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47","identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":"t=GwAWAd9tBAAUanPX
2024-08-30 17:06:53 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:53 GMT Content-Type: application/json; charset=utf-8 Content-Length: 1293 Connection: close Server: Kestrel Cache-Control: max-age=0, private Request-Context: appId=cid-v1:7b18f7b7-44a8-4212-9aac-12b29c628ff9
2024-08-30 17:06:53 UTC	1293	IN	Data Raw: 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 24 74 79 70 65 22 3a 22 63 61 63 68 65 22 2c 22 6b 65 79 22 3a 7b 22 75 72 69 22 3a 22 61 70 70 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 69 6e 68 65 72 69 74 61 6e 63 65 22 3a 22 6e 6f 6e 65 22 7d 2c 22 6d 61 78 41 67 65 22 3a 31 30 30 38 30 30 30 30 30 30 30 30 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 78 74 22 3a 22 31 3b 63 35 66 61 61 64 35 39 2d 61 32 65 33 2d 33 31 66 32 2d 62 38 36 65 2d 61 61 66 39 35 38 65 31 32 38 32 34 3b 50 48 53 48 3a 30 30 35 3b 37 45 2d 30 35 22 2c 22 72 65 73 70 6f 6e 73 65 43 61 74 65 67 6f 72 79 22 3a 22 41 6c 6c 6f 77 65 64 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 24 74 79 70 65 22 3a 22 61 6c 6c 6f 77 22 7d 7d 5d 2c 22 73 65 72 76 65 72 43 6f 6e 74 65 78 74 22 3a 22 31 Data Ascii: {"actions":[{"$type":"cache","key":{"uri":"apps.microsoft.com","inheritance":"none"},"maxAge":100800000000,"serverContext":"1;c5faad59-a2e3-31f2-b86e-aaf958e12824;PHSH:005;7E-05","responseCategory":"Allowed","result":{"$type":"allow"}}],"serverContext":"1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.16	49908	13.107.246.40	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:53 UTC	1256	OUT	GET /?hl=en-gb&gl=US HTTP/1.1 Host: apps.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: MSCC=NR; _uetsid=38f5b80066f211ef8e42955f49cff437; _uetvid=38f5f62066f211efbd70c5325bd23ed0; exp-session-id=5c50c2be-2280-4894-8b9d-08769d5f6b5d; MC1=GUID=8066933817c14dd4b95ec0f14ae2f52e&HASH=8066&LV=202408&V=4&LU=1725037601107; MS0=3ff7644f482e4ef18a6c09d30f0da6df; _clck=cxz6pr%7C2%7Cfor%7C0%7C1703; ai_user=9rMpP0Qn6qNSXuixeKsjPJ\|2024-08-30T17:06:41.789Z; ai_session=cJ7a1Gr9uXKI5v7pezfkFB\|1725037601796\|1725037601796; _fbp=fb.1.1725037601863.431589390354711508; _clsk=ghq9hd%7C1725037602498%7C1%7C0%7Ct.clarity.ms%2Fcollect
2024-08-30 17:06:54 UTC	1103	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 17:06:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=43200 Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:04e455f9-321c-49bf-8d2c-d79fbf5e8cde MS-CV: yOJJjP5QR0WuCb/z.0 X-Content-Type-Options: nosniff Permissions-Policy: unload=() Content-Security-Policy: default-src 'self' data: https://.clarity.ms https://c.bing.com;script-src 'self' wcpstatic.microsoft.com js.monitor.azure.com www.microsoft.com www.clarity.ms get.microsoft.com xvsec.video.microsoft.com bat.bing.com 'unsafe-inline';style-src 'unsafe-inline';connect-src * data: ms-windows-store:;font-src ;img-src data: blob:;media-src 'self' blob: https://sfds-production.azurefd.net https://canvasstorageprodtorus.blob.core.windows.net;frame-src * ms-windows-store:;report-uri https://csp.microsoft.com/report/app-store-web-prod X-Powered-By: ASP.NET x-azure-ref: 20240830T170653Z-16579567576l8zffr7mt4xy2un00000003bg00000000bz0r x-fd-int-roxy-purgeid: 66820184 X-Cache: TCP_MISS
2024-08-30 17:06:54 UTC	15281	IN	Data Raw: 33 36 39 36 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 67 62 22 20 64 69 72 3d 22 6c 74 72 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 41 70 70 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 62 61 73 65 20 68 72 65 66 3d 22 2f 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 65 74 20 61 70 70 73 2c 20 67 61 6d 65 73 2c 20 61 6e 64 20 6d 6f 72 65 20 66 6f 72 20 79 6f 75 72 20 57 69 6e 64 6f 77 73 20 64 65 76 69 63 65 22 3e 0d 0a 0d 0a 20 20 Data Ascii: 3696<!DOCTYPE html><html lang="en-gb" dir="ltr"><head> <meta charset="utf-8" /> <title>Microsoft Apps</title> <base href="/" /> <meta name="description" content="Get apps, games, and more for your Windows device">
2024-08-30 17:06:54 UTC	16384	IN	Data Raw: 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 68 6f 6d 65 3f 68 6c 3d 61 66 2d 5a 41 26 61 6d 70 3b 67 6c 3d 5a 41 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 61 6d 2d 45 54 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 70 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 68 6f 6d 65 3f 68 6c 3d 61 6d 2d 45 54 26 61 6d 70 3b 67 6c 3d 45 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 61 72 2d 53 41 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 70 73 2e Data Ascii: icrosoft.com/home?hl=af-ZA&gl=ZA"> <link rel="alternate" hreflang="am-ET" href="https://apps.microsoft.com/home?hl=am-ET&gl=ET"> <link rel="alternate" hreflang="ar-SA" href="https://apps.
2024-08-30 17:06:54 UTC	16384	IN	Data Raw: 6c 6c 2c 22 63 6f 6c 6f 72 48 65 78 43 6f 64 65 22 3a 6e 75 6c 6c 2c 22 63 6f 6c 6f 72 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 6e 75 6c 6c 2c 22 6d 73 72 70 22 3a 39 39 2e 39 39 2c 22 64 69 73 70 6c 61 79 4d 53 52 50 22 3a 22 24 39 39 2e 39 39 22 2c 22 73 61 6c 65 50 72 69 63 65 73 22 3a 5b 7b 22 63 6f 6e 64 69 74 69 6f 6e 73 22 3a 6e 75 6c 6c 2c 22 70 72 69 63 65 22 3a 39 39 2e 39 39 2c 22 64 69 73 70 6c 61 79 50 72 69 63 65 22 3a 22 24 39 39 2e 39 39 22 2c 22 62 61 64 67 65 49 64 22 3a 22 64 65 66 61 75 6c 74 22 7d 5d 2c 22 69 6e 63 6c 75 64 65 64 57 69 74 68 22 3a 6e 75 6c 6c 2c 22 73 74 72 65 61 6d 69 6e 67 53 65 72 76 69 63 65 22 3a 6e 75 6c 6c 7d 2c 7b 22 73 6b 75 49 64 22 3a 22 30 30 31 30 22 2c 22 73 6b 75 44 69 73 70 6c 61 79 52 61 6e 6b 73 22 3a Data Ascii: ll,"colorHexCode":null,"colorDisplayName":null,"msrp":99.99,"displayMSRP":"$99.99","salePrices":[{"conditions":null,"price":99.99,"displayPrice":"$99.99","badgeId":"default"}],"includedWith":null,"streamingService":null},{"skuId":"0010","skuDisplayRanks":
2024-08-30 17:06:54 UTC	16384	IN	Data Raw: 50 72 6f 64 75 63 74 22 2c 22 63 75 72 61 74 65 64 56 69 64 65 6f 55 72 69 22 3a 6e 75 6c 6c 2c 22 63 72 65 61 74 69 76 65 49 64 22 3a 6e 75 6c 6c 2c 22 70 61 79 6c 6f 61 64 49 64 22 3a 6e 75 6c 6c 2c 22 63 6f 6e 74 65 6e 74 54 79 70 65 22 3a 6e 75 6c 6c 2c 22 61 72 74 69 73 74 4e 61 6d 65 22 3a 6e 75 6c 6c 2c 22 61 72 74 69 73 74 49 64 22 3a 6e 75 6c 6c 2c 22 61 6c 62 75 6d 54 69 74 6c 65 22 3a 6e 75 6c 6c 2c 22 61 6c 62 75 6d 50 72 6f 64 75 63 74 49 64 22 3a 6e 75 6c 6c 2c 22 69 73 45 78 70 6c 69 63 69 74 22 3a 6e 75 6c 6c 2c 22 6e 75 6d 62 65 72 4f 66 53 65 61 73 6f 6e 73 22 3a 30 2c 22 72 65 6c 65 61 73 65 44 61 74 65 55 74 63 22 3a 22 39 39 39 39 2d 31 32 2d 33 31 54 32 33 3a 35 39 3a 35 39 2e 39 39 39 39 39 39 39 5a 22 2c 22 64 75 72 61 74 69 6f 6e Data Ascii: Product","curatedVideoUri":null,"creativeId":null,"payloadId":null,"contentType":null,"artistName":null,"artistId":null,"albumTitle":null,"albumProductId":null,"isExplicit":null,"numberOfSeasons":0,"releaseDateUtc":"9999-12-31T23:59:59.9999999Z","duration
2024-08-30 17:06:54 UTC	16384	IN	Data Raw: 70 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 69 6d 61 67 65 73 22 3a 6e 75 6c 6c 2c 22 62 61 64 67 65 73 22 3a 6e 75 6c 6c 2c 22 63 6f 6c 6f 72 48 65 78 43 6f 64 65 22 3a 6e 75 6c 6c 2c 22 63 6f 6c 6f 72 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 6e 75 6c 6c 2c 22 6d 73 72 70 22 3a 32 34 2e 39 39 2c 22 64 69 73 70 6c 61 79 4d 53 52 50 22 3a 22 24 32 34 2e 39 39 22 2c 22 73 61 6c 65 50 72 69 63 65 73 22 3a 5b 7b 22 63 6f 6e 64 69 74 69 6f 6e 73 22 3a 6e 75 6c 6c 2c 22 70 72 69 63 65 22 3a 32 34 2e 39 39 2c 22 64 69 73 70 6c 61 79 50 72 69 63 65 22 3a 22 24 32 34 2e 39 39 22 2c 22 62 61 64 67 65 49 64 22 3a 22 64 65 66 61 75 6c 74 22 7d 5d 2c 22 69 6e 63 6c 75 64 65 64 57 69 74 68 22 3a 6e 75 6c 6c 2c 22 73 74 72 65 61 6d 69 6e 67 53 65 72 76 69 63 65 22 3a 6e 75 6c Data Ascii: ption":null,"images":null,"badges":null,"colorHexCode":null,"colorDisplayName":null,"msrp":24.99,"displayMSRP":"$24.99","salePrices":[{"conditions":null,"price":24.99,"displayPrice":"$24.99","badgeId":"default"}],"includedWith":null,"streamingService":nul
2024-08-30 17:06:54 UTC	16384	IN	Data Raw: 22 3a 6e 75 6c 6c 2c 22 70 61 63 6b 61 67 65 41 6e 64 44 65 76 69 63 65 43 61 70 61 62 69 6c 69 74 69 65 73 22 3a 6e 75 6c 6c 2c 22 76 65 72 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 6c 61 73 74 55 70 64 61 74 65 44 61 74 65 55 74 63 22 3a 22 30 30 30 31 2d 30 31 2d 30 31 54 30 30 3a 30 30 3a 30 30 22 2c 22 73 6b 75 73 22 3a 6e 75 6c 6c 2c 22 6f 73 50 72 6f 64 75 63 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 63 61 74 65 67 6f 72 79 49 64 22 3a 6e 75 6c 6c 2c 22 73 75 62 63 61 74 65 67 6f 72 79 49 64 22 3a 6e 75 6c 6c 2c 22 6e 61 76 49 74 65 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6e 61 76 49 64 22 3a 6e 75 6c 6c 2c 22 61 64 64 4f 6e 50 72 69 63 65 52 61 6e 67 65 22 3a 6e 75 6c 6c 2c 22 72 65 63 75 72 72 65 6e 63 65 50 6f 6c 69 63 79 22 3a 6e 75 6c 6c Data Ascii: ":null,"packageAndDeviceCapabilities":null,"version":null,"lastUpdateDateUtc":"0001-01-01T00:00:00","skus":null,"osProductInformation":null,"categoryId":null,"subcategoryId":null,"navItemId":null,"navId":null,"addOnPriceRange":null,"recurrencePolicy":null
2024-08-30 17:06:54 UTC	16384	IN	Data Raw: 6e 6e 69 6e 67 20 49 6e 64 69 65 20 67 61 6d 65 20 64 65 76 65 6c 6f 70 65 72 73 20 74 6f 20 41 41 41 20 70 75 62 6c 69 73 68 65 72 73 22 2c 22 41 62 6f 75 74 50 61 67 65 2e 45 78 70 6c 6f 72 65 47 61 6d 65 73 22 3a 22 45 78 70 6c 6f 72 65 20 67 61 6d 65 73 22 2c 22 41 62 6f 75 74 50 61 67 65 2e 45 78 70 6c 6f 72 65 41 70 70 73 22 3a 22 45 78 70 6c 6f 72 65 20 61 70 70 73 22 2c 22 41 62 6f 75 74 50 61 67 65 2e 52 65 77 61 72 64 73 54 69 74 6c 65 22 3a 22 52 65 77 61 72 64 73 22 2c 22 41 62 6f 75 74 50 61 67 65 2e 52 65 77 61 72 64 73 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 45 61 72 6e 20 4d 69 63 72 6f 73 6f 66 74 20 52 65 77 61 72 64 73 20 70 6f 69 6e 74 73 20 77 68 65 6e 20 79 6f 75 20 62 75 79 20 70 72 6f 64 75 63 74 73 20 66 72 6f 6d 20 74 68 65 20 Data Ascii: nning Indie game developers to AAA publishers","AboutPage.ExploreGames":"Explore games","AboutPage.ExploreApps":"Explore apps","AboutPage.RewardsTitle":"Rewards","AboutPage.RewardsDescription":"Earn Microsoft Rewards points when you buy products from the

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.16	49909	23.52.162.6	443	1104	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-30 17:06:53 UTC	722	OUT	GET /image/apps.54640.9007199266243449.90709ce3-050c-4cef-8d4a-9ef213b89ef2.c20ffb74-ff9e-4d63-863a-94619399973d?w=75 HTTP/1.1 Host: store-images.s-microsoft.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://apps.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-08-30 17:06:53 UTC	411	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=7776000, s-maxage=7776000 Content-Type: image/png Last-Modified: Tue, 06 Oct 2020 07:51:50 GMT Accept-Ranges: none ETag: W/"AEArrCz4hLTcinHzgId1x2MT2Nwa4tQgMHg4RDg2OUNDQUYxMTJBN0Y" MS-CV: TYJoVrTGhUW/znHI.0 Access-Control-Expose-Headers: MS-CV Content-Length: 2261 Date: Fri, 30 Aug 2024 17:06:53 GMT Connection: close Access-Control-Allow-Origin: *
2024-08-30 17:06:53 UTC	2261	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4b 00 00 00 4b 08 06 00 00 00 38 4e 7a ea 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 08 6a 49 44 41 54 78 5e ed 9c 0b 6c 54 55 1a c7 6f 67 fa 62 69 67 a6 40 4b 5b 2b 8f be e8 bb 43 a1 20 4a 05 a1 02 82 2c c8 ab e5 a1 91 ec aa 41 12 d1 6e 61 95 dd 55 1e f2 10 43 14 59 59 0c 3e 62 88 ac 2b c8 8a 06 10 05 c4 07 12 cd 26 b2 28 2c c1 22 89 71 b3 d9 84 8d f1 05 2d 4b fb df ff 77 ee 1d 68 eb b4 33 b7 33 65 b9 e4 fc 93 2f d3 de 7b e7 dc 73 7e fd 5e e7 ce a4 46 4b 4b cb 97 b4 b3 da 42 5a 83 c0 fa 1e 5a 21 45 4e 3f 08 ac b3 d6 ef 5a 9d 88 9c fe a3 61 85 29 0d cb 86 34 2c 1b d2 b0 6c 48 c3 b2 21 0d Data Ascii: PNGIHDRKK8NzsRGBgAMAapHYsodjIDATx^lTUogbig@K[+C J,AnaUCYY>b+&(,"q-Kwh33e/{s~^FKKBZZ!EN?Za)4,lH!

Target ID:	0
Start time:	13:05:49
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	13:05:50
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2004,i,1911348884404984880,14140193632857720476,262144 /prefetch:3
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	13:05:50
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	13:05:50
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:3
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	13:05:53
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6492 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	13:05:53
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6676 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	13:06:28
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7360 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	13:06:33
Start date:	30/08/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff69f2f0000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	13:06:40
Start date:	30/08/2024
Path:	C:\Program Files\7-Zip\7zG.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\" -ad -an -ai#7zMap27937:184:7zEvent10880
Imagebase:	0xc0000
File size:	700'416 bytes
MD5 hash:	50F289DF0C19484E970849AAC4E6F977
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	13:06:50
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7772 --field-trial-handle=1980,i,14265413042925802276,9844281433010491032,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	26
Start time:	13:07:13
Start date:	30/08/2024
Path:	C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe"
Imagebase:	0x400000
File size:	3'222'504 bytes
MD5 hash:	B841D408448F2A07F308CED1589E7673
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001A.00000000.2021155593.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001A.00000002.2085473047.000000004A601000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Downloads\2+DEMNADA+LABORAL-+JUZGADO+02+CIVIL+DEL+CIRCUITO+RAMA+JUDICIAL\2 DEMNADA LABORAL- JUZGADO 02 CIVIL DEL CIRCUITO RAMA JUDICIAL\1 DEMANADA LABORAL.exe, Author: Joe Security
Antivirus matches:	Detection: 3%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	13:07:14
Start date:	30/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0xf20000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Asyncrat_11a11ba1, Description: unknown, Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000001B.00000002.2310004576.00000000060C0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	13:07:14
Start date:	30/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6684c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	13:07:35
Start date:	30/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Imagebase:	0x240000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000001D.00000002.2429415475.0000000002838000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000001D.00000002.2425306055.0000000000944000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Asyncrat_11a11ba1, Description: unknown, Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000001D.00000002.2423615197.0000000000342000.00000002.00000001.01000000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000001D.00000002.2429415475.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000001D.00000002.2425306055.00000000008FE000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.5%
Total number of Nodes:	143
Total number of Limit Nodes:	11

Executed Functions

Function 00D6AF10 Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32 ref: 00D6AF14

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: f8f831af93fe1ade53034f2c1c01a6d4c1e9b7af1bae33a5cdd3173e09e4ed7d
Instruction ID: 9dc11ca16485a0f39e3e13074aa561d3dc2ced93a47ce2167d54e2b8d3ca6810
Opcode Fuzzy Hash: f8f831af93fe1ade53034f2c1c01a6d4c1e9b7af1bae33a5cdd3173e09e4ed7d
Instruction Fuzzy Hash: 98A012108088000BC404A7184C4340F32C05940210FC50610745C95282E605856402F7

Function 00D6A1A0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,00D6A3C5,?,?,?,00D6A4E8,00000000,00D6A513,?,?,?,00000000), ref: 00D6A1D9
RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,00D6A3C5,?,?,?,00D6A4E8,00000000,00D6A513,?,?,?), ref: 00D6A222
RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,00D6A3C5,?,?,?,00D6A4E8), ref: 00D6A244
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 00D6A262
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 00D6A280
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 00D6A29E
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00D6A2BC
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,00D6A3C5), ref: 00D6A2FC
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,?,00000000,00D6A3A8,?,80000001), ref: 00D6A327
RegCloseKey.ADVAPI32(?,00D6A3AF,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales), ref: 00D6A3A2

Strings

Software\Borland\Delphi\Locales, xrefs: 00D6A2B2
Software\Borland\Locales, xrefs: 00D6A294
Software\Embarcadero\Locales, xrefs: 00D6A218, 00D6A23A
Software\CodeGear\Locales, xrefs: 00D6A258, 00D6A276

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Open$QueryValue$CloseFileModuleName
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
API String ID: 2701450724-3496071916
Opcode ID: ce36d04dc0f63040d7d4f50b3d02e2bf9f28691e3e38f66f5929144bcbd97321
Instruction ID: f241606fe8d9f31a2071f5b9d8dbe12301217d07d9ffd0be1599f7d54c6d5d9c
Opcode Fuzzy Hash: ce36d04dc0f63040d7d4f50b3d02e2bf9f28691e3e38f66f5929144bcbd97321
Instruction Fuzzy Hash: 3A515371A80608BFEB10EBD8CC42FBEB3BCEB08704F514465B644F6181DBB4AA549B75

Function 00D69E6C Relevance: 10.6, APIs: 7, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(00E50B84,00000000,00D69F70,?,?,?,00000000,?,00D6A838,00000000,00D6A897,?,?,00000000,00000000,00000000), ref: 00D69E8A
LeaveCriticalSection.KERNEL32(00E50B84,00E50B84,00000000,00D69F70,?,?,?,00000000,?,00D6A838,00000000,00D6A897,?,?,00000000,00000000), ref: 00D69EAE
IsValidLocale.KERNEL32(00000000,00000002,00E50B84,00E50B84,00000000,00D69F70,?,?,?,00000000,?,00D6A838,00000000,00D6A897), ref: 00D69ECF
EnterCriticalSection.KERNEL32(00E50B84,00000000,00000002,00E50B84,00E50B84,00000000,00D69F70,?,?,?,00000000,?,00D6A838,00000000,00D6A897), ref: 00D69F2C
LeaveCriticalSection.KERNEL32(00E50B84,00E50B84,00000000,00000002,00E50B84,00E50B84,00000000,00D69F70,?,?,?,00000000,?,00D6A838,00000000,00D6A897), ref: 00D69F55

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$LocaleValid
String ID:
API String ID: 488151944-0
Opcode ID: f24bdff6748c16afa4f163b8634291ed339e309c51916ef102c2bff7fc6b281f
Instruction ID: f93eab7a3b329c06f8333953c69a191c88cc9b356c196ebb940dd3c554ea7193
Opcode Fuzzy Hash: f24bdff6748c16afa4f163b8634291ed339e309c51916ef102c2bff7fc6b281f
Instruction Fuzzy Hash: 6B21D3207047025BDB60FBAC8CA3A2DA39DDF44719F564C25B800E72A6CEB09C09D3B2

Function 00D66FDC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00D67013

Strings

MZP, xrefs: 00D673FD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID: MZP
API String ID: 2882836952-2889622443
Opcode ID: cff3c08d7b9701cd7c700f3e746af2c5dbfdefb38f7fdb800058542faa6a47a0
Instruction ID: 5ee637cfe90ac8da08da44793449570b71fe173bd296028f0cb12dc0e1299807
Opcode Fuzzy Hash: cff3c08d7b9701cd7c700f3e746af2c5dbfdefb38f7fdb800058542faa6a47a0
Instruction Fuzzy Hash: 2251CF74608308CFDB25EF29D88576A7BE1FB09318F184929E8649B352D770DC89CB71

Function 00D64F84 Relevance: 4.7, APIs: 3, Instructions: 168
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNELBASE(00000000,?), ref: 00D64FD2
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,?,00000000), ref: 00D650B4
ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00D6512E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$AllocCreateLocalRead
String ID:
API String ID: 3093261258-0
Opcode ID: 3abc63721cb01af36194490af958ad4687141411447dff321ba6b8787e83b209
Instruction ID: 1985bc8241bd204c3d21916fc62ef518c6c306e1d3bc829e36b0907c6e31d936
Opcode Fuzzy Hash: 3abc63721cb01af36194490af958ad4687141411447dff321ba6b8787e83b209
Instruction Fuzzy Hash: 7F815B79E00209EFDF41DFD8C981AADBBB1FF08301F254095E905AB262D332AA50EF50

Function 00D6A780 Relevance: 3.1, APIs: 2, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserDefaultUILanguage.KERNEL32(00000000,00D6A897,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00D6A91E,00000000,?,00000105), ref: 00D6A82B
GetSystemDefaultUILanguage.KERNEL32(00000000,00D6A897,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00D6A91E,00000000,?,00000105), ref: 00D6A853

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: DefaultLanguage$SystemUser
String ID:
API String ID: 384301227-0
Opcode ID: 94b08054679132ac601d587f8ce0491f8d31b6ef71eb6152e406d0a5ab9c4026
Instruction ID: 7ab69bc72afcbadca77c074920dff8062e1bce531b367f820198a25cb47d3c38
Opcode Fuzzy Hash: 94b08054679132ac601d587f8ce0491f8d31b6ef71eb6152e406d0a5ab9c4026
Instruction Fuzzy Hash: E4313A70E106099FDB10EB9CC882AAEB7B5EF48304F504566E441B3261DBB4AD85CFB2

Function 00D65284 Relevance: 3.1, APIs: 2, Instructions: 66
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,00000000), ref: 00D652B6
VirtualProtect.KERNELBASE(?,?,00000000,00000000), ref: 00D652D7

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 34add0965becf7df06be07f094b6dec7b00d60c55653b12e629512594c3e3455
Instruction ID: c8570505d554f0dee411a8d27c884bd48a9ee6277a36d85878fb7af58bf4d8a9
Opcode Fuzzy Hash: 34add0965becf7df06be07f094b6dec7b00d60c55653b12e629512594c3e3455
Instruction Fuzzy Hash: 82316975D10119EFCF55CFA8D890AEDBBB1BF08314F04809AE919A3222DB34A995DF20

Function 00D6A8A4 Relevance: 3.1, APIs: 2, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,00D6A95E,?,00D60000,00E44C18,?,00D69658,00D60000,?,0000020A,00D60000,00E44C18,00D69699), ref: 00D6A8E0
LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,00D6A95E,?,00D60000,00E44C18,?,00D69658,00D60000,?,0000020A), ref: 00D6A931

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileLibraryLoadModuleName
String ID:
API String ID: 1159719554-0
Opcode ID: 15803e82e4ff110486831aa334d4798b9644707fa66d3b92f9f9293cc8e63f54
Instruction ID: 1739d4544f103d9ab3fb35803a4410f677a9826b1fad3efc3dce7f9750ae6257
Opcode Fuzzy Hash: 15803e82e4ff110486831aa334d4798b9644707fa66d3b92f9f9293cc8e63f54
Instruction Fuzzy Hash: B0119130A8461C9FDB10EBA8CC86BDEB3B8DB08700F5145E6F508E3291DA705F848EB5

Function 00D6962C Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(00D60000,?,0000020A,00D60000,00E44C18,00D69699,00000000,00DC7BF0,00DC7BF0,00DB73F4,00000000,00DB776E,?,00000000,00DC7BF0,00DC7BF0), ref: 00D6964A

Part of subcall function 00D6A8A4: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,00D6A95E,?,00D60000,00E44C18,?,00D69658,00D60000,?,0000020A,00D60000,00E44C18,00D69699), ref: 00D6A8E0
Part of subcall function 00D6A8A4: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,00D6A95E,?,00D60000,00E44C18,?,00D69658,00D60000,?,0000020A), ref: 00D6A931

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileModuleName$LibraryLoad
String ID:
API String ID: 4113206344-0
Opcode ID: be67bf224a212d41b432cc4c1a830b5424f8f567ee9b797b2da5b7a213b7ce25
Instruction ID: 8e046260402c5dcd2b338af8b8f06071bafe92109a3657852b3c857a09cb728a
Opcode Fuzzy Hash: be67bf224a212d41b432cc4c1a830b5424f8f567ee9b797b2da5b7a213b7ce25
Instruction Fuzzy Hash: 75E0C971A003109BCB10DE9CC9C5E567798AB48754F044691AD54DF246D771D91087F2

Function 00D630B4 Relevance: 1.3, APIs: 1, Instructions: 41
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,00D636CB,FFFFFFDC,00D6339C), ref: 00D630CB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 36b71adf19f23fd5f0352e02fd373ce133b3cf19b68607dfbfc8573a0cc30250
Instruction ID: 3f37d8723200922b5377d8e5453756efa656fb99f2db8e9d5af41e5a0d00310e
Opcode Fuzzy Hash: 36b71adf19f23fd5f0352e02fd373ce133b3cf19b68607dfbfc8573a0cc30250
Instruction Fuzzy Hash: D8F0A9F2B003108FEB148F79AD813017BE4F78A310F20417EE948EBB98D670884ADB90

Non-executed Functions

Function 00DE0A48 Relevance: 132.9, APIs: 59, Strings: 16, Instructions: 1656windowregistrytimeCOMMON

Download Yara Rule

APIs

ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DE0AB8
LoadCursorW.USER32(00000000,00007F00), ref: 00DE0DC4
GetVersion.KERNEL32(00000000,00007F00), ref: 00DE0DCC
RegisterClassW.USER32(000000C0), ref: 00DE0DEF
RegisterClassA.USER32(000000C0), ref: 00DE0E0D
GetVersion.KERNEL32(000000C0,00000000,00007F00), ref: 00DE0E30
GetVersion.KERNEL32(000000C0,00000000,00007F00), ref: 00DE0ED8
GetSystemMenu.USER32(?,00000000,000000C0,00000000,00007F00), ref: 00DE0F2B
RemoveMenu.USER32(00000000,0000F020,00000000,?,00000000,000000C0,00000000,00007F00), ref: 00DE0F3A
RemoveMenu.USER32(00000000,0000F030,00000000,00000000,0000F020,00000000,?,00000000,000000C0,00000000,00007F00), ref: 00DE0F47
RemoveMenu.USER32(00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,?,00000000,000000C0,00000000,00007F00), ref: 00DE0F54
RemoveMenu.USER32(00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,?,00000000,000000C0,00000000), ref: 00DE0F61
CreateFontW.GDI32(000000F5,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Tahoma), ref: 00DE0F88
CreateFontW.GDI32(000000F4,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,MS Sans Serif), ref: 00DE0FBA
CreateFontW.GDI32(000000F5,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Courier New), ref: 00DE0FE6
CreateFontW.GDI32(000000F8,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Small Fonts), ref: 00DE1012
CreateCompatibleDC.GDI32(00000000), ref: 00DE101E
SelectObject.GDI32(00000000,?), ref: 00DE1031
SetBkMode.GDI32(?,00000001), ref: 00DE1043
CreateDIBSection.GDI32(?,00000028,00000000,-00000012,00000000,00000000), ref: 00DE1343
SelectObject.GDI32(?,00000000), ref: 00DE1356
FindResourceA.KERNEL32(00000000), ref: 00DE1436
SetRect.USER32(?,00000000,00000000,00000014,00000000), ref: 00DE14B5
GetVersion.KERNEL32(?,00000000,00000000,00000014,00000000,00000000), ref: 00DE14BA
DrawTextW.USER32(?,00000000,000000FF,?,00000410), ref: 00DE14E3
DrawTextA.USER32(?,00000000,000000FF,?,00000410), ref: 00DE151D
GetSystemMetrics.USER32(00000000), ref: 00DE1556
GetSystemMetrics.USER32(00000004), ref: 00DE155E
GetSystemMetrics.USER32(00000000), ref: 00DE156F
GetSystemMetrics.USER32(00000004), ref: 00DE1578
EnableWindow.USER32(?,00000000), ref: 00DE186C
GetSystemMetrics.USER32(00000001), ref: 00DE1943
GetSystemMetrics.USER32(00000004), ref: 00DE194B
GetSystemMetrics.USER32(00000001), ref: 00DE195D
GetSystemMetrics.USER32(00000004), ref: 00DE1965
GetVersion.KERNEL32(-00000003,0000000B,00000005,00000005,?,?,00000003), ref: 00DE19DD
GetClientRect.USER32(?,0000000B), ref: 00DE1A44
SendMessageW.USER32(?,00001040,00000000), ref: 00DE1A7D
GetWindowRect.USER32(?,0000000B), ref: 00DE1AD1
SetWindowPos.USER32(?,00000000,0000000B,0000000C,0000000B,0000000C,00000016,?,0000000B,?,00001040,00000000,?,?,00000003), ref: 00DE1B0E
GetWindowRect.USER32(?,0000000B), ref: 00DE1B20

Part of subcall function 00D6E0DC: SetWindowLongW.USER32(?,FFFFFFFC,00000000), ref: 00D6E0DF

SetWindowPos.USER32(?,00000000,0000000B,0000000C,0000000B,?,00000016,?,0000000B,?,0000000B,?,00001040,00000000), ref: 00DE1B5D
GetSystemMetrics.USER32(00000001), ref: 00DE1B6E
GetSystemMetrics.USER32(00000000), ref: 00DE1B80
SetWindowPos.USER32(?,00000000,00000014,00000000,00000003,00000001,00000014,00000003,00000004,00000000,00000001,?,?,0000000C,0000000B), ref: 00DE1B98
GetClientRect.USER32(?,0000000B), ref: 00DE1BAA
GetSystemMetrics.USER32(00000001), ref: 00DE1BE9
GetSystemMetrics.USER32(00000000), ref: 00DE1BFB
SetWindowPos.USER32(?,00000000,00000014,00000000,00000003,00000001,00000014,00000003,00000004,?,0000000B,?,00000000,00000014,00000000,00000003), ref: 00DE1C13
GetWindowRect.USER32(?,0000000B), ref: 00DE1C25
GetTickCount.KERNEL32 ref: 00DE1CD1
SetTimer.USER32(?,00000309,0000000A,00000000), ref: 00DE1CEA
MessageBeep.USER32(00000010), ref: 00DE1D12
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000047,?,0000000B,?,00000000,00000014,00000000,00000003,00000001,00000014), ref: 00DE1D29
IsIconic.USER32(?), ref: 00DE1D34
ShowWindow.USER32(?,00000009,?,?,00000000,00000000,00000000,00000000,00000000,00000047,?,0000000B,?,00000000,00000014,00000000), ref: 00DE1D45
BringWindowToTop.USER32(?), ref: 00DE1D50
SetForegroundWindow.USER32(?), ref: 00DE1D5B
PostMessageA.USER32(00000000,00000000,?,00000000), ref: 00DE1D85

Part of subcall function 00DE07F4: GetVersion.KERNEL32(00000000,00DE08E9,?,?,?,?,00000000,00000000), ref: 00DE0812
Part of subcall function 00DE07F4: SendMessageA.USER32(00000000,00000030,?,00000000), ref: 00DE08C9

Part of subcall function 00D75E1C: VirtualAlloc.KERNEL32(00000000,00000011,00001000,00000040), ref: 00D75E34
Part of subcall function 00D75E1C: VirtualProtect.KERNEL32(00000000,00000011,00000020,00000025,00000000,00000011,00001000,00000040), ref: 00D75E69

Strings

, xrefs: 00DE1321
SysTabControl32, xrefs: 00DE19B4
O, xrefs: 00DE12B4
(, xrefs: 00DE143F
Static, xrefs: 00DE18F7
Courier New, xrefs: 00DE0FC4
3, xrefs: 00DE18A1
Button, xrefs: 00DE1459
(, xrefs: 00DE12FD
MS Sans Serif, xrefs: 00DE0F98
Tahoma, xrefs: 00DE0F66
madExceptWndClass, xrefs: 00DE0DFE
O, xrefs: 00DE12A7
MEIBIG, xrefs: 00DE1426
Small Fonts, xrefs: 00DE0FF0
madExceptWndClass, xrefs: 00DE0DE0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: SystemWindow$Metrics$Create$RectVersion$Menu$FontMessageRemove$ClassClientDrawObjectRegisterSelectSendTextVirtual$AllocBeepBringCompatibleCountCursorEnableFindForegroundIconicImageList_LoadLongModePostProtectResourceSectionShowTickTimer
String ID: $($($3$Button$Courier New$MEIBIG$MS Sans Serif$O$O$Small Fonts$Static$SysTabControl32$Tahoma$madExceptWndClass$madExceptWndClass
API String ID: 1962053921-1494278193
Opcode ID: 752d748f4e08edd2bcdbee9e9e2db4cdcbabb41ed6d86f22e96f25f3798a3960
Instruction ID: 9551f079d747c01c71827bc0579998cd1062cf3a4ed060d4da2303e643ee9ae6
Opcode Fuzzy Hash: 752d748f4e08edd2bcdbee9e9e2db4cdcbabb41ed6d86f22e96f25f3798a3960
Instruction Fuzzy Hash: 1CE22678A002449FDB20EFA9C885F99B7F5FF48300F244595F695AB392CB71AD45CBA0

Function 00DE6618 Relevance: 118.5, APIs: 18, Strings: 49, Instructions: 1272
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00DB2BBC: GetVersion.KERNEL32(00000000,00DB2C61,?,00E44D0C,?,00DB4F5F,00000000,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%), ref: 00DB2BE5
Part of subcall function 00DB2BBC: GetComputerNameW.KERNEL32(?,00000104), ref: 00DB2BFC

Part of subcall function 00DE4E64: GetVersion.KERNEL32(00000000,00DE4F16,?,?,?,00000000), ref: 00DE4E84
Part of subcall function 00DE4E64: GetSystemMetrics.USER32(00001000), ref: 00DE4E95
Part of subcall function 00DE4E64: LoadLibraryW.KERNEL32(wtsapi32.dll,00001000,00000000,00DE4F16,?,?,?,00000000), ref: 00DE4EA3

GetVersion.KERNEL32(00000000,00DE696B,?,?,?,00DE7958,?,?,00DE7958,?,?,00DE7944,?,?,00DE7934,?), ref: 00DE68E1
GetUserNameW.ADVAPI32(?,00000104), ref: 00DE68F8
GetUserNameA.ADVAPI32(?,00000104), ref: 00DE691D
GetVersion.KERNEL32(00000000,00DE6A5A,?,?,?,00DE7958,?,?,00DE7958,?,?,00DE7944,?,?,00DE7934,?), ref: 00DE6983

Strings

wts client name, xrefs: 00DE68AD
system up time, xrefs: 00DE6B02
command line, xrefs: 00DE6F1B, 00DE6F57
idapi32.dll, xrefs: 00DE72B8
largest free block, xrefs: 00DE6EB7
exception number, xrefs: 00DE7629
GetDiskFreeSpaceExA, xrefs: 00DE6C8F
Plugins, xrefs: 00DE73D6
processor, xrefs: 00DE6B8E
version, xrefs: 00DE7269, 00DE728B
processors, xrefs: 00DE6BD8
process id, xrefs: 00DE6E39
callstack crc, xrefs: 00DE75C7
display mode, xrefs: 00DE6DEB
\M, xrefs: 00DE7416
madExcept version, xrefs: 00DE73B4
/ , xrefs: 00DE6A2C
bde version, xrefs: 00DE72F2
system resources, xrefs: 00DE6C62
NT, xrefs: 00DE6992
will be calculated soon, xrefs: 00DE75C2
current module, xrefs: 00DE700D
Delphi XE8, xrefs: 00DE7351
kernel32.dll, xrefs: 00DE6C94
XM, xrefs: 00DE73E3
exec., xrefs: 00DE7104
computer name, xrefs: 00DE686E
$M, xrefs: 00DE7459
date/time, xrefs: 00DE682F
program up time, xrefs: 00DE6B41
allocated memory, xrefs: 00DE6E78
exception class, xrefs: 00DE767D
BCB XE8, xrefs: 00DE733E
date/time, xrefs: 00DE71FE
module, xrefs: 00DE7113
RegisteredOwner, xrefs: 00DE6A06
<admin>, xrefs: 00DE6948
exception message, xrefs: 00DE7704, 00DE7726
executable, xrefs: 00DE6FA9
compiled with, xrefs: 00DE7343, 00DE7356
user name, xrefs: 00DE6956
\CurrentVersion, xrefs: 00DE69B2, 00DE69EB
free disk space, xrefs: 00DE6D6C, 00DE6DAC
registered owner, xrefs: 00DE6A45
RegisteredOrganization, xrefs: 00DE69CD
Software\Microsoft\Windows, xrefs: 00DE69AA, 00DE69E3
physical memory, xrefs: 00DE6C17
operating system, xrefs: 00DE6A84
system language, xrefs: 00DE6AC3

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version$Name$User$ComputerLibraryLoadMetricsSystem
String ID: <admin>$ / $ NT$ date/time$$M$BCB XE8$Delphi XE8$GetDiskFreeSpaceExA$Plugins$RegisteredOrganization$RegisteredOwner$Software\Microsoft\Windows$XM$\CurrentVersion$\M$allocated memory$bde version$callstack crc$command line$compiled with$computer name$current module$date/time$display mode$exception class$exception message$exception number$exec.$executable$free disk space$idapi32.dll$kernel32.dll$largest free block$madExcept version$module$operating system$physical memory$process id$processor$processors$program up time$registered owner$system language$system resources$system up time$user name$version$will be calculated soon$wts client name
API String ID: 1441997346-1721773108
Opcode ID: 2b3e51c2192b3081b6131b69db5ca004d62bc7a90cc725ba9118c07899f29168
Instruction ID: accde56562be26723ab96c6b5084cface0a452fed0e96e0af519ac8654bdb842
Opcode Fuzzy Hash: 2b3e51c2192b3081b6131b69db5ca004d62bc7a90cc725ba9118c07899f29168
Instruction Fuzzy Hash: 4BB2D534A086999FCB51FB56DC51AAEB7B9EF48300F6044A5F508A3291DB30EE45CF71

Function 00D736E8 Relevance: 105.6, APIs: 47, Strings: 13, Instructions: 554
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnableWindow.USER32(?,00000000), ref: 00D73736
LoadCursorW.USER32(00000000,00007F00), ref: 00D73785
GetVersion.KERNEL32(?,00000000,00D73D4B), ref: 00D7378D
RegisterClassW.USER32(000000C0), ref: 00D737A5
RegisterClassA.USER32(000000C0), ref: 00D737ED

Part of subcall function 00D6E164: CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D6E1A3

GetSystemMenu.USER32(00000000,00000000,?,00000000,00D73D4B), ref: 00D7383D
RemoveMenu.USER32(00000000,0000F020,00000000,00000000,00000000,?,00000000,00D73D4B), ref: 00D7384C
RemoveMenu.USER32(00000000,0000F030,00000000,00000000,0000F020,00000000,00000000,00000000,?,00000000,00D73D4B), ref: 00D73859
RemoveMenu.USER32(00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,00000000,00000000,?,00000000,00D73D4B), ref: 00D73866
RemoveMenu.USER32(00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,00000000,00000000,?,00000000), ref: 00D73873
CreateFontA.GDI32(000000F5,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Tahoma), ref: 00D7389A
CreateFontA.GDI32(000000F4,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,MS Sans Serif), ref: 00D738CA
CreateCompatibleDC.GDI32(00000000), ref: 00D738D4
SelectObject.GDI32(00000000,?), ref: 00D738E3
SetRect.USER32(?,00000000,00000000,000001A4,00000000), ref: 00D73910
GetVersion.KERNEL32(00000000,?,00000000,00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,00000000), ref: 00D73915
DrawTextW.USER32(00000010,00000000,000000FF,?,00000410), ref: 00D73940
DrawTextA.USER32(00000010,00000000,000000FF,?,00000410), ref: 00D73976
GetVersion.KERNEL32(00000000,?,00000000,00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,00000000), ref: 00D739AE
FindResourceW.KERNEL32(?,00000000,00000002,00000000,?,00000000,00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000), ref: 00D739C9
FindResourceA.KERNEL32(?,00000000,00000002), ref: 00D739F4
GetVersion.KERNEL32(?,00000000,00000002,00000000,?,00000000,00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000), ref: 00D73AAE
SendMessageA.USER32(?,00000030,?,00000000), ref: 00D73B60
GetSystemMetrics.USER32(00000014), ref: 00D73B71
SendMessageA.USER32(00000000,00000401,00000000,03E80000), ref: 00D73BAB
GetSystemMetrics.USER32(00000007), ref: 00D73BB2
GetSystemMetrics.USER32(00000033), ref: 00D73BBE
GetSystemMetrics.USER32(00000014), ref: 00D73BC7
GetSystemMetrics.USER32(00000008), ref: 00D73BD3
IsIconic.USER32(00000000), ref: 00D73BE2
ShowWindow.USER32(00000000,00000009,00000008,00000014,00000033,00000007,00000000,00000401,00000000,03E80000,0000000B,?,00000030,?,00000000,?), ref: 00D73BF1
GetSystemMetrics.USER32(00000001), ref: 00D73C05
GetSystemMetrics.USER32(00000000), ref: 00D73C16
SetWindowPos.USER32(00000000,00000000,?,00000000,00000000,00000001,?,?,00000004,00000008,00000014,00000033,00000007,00000000,00000401,00000000), ref: 00D73C2C
ShowWindow.USER32(00000000,00000001,00000000,00000000,?,00000000,00000000,00000001,?,?,00000004,00000008,00000014,00000033,00000007,00000000), ref: 00D73C37
BringWindowToTop.USER32(00000000), ref: 00D73C40
SetForegroundWindow.USER32(00000000), ref: 00D73C49
SystemParametersInfoW.USER32(00000030,00000000,0000000B,00000000), ref: 00D73C5D
GetSystemMetrics.USER32(00000010), ref: 00D73C68
GetSystemMetrics.USER32(00000011), ref: 00D73C72
GetSystemMetrics.USER32(00000004), ref: 00D73C7B
SetLastError.KERNEL32(00000000,00000008,00000014,00000033,00000007,00000000,00000401,00000000,03E80000,0000000B,?,00000030,?,00000000,?,00000000), ref: 00D73C89
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000008,00000014,00000033,00000007,00000000,00000401,00000000,03E80000,0000000B,?), ref: 00D73CBF
GetLastError.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000008,00000014,00000033,00000007,00000000,00000401,00000000,03E80000,0000000B,?), ref: 00D73CCD
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000008,00000014,00000033,00000007,00000000,00000401,00000000,03E80000,0000000B), ref: 00D73CE6
SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000014,00000000,00000000,00000000,00000000,?,00000000,00000008,00000014,00000033), ref: 00D73D16
ShowWindow.USER32(00000000,00000004,00000000,00000000,?,?,?,?,00000014,00000000,00000000,00000000,00000000,?,00000000,00000008), ref: 00D73D21

Strings

prgrAlertWndClass, xrefs: 00D73799
msctls_progress32, xrefs: 00D73B8A
(, xrefs: 00D73A06
Please wait..., xrefs: 00D73748
Static, xrefs: 00D73AEC
3, xrefs: 00D73A72
MZP, xrefs: 00D737C2, 00D7380A, 00D73A1D, 00D73AD5, 00D73B1B, 00D73B82
Tahoma, xrefs: 00D73878
MS Sans Serif, xrefs: 00D738A8
prgrAlertWndClass, xrefs: 00D737E1
Button, xrefs: 00D73A25
madProgressAlertPos, xrefs: 00D73CA6
Static, xrefs: 00D73B42

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: System$Metrics$Window$CreateMenu$RemoveVersion$Show$ClassDrawErrorFindFontLastMessageRegisterResourceSendText$BringCloseCompatibleCursorEnableEventForegroundHandleIconicInfoLoadObjectParametersRectSelect
String ID: ($3$Button$MS Sans Serif$MZP$Please wait...$Static$Static$Tahoma$madProgressAlertPos$msctls_progress32$prgrAlertWndClass$prgrAlertWndClass
API String ID: 1133331124-355427981
Opcode ID: d3fa4d476618a387e0e64dbac6a5d8a865ed1a1f234cf16a5aec101d630713b5
Instruction ID: 14a2f35da7ee92c1041fc3c5312c10a39a3614a248f4acda21cbfeb757813a4c
Opcode Fuzzy Hash: d3fa4d476618a387e0e64dbac6a5d8a865ed1a1f234cf16a5aec101d630713b5
Instruction Fuzzy Hash: 3212FE71B40304ABEB50EFA8DC82F9E77A9EB08700F144555FA08EF2C6D6B4E9419B75

Function 00D98190 Relevance: 93.6, APIs: 52, Strings: 1, Instructions: 891COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00D9824B
ScreenToClient.USER32(?,?), ref: 00D9825B
IsWindowEnabled.USER32(?), ref: 00D9827A
LoadCursorW.USER32(00000000,00007F89), ref: 00D9828A
SetCursor.USER32(00000000), ref: 00D98298
GetSysColor.USER32(0000000F), ref: 00D9839D
GetSysColor.USER32(0000000F), ref: 00D98400
GetSysColor.USER32(0000000F), ref: 00D98461
GetSysColor.USER32(0000000F), ref: 00D98469
GetSysColor.USER32(00000015), ref: 00D984A1
IsWindowUnicode.USER32(?), ref: 00D98B29
DefWindowProcW.USER32(?,?,?,?,?,00000000,00D98B5A,?,00000000,00D98BF0,?,?,?,?,00000013,00000000), ref: 00D98B39
DefWindowProcA.USER32(?,?,?,?,?,00000000,00D98B5A,?,00000000,00D98BF0,?,?,?,?,00000013,00000000), ref: 00D98B49

Strings

Arial, xrefs: 00D98494, 00D9859D, 00D985E3

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Color$Window$Cursor$Proc$ClientEnabledLoadScreenUnicode
String ID: Arial
API String ID: 4017028549-493054409
Opcode ID: e1973ed7f3afcdaac1d76ad366d3423eabb474281e487336c85e3dfbf23783ae
Instruction ID: da58fda78479d2ff3df2bdd93f43bc9d7cba5b1a46b0c0333568eae3f5efa0f2
Opcode Fuzzy Hash: e1973ed7f3afcdaac1d76ad366d3423eabb474281e487336c85e3dfbf23783ae
Instruction Fuzzy Hash: C3626D71A00209AFDF10DFA8C985F9E77A9EF4A710F148151F944EB296CA70EE45DBB0

Function 00DDBD20 Relevance: 70.8, APIs: 39, Strings: 1, Instructions: 756windowsleeptimeCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 00DDBF45
KillTimer.USER32(?,?,00000000,00DDC5E9), ref: 00DDBF89
InvalidateRect.USER32(?,00000000,00000000,?,?,00000000,00DDC5E9), ref: 00DDBF9B
GetWindowDC.USER32(?), ref: 00DDBFD6
GetSysColor.USER32(0000000F), ref: 00DDBFE9
GetSysColor.USER32(00000015), ref: 00DDBFFB
Sleep.KERNEL32(0000000A,00000000,00000000,?), ref: 00DDC010
GetSysColor.USER32(00000015), ref: 00DDC021
GetSysColor.USER32(0000000F), ref: 00DDC030
ReleaseDC.USER32(?,?), ref: 00DDC075
GetClientRect.USER32(?,?), ref: 00DDC13B
PostMessageA.USER32(?,00000111,00000000,?), ref: 00DDC21E
GetWindowDC.USER32(?), ref: 00DDC227
GetSysColor.USER32(0000000F), ref: 00DDC256
ReleaseDC.USER32(?,?), ref: 00DDC298

Strings

,, xrefs: 00DDC4D5

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Color$RectReleaseWindow$ClientFocusInvalidateKillMessagePostSleepTimer
String ID: ,
API String ID: 3702526127-3772416878
Opcode ID: 47c248edf47178a669227a1cd147b249bf42bb8da97875e62608da69339947b2
Instruction ID: f53eb27f864e63e52680c6385fc0b48304547c31d132e639acee476d5bebfa96
Opcode Fuzzy Hash: 47c248edf47178a669227a1cd147b249bf42bb8da97875e62608da69339947b2
Instruction Fuzzy Hash: 84524531640646DFD720DFA8C885B6AB3E6AF08304F14452AFA569B792DB71FC41CB70

Function 00D99744 Relevance: 49.7, APIs: 25, Strings: 3, Instructions: 694windowkeyboardtimeCOMMON

Download Yara Rule

APIs

IsWindowEnabled.USER32(00000000), ref: 00D99786
EnableWindow.USER32(00000000,00000000), ref: 00D997A4
CreateCompatibleDC.GDI32(00000000), ref: 00D997B2
SelectObject.GDI32(?,?), ref: 00D9996E
DeleteDC.GDI32(?), ref: 00D99977

Part of subcall function 00D99654: SendMessageA.USER32(?,00000030,?,00000000), ref: 00D996E7

GetWindowRect.USER32(?,00000000), ref: 00D99C5C
GetClientRect.USER32(?,00000000), ref: 00D99C77
GetSystemMetrics.USER32(00000001), ref: 00D99C96
GetSystemMetrics.USER32(00000000), ref: 00D99CAC
SetWindowPos.USER32(?,00000000,0000013B,00000000,?,00000001,0000013B,?,00000004,?,00000000,?,00000000), ref: 00D99CC8

Part of subcall function 00D98DE8: IsWindowEnabled.USER32(00000000), ref: 00D98E47

ShowWindow.USER32(?,00000001,00000000,?,00000000,0000013B,00000000,?,00000001,0000013B,?,00000004,?,00000000,?,00000000), ref: 00D99CF8
IsIconic.USER32(?), ref: 00D99D03
ShowWindow.USER32(?,00000009,?,?,00000001,00000000,?,00000000,0000013B,00000000,?,00000001,0000013B,?,00000004,?), ref: 00D99D14
BringWindowToTop.USER32(?), ref: 00D99D1F
SetForegroundWindow.USER32(?), ref: 00D99D2A
SetTimer.USER32(?,00000309,?,00000000), ref: 00D99D4A
GetKeyState.USER32(00000010), ref: 00D99DC6
IsDialogMessageW.USER32(?,?), ref: 00D99EB5
TranslateMessage.USER32(?), ref: 00D99EC2
DispatchMessageW.USER32(?), ref: 00D99ECB
IsWindow.USER32(?), ref: 00D99ED6
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D99EE9
VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,00000001,00000000,?,00000000,0000013B,00000000,?,00000001), ref: 00D99F03
EnableWindow.USER32(00000000,000000FF), ref: 00D99F22
SetActiveWindow.USER32(00000000,00000000,000000FF,?,00000000,00008000,?,?,?,?,?,00000001,00000000,?,00000000,0000013B), ref: 00D99F2B

Strings

Arial, xrefs: 00D997FE
(, xrefs: 00D998ED
Tahoma, xrefs: 00D998E2

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$Message$EnableEnabledMetricsRectShowSystem$ActiveBringClientCompatibleCreateDeleteDialogDispatchForegroundFreeIconicObjectSelectSendStateTimerTranslateVirtual
String ID: ($Arial$Tahoma
API String ID: 2795582209-4012326664
Opcode ID: f7ac8990e3c35b88af1bec04e211efd1c82669fd9637dbb7d2a6730e37cac16e
Instruction ID: e6610b8e7c2e7f81ab989e27af2bcc79dd00eb6ce15bf19c5f3d8924d0c8ac48
Opcode Fuzzy Hash: f7ac8990e3c35b88af1bec04e211efd1c82669fd9637dbb7d2a6730e37cac16e
Instruction Fuzzy Hash: 45520735A002188FDF10EBA8C995B9DB3B5FF49300F544195E509AB35ADB70AD89CFB2

Function 00E07D10 Relevance: 41.4, APIs: 17, Strings: 6, Instructions: 1137filememorylibraryCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00E08C3A,?,?,00E08CE4,?), ref: 00E07EA1
GetModuleHandleW.KERNEL32(?,00000000,00E08B8B,?,00E08CE4,?,000000FF,00000000,00E08BAF,?,00000000,00E08C3A,?,?,00E08CE4,?), ref: 00E080E9
VirtualProtect.KERNEL32(?,00001000,00000020,?,?,00000000,00E08B8B,?,00E08CE4,?,000000FF,00000000,00E08BAF,?,00000000,00E08C3A), ref: 00E0816E
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,00E08CE4,?,00000004,?,00001000,00000020,?,?,00000000,00E08B8B), ref: 00E081E7
UnmapViewOfFile.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,00E08CE4,?,00000004,?,00001000,00000020,?,?,00000000,00E08B8B), ref: 00E08204
CloseHandle.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,00E08CE4,?,00000004,?,00001000,00000020,?,?,00000000,00E08B8B), ref: 00E0820F
LoadLibraryW.KERNEL32(?,00E08CE4,?,00000004,?,00001000,00000020,?,?,00000000,00E08B8B,?,00E08CE4,?,000000FF,00000000), ref: 00E08277

Strings

P_, xrefs: 00E07EBC, 00E08196, 00E084C2
0^, xrefs: 00E080C5, 00E08253
h_, xrefs: 00E08184
, xrefs: 00E07DAA
x_, xrefs: 00E07E3B
Z, xrefs: 00E08781

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileHandleView$CloseLibraryLoadModuleObjectProtectSingleUnmapVirtualWait
String ID: $0^$P_$Z$h_$x_
API String ID: 690218428-593301448
Opcode ID: 102badaa59050b00ca02640e74b6721b5af3c309013c5d1af38473b781dd7d27
Instruction ID: f18bd6f38ebdd9325002b8239dd63c457662ccb8f884ed97a9a49209426a7fc4
Opcode Fuzzy Hash: 102badaa59050b00ca02640e74b6721b5af3c309013c5d1af38473b781dd7d27
Instruction Fuzzy Hash: 90A25D74A002498FDB15DFA8C881B9DBBF2FF49304F1481A5E858AB396D774ED86CB50

Function 00DB4D18 Relevance: 40.5, APIs: 2, Strings: 21, Instructions: 289timeCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%,?,00DC7035,%errorDetails%,%bugReport%,%exceptMsg%), ref: 00DB4D99
GetLocalTime.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%,?,00DC7035,%errorDetails%,%bugReport%,%exceptMsg%), ref: 00DB4E1E

Part of subcall function 00DB2BBC: GetVersion.KERNEL32(00000000,00DB2C61,?,00E44D0C,?,00DB4F5F,00000000,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%), ref: 00DB2BE5
Part of subcall function 00DB2BBC: GetComputerNameW.KERNEL32(?,00000104), ref: 00DB2BFC

Part of subcall function 00D7436C: GetVersion.KERNEL32(00000000,00D748C5,?,00E44D0C,?,00DB4F78,00000000,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%), ref: 00D743AC
Part of subcall function 00D7436C: GetModuleHandleW.KERNEL32(ntdll.dll,RtlGetVersion), ref: 00D743DC
Part of subcall function 00D7436C: GetVersionExW.KERNEL32(0000011C,00000000,ntdll.dll,RtlGetVersion), ref: 00D74405
Part of subcall function 00D7436C: GetVersionExW.KERNEL32(00000114,0000011C,00000000,ntdll.dll,RtlGetVersion), ref: 00D7441F
Part of subcall function 00D7436C: GetSystemMetrics.USER32(00000059), ref: 00D747E9

Part of subcall function 00DB49DC: SHGetMalloc.SHELL32(?), ref: 00DB4A18
Part of subcall function 00DB49DC: SHGetSpecialFolderLocation.SHELL32(000000FF,00000010,?,00000000,00DB4B5F,?,?,?,00E44D0C,?,00DB4FA9,00000000,?,?,?,00000000), ref: 00DB4A2C
Part of subcall function 00DB49DC: GetModuleHandleW.KERNEL32(shell32.dll,SHGetPathFromIDListW,000000FF,00000010,?,00000000,00DB4B5F,?,?,?,00E44D0C,?,00DB4FA9,00000000), ref: 00DB4A4C

Part of subcall function 00DB49DC: SHGetPathFromIDListA.SHELL32(?,?,000000FF,00000010,?,00000000,00DB4B5F,?,?,?,00E44D0C,?,00DB4FA9,00000000), ref: 00DB4A99

Strings

%LF%, xrefs: 00DB4E13
%commonappdata%, xrefs: 00DB5011, 00DB5035
%appname%, xrefs: 00DB4D69
%modname%, xrefs: 00DB4D8F
%date%, xrefs: 00DB4F14
%exceptClass%, xrefs: 00DB4D1B
%exceptClass%, xrefs: 00DB4DC3
%os%, xrefs: 00DB4F80
mod, xrefs: 00DB4DAE
%localappdata%, xrefs: 00DB5053, 00DB507D
%desktop%, xrefs: 00DB4FB1
Unknown, xrefs: 00DB4DD7
%computerName%, xrefs: 00DB4F67
%userappdata%, xrefs: 00DB4FCF, 00DB4FF3
%bugReport%, xrefs: 00DB4E00
%exceptMsg%, xrefs: 00DB4DDC, 00DB4DEF
%time%, xrefs: 00DB4F25
%datetime%, xrefs: 00DB4F4E
%errorDetails%, xrefs: 00DB4F91
0M, xrefs: 00DB4FBD, 00DB4FFF, 00DB5041
app, xrefs: 00DB4DA0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version$HandleModule$ComputerFolderFromListLocalLocationMallocMetricsNamePathSpecialSystemTime
String ID: %LF%$%appname%$%bugReport%$%commonappdata%$%computerName%$%date%$%datetime%$%desktop%$%errorDetails%$%exceptClass%$%exceptClass%$%exceptMsg%$%localappdata%$%modname%$%os%$%time%$%userappdata%$0M$Unknown$app$mod
API String ID: 3655623378-2866492965
Opcode ID: 662cd1f246396ffe13506d946ba2788e2b1e20bbac1d496bb8fed2a96a9258f3
Instruction ID: b19650af0026605173f4d346761778f6d5bfc83653dfe4575ef9f001000e82ce
Opcode Fuzzy Hash: 662cd1f246396ffe13506d946ba2788e2b1e20bbac1d496bb8fed2a96a9258f3
Instruction Fuzzy Hash: B9B13E38E00519EFDF10EB95D851BDEB7B5EF48350F208065E905AB399DA70AE06CBB1

Function 00DB293C Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB268C: GetVersion.KERNEL32(00000000,00DB28FA), ref: 00DB26D9
Part of subcall function 00DB268C: GetTempPathW.KERNEL32(00000104,?,00000000,00DB28FA), ref: 00DB26F5
Part of subcall function 00DB268C: CreateDirectoryW.KERNEL32(?,00000000,00000104,?,00000000,00DB28FA), ref: 00DB273E
Part of subcall function 00DB268C: CreateDirectoryW.KERNEL32(00000000,00000000,.madExcept,?,?,?,00000000,00000104,?,00000000,00DB28FA), ref: 00DB27B2

GetVersion.KERNEL32(00000000,00DB2B8B), ref: 00DB299B
GetFileAttributesW.KERNEL32(00000000,00000000,00DB2B8B), ref: 00DB29B4
FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,00DB2B8B), ref: 00DB29E8
DeleteFileW.KERNEL32(00000000,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2A2A
FindNextFileW.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2A37
FindClose.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2A41
RemoveDirectoryW.KERNEL32(00000000,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2A4F
GetFileAttributesA.KERNEL32(00000000,00000000,00DB2B8B), ref: 00DB2A78
FindFirstFileA.KERNEL32(00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2ABC
DeleteFileA.KERNEL32(00000000,?,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2B15
FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2B22
FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2B2C
RemoveDirectoryA.KERNEL32(00000000,00000000,?,00000000,00000000,00DB2B8B), ref: 00DB2B50

Strings

*.*, xrefs: 00DB2AA6
*.*, xrefs: 00DB29CF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$Find$Directory$AttributesCloseCreateDeleteFirstNextRemoveVersion$PathTemp
String ID: *.*$*.*
API String ID: 1395164288-2319503850
Opcode ID: 659e46deb22acc940e7adc25ae3054c8e4524ae366d4b25707b0a53e83e294cc
Instruction ID: e85280d9067e878954856358444de246e816d11380fc1d6968b96bb6f77084f1
Opcode Fuzzy Hash: 659e46deb22acc940e7adc25ae3054c8e4524ae366d4b25707b0a53e83e294cc
Instruction Fuzzy Hash: 6E510970A04619DBCF60FBB4CC99BEDB3B9EF48315F1006E1A419A3291DA349E859F34

Function 00E09968 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332filememorysynchronizationCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,?,?,?,?,00000000,00E09FDA), ref: 00E09F73

Part of subcall function 00E06C4C: GetCurrentProcessId.KERNEL32(?,00E06D38,?,00000000,00E06D1E,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06C93

WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00E09D5C,?,00000000,00E0A004,?,?,?,?,?,?,00000000,00E09FDA), ref: 00E09A59
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,00000000,00E09D14,?,00000000,00E09D38,?,00000000,00E09D5C,?,00000000,00E0A004), ref: 00E09AE4
VirtualProtect.KERNEL32(?,00000008,00000040,?,00000000,00E09C3F,?,00000000,00E09CED,?,00000000,000F001F,00000000,00000000,00000000,00000000), ref: 00E09C27
VirtualProtect.KERNEL32(?,00000008,?,?,?,00000000,00E09C3F,?,00000000,00E09CED,?,00000000,000F001F,00000000,00000000,00000000), ref: 00E09CA4
CloseHandle.KERNEL32(00000000,00000000,00E09CED,?,00000000,000F001F,00000000,00000000,00000000,00000000,00E09D14,?,00000000,00E09D38,?,00000000), ref: 00E09CC5
UnmapViewOfFile.KERNEL32(00000000,00E09CF4,00000000,000F001F,00000000,00000000,00000000,00000000,00E09D14,?,00000000,00E09D38,?,00000000,00E09D5C), ref: 00E09CE7

Strings

P_, xrefs: 00E09A81
x_, xrefs: 00E099F3

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Virtual$FileProtectView$CloseCurrentFreeHandleObjectProcessSingleUnmapWait
String ID: P_$x_
API String ID: 4248623985-1109331037
Opcode ID: 1480cbef0daa2b0a629c42a44f0a34d261ae1ee5d193d9319095f54270b4b968
Instruction ID: 0f3c7bc274cc2b3144c2e24afc6284e662c799fbd10b6bef53e50ffbc3f622e7
Opcode Fuzzy Hash: 1480cbef0daa2b0a629c42a44f0a34d261ae1ee5d193d9319095f54270b4b968
Instruction Fuzzy Hash: F8D10474A042089FDB15DFA8D891A9EBBF6FB48310F5185A5F804A73A2D734ED81CF60

Function 00DE2FBC Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 214windowthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00DE0A48: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DE0AB8

GetCurrentThreadId.KERNEL32 ref: 00DE314D
IsDialogMessageW.USER32(?,?), ref: 00DE3179
TranslateMessage.USER32(?), ref: 00DE3183
DispatchMessageW.USER32(?), ref: 00DE3189
IsWindow.USER32(?), ref: 00DE3192
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00DE31A2

Strings

@, xrefs: 00DE3152

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Message$CreateCurrentDialogDispatchImageList_ThreadTranslateWindow
String ID: @
API String ID: 283055788-935976969
Opcode ID: ffc30d7eec46c8b56e595565ae7da5afe595394cf623a05a646b7ea1ba905bcf
Instruction ID: 27545e471e101bfbb79c6d9edf3dbd5a5d43ec4f3ec6d461b37306b1f9b05e02
Opcode Fuzzy Hash: ffc30d7eec46c8b56e595565ae7da5afe595394cf623a05a646b7ea1ba905bcf
Instruction Fuzzy Hash: 498193346043849FDB20EF6AC589BA9BBE5FF19310F448469F885DB251C775EA45CB30

Function 00E22468 Relevance: 16.5, Strings: 12, Instructions: 1456COMMON

Download Yara Rule

Strings

binary, xrefs: 00E23133
mad, xrefs: 00E22A3D
O, xrefs: 00E23845
boolean, xrefs: 00E2342F
folder, xrefs: 00E22525
profileRoot, xrefs: 00E22BBA
string, xrefs: 00E22FFE
E=, xrefs: 00E226A5, 00E226B8, 00E226A8
device, xrefs: 00E22629
integer, xrefs: 00E2328D
profile, xrefs: 00E22CFA
Df, xrefs: 00E23108

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID: Df$E=$binary$boolean$device$folder$integer$mad$profile$profileRoot$string$O
API String ID: 0-1066203500
Opcode ID: 092faa0afa0d4b0a0c08d80f3f9cdd0aa74012f4a845f0711092ce34aaf38a25
Instruction ID: f8cb100e581a34a852d014b9677552f857fc52a43ee4ed21e4e041610a859e78
Opcode Fuzzy Hash: 092faa0afa0d4b0a0c08d80f3f9cdd0aa74012f4a845f0711092ce34aaf38a25
Instruction Fuzzy Hash: B9D21D75A0016D9BDB90EB98DC92BDEB3B9EF44300F1091A1E119A7251DB34AF85DFB0

Function 00D69FB0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,?,?,00D6A2E7,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,00D6A3C5), ref: 00D69FCD
GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 00D69FDE
FindFirstFileW.KERNEL32(?,?,kernel32.dll,00000000,?,?,?,00D6A2E7,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?), ref: 00D6A0DE
FindClose.KERNEL32(?,?,?,kernel32.dll,00000000,?,?,?,00D6A2E7,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales,00000000,000F0019), ref: 00D6A0F0
lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,00000000,?,?,?,00D6A2E7,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales,00000000), ref: 00D6A0FC
lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,00000000,?,?,?,00D6A2E7,00000000,00D6A3A8,?,80000001,Software\Embarcadero\Locales), ref: 00D6A141

Strings

\, xrefs: 00D6A10E
GetLongPathNameW, xrefs: 00D69FD8
kernel32.dll, xrefs: 00D69FC8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 1930782624-3908791685
Opcode ID: 04fa535a11ec3cad9cbd372e3a0302695cac64ee2bb7bf01b3f886ab782bab2c
Instruction ID: 9179b7ef79f54acbbf231f42609c405b12f8dea158210154557fae0a85d9a1db
Opcode Fuzzy Hash: 04fa535a11ec3cad9cbd372e3a0302695cac64ee2bb7bf01b3f886ab782bab2c
Instruction Fuzzy Hash: 9541A331E006189BCB14DB98CC85AEEB3B9EF45310F1885A59584F7285E778AF448F76

Function 00E376F8 Relevance: 15.9, Strings: 12, Instructions: 887COMMON

Download Yara Rule

Strings

devices, xrefs: 00E37797
O, xrefs: 00E38273, 00E382AA, 00E3830D, 00E3835F, 00E383EC, 00E38417, 00E38445
$P, xrefs: 00E38432
Unnamed, xrefs: 00E37EE0
string, xrefs: 00E378B8, 00E37935, 00E38068, 00E3809E
edid, xrefs: 00E379BD, 00E37CC2
lQ, xrefs: 00E38140, 00E38187, 00E381D9
binary, xrefs: 00E37A2B, 00E37D30, 00E37E52, 00E37FBB
outputDevice, xrefs: 00E37DDE, 00E37DF8
identification, xrefs: 00E37DB0, 00E37F67, 00E38014
unknown, xrefs: 00E37F2C
edid, xrefs: 00E37DB5, 00E37F6C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID: $P$Unnamed$binary$devices$edid$edid$identification$lQ$outputDevice$string$unknown$O
API String ID: 0-3347041080
Opcode ID: acbb12a40faa4cfeed253813c8907cc1aeea52a239516f3a9f4d8d7ff17f20ad
Instruction ID: 391525302ca5e736b0de11aca05515bf2e05ec808c1a23e6233125af01f75719
Opcode Fuzzy Hash: acbb12a40faa4cfeed253813c8907cc1aeea52a239516f3a9f4d8d7ff17f20ad
Instruction Fuzzy Hash: E592E634A002198FCB14EF54C989ADDB7B5FF49314F5091A5E849B7361DB30AE8ACFA1

Function 00D7D8D0 Relevance: 14.5, Strings: 11, Instructions: 774COMMON

Download Yara Rule

Strings

else, xrefs: 00D7DDBC
; function entry point, xrefs: 00D7DA2E
L, xrefs: 00D7DA11, 00D7DB25, 00D7DD6A, 00D7DD9F, 00D7DFAE
dd loc_, xrefs: 00D7DB0E
do, xrefs: 00D7DD84
loc_, xrefs: 00D7DDC9
; case jump table, xrefs: 00D7DB42
[...], xrefs: 00D7E1F2
; ---------------------------------------------------------, xrefs: 00D7DA94, 00D7DBEE, 00D7DE8F, 00D7E14C
loc_, xrefs: 00D7D9E6, 00D7E00A
on , xrefs: 00D7DD5E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID: ; case jump table$ ; function entry point$ dd loc_$ else$ on $ do$ loc_$; ---------------------------------------------------------$[...]$loc_$L
API String ID: 0-1219745185
Opcode ID: 1966df25e524ddae3a204aa63e5b79c1921529c8be0af558acb068a7e97727c6
Instruction ID: 03892074a62a2e6cd0431b38f791a43bd90130742cf86538ae90e13977bd3c37
Opcode Fuzzy Hash: 1966df25e524ddae3a204aa63e5b79c1921529c8be0af558acb068a7e97727c6
Instruction Fuzzy Hash: B4620934A002099FDB11DF68C885B9DBBF6EF49314F24C095E908AB356E771ED85CBA0

Function 00DB5644 Relevance: 13.5, APIs: 9, Instructions: 47clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00000000), ref: 00DB564B
EmptyClipboard.USER32 ref: 00DB5654
CloseClipboard.USER32 ref: 00DB5659
OpenClipboard.USER32(00000000), ref: 00DB5660
GlobalAlloc.KERNEL32(00002002,-00000002,00000000,?,00000000,?,00DEF241,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DB567B
GlobalLock.KERNEL32(00000000,00002002,-00000002,00000000,?,00000000,?,00DEF241,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DB5683
GlobalUnlock.KERNEL32(00000000,00000000,00002002,-00000002,00000000,?,00000000,?,00DEF241,00000000,00DEF26B,?,?,?,?,00000000), ref: 00DB56AB
SetClipboardData.USER32(0000000D,00000000), ref: 00DB56B3
CloseClipboard.USER32 ref: 00DB56B8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Clipboard$Global$CloseOpen$AllocDataEmptyLockUnlock
String ID:
API String ID: 1883731453-0
Opcode ID: 19d23c07fd65b06ee5286df4c02060b09b6ca4d1e2282ac4ac5a39807e0e8858
Instruction ID: 24e67c5b530fcf4f5a1d90afc20e95b771389f5dfa1a71851306d42676f3af25
Opcode Fuzzy Hash: 19d23c07fd65b06ee5286df4c02060b09b6ca4d1e2282ac4ac5a39807e0e8858
Instruction Fuzzy Hash: 30F0FE92B8971577E51032FA6C83B7F518ECF90795F480021F916DA287EE98CC0152B6

Function 00E0623C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 124libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,00000000,00000000,00E063A9), ref: 00E0628B
GetProcAddress.KERNEL32(00000000,00000000), ref: 00E06291

Part of subcall function 00D6D4FC: AllocateAndInitializeSid.ADVAPI32(00E48558,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DC7BF0,?,00DB31C5,00000000,00000000), ref: 00D6D523

InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00E0635D
SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,?,00000000,?,00000001), ref: 00E0636B
FreeSid.ADVAPI32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00E063A9), ref: 00E0637A
FreeSid.ADVAPI32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00E063A9), ref: 00E06389

Strings

H\, xrefs: 00E06278

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: DescriptorFreeInitializeSecurity$AddressAllocateDaclLibraryLoadProc
String ID: H\
API String ID: 48143821-1531559508
Opcode ID: 7547af023e201d87ec4905923f8395eb4ea3df37e07f1379d6128c124e4fce2b
Instruction ID: d85d337db586bb084f6a3dffc4127ce58cc179a42e7443d6e6d6a7238068c2c3
Opcode Fuzzy Hash: 7547af023e201d87ec4905923f8395eb4ea3df37e07f1379d6128c124e4fce2b
Instruction Fuzzy Hash: 4A410A75E10208AFDB10EFE9D886BAEB7B9EF49304F108525F504F7291E77499458BB0

Function 00E38CF4 Relevance: 11.9, Strings: 9, Instructions: 642COMMON

Download Yara Rule

Strings

device, xrefs: 00E38E08
edid, xrefs: 00E38F6D, 00E39013
$P, xrefs: 00E39643
O, xrefs: 00E395B8, 00E395F5, 00E39656
devices, xrefs: 00E38D58, 00E38DA4
string, xrefs: 00E38FEF, 00E39095, 00E39194, 00E391CE, 00E39208, 00E39274, 00E392AE, 00E392E8
lQ, xrefs: 00E39409, 00E3942A, 00E3944B, 00E394FA, 00E3951B
binary, xrefs: 00E38FB5, 00E3905B
\P, xrefs: 00E39630

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID: $P$\P$binary$device$devices$edid$lQ$string$O
API String ID: 0-1332318530
Opcode ID: 185d84260ae5c0eddc7ff923ddbb92852d0e0703ddbee37863f40bed89942f27
Instruction ID: 0fe13ff854eab750a49e9bfd12cd6410921491c84a15f99917b5c728420ba835
Opcode Fuzzy Hash: 185d84260ae5c0eddc7ff923ddbb92852d0e0703ddbee37863f40bed89942f27
Instruction Fuzzy Hash: D552F834A00119CFCB14DB94C989ADDB7B5FF88314F5081A5E805B7766DB70AE8ACFA1

Function 00DCAAE0 Relevance: 10.7, APIs: 7, Instructions: 209networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011,00000000,00DCAE34), ref: 00DCAB3E
bind.WSOCK32(00000000,00000002,00000010), ref: 00DCAB72
htons.WSOCK32(00000035), ref: 00DCACC8
sendto.WSOCK32(00000000,?,00000005,00000000,00000002,00000010,00000035), ref: 00DCACFA
select.WSOCK32(00000000,00000001,00000000,00000000,00000005), ref: 00DCADD7
recvfrom.WSOCK32(00000000,?,00000200,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000005), ref: 00DCADF3
closesocket.WSOCK32(00000000,00000000,00000002,00000010), ref: 00DCAE00

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonsrecvfromselectsendtosocket
String ID:
API String ID: 2193960627-0
Opcode ID: 7b48bc4ff83ecbc37b41535fd7056da9b1e4d9395e15a579bdc7a735bee2f451
Instruction ID: 0b21bd8746c0cb748e439b349ba04359b47a7c28f9fabdfb366fa9748139bffe
Opcode Fuzzy Hash: 7b48bc4ff83ecbc37b41535fd7056da9b1e4d9395e15a579bdc7a735bee2f451
Instruction Fuzzy Hash: B5910C7094022E9BDB20EB18CD89BD9B7B8EF14304F5041E9E519A7292E774AF85CF71

Function 00DB7D50 Relevance: 10.1, Strings: 8, Instructions: 148COMMON

Download Yara Rule

Strings

HttpPassword, xrefs: 00DB7E07, 00DB7E6C
SmtpServer, xrefs: 00DB7DAC
BugTrAccount, xrefs: 00DB7EBA
HttpAccount, xrefs: 00DB7E45
SmtpAccount, xrefs: 00DB7DD0
HttpServer, xrefs: 00DB7E21, 00DB7E96
BugTrPassword, xrefs: 00DB7E7C, 00DB7EE1
SmtpPassword, xrefs: 00DB7D92, 00DB7DF7

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: BugTrAccount$BugTrPassword$HttpAccount$HttpPassword$HttpServer$SmtpAccount$SmtpPassword$SmtpServer
API String ID: 2826327444-2774208727
Opcode ID: f2360c869ad7ec89b617cace216d41b799f3ce602dd4bc9322901624df99b6b8
Instruction ID: be88a3f8e4de7349b5eb941118b11f98fb2984764417fe4133c04d501395ca13
Opcode Fuzzy Hash: f2360c869ad7ec89b617cace216d41b799f3ce602dd4bc9322901624df99b6b8
Instruction Fuzzy Hash: E051C834A0410EEBCF45EBD4C491AEEB7B9EF88314F604565E402B3295DB34AB4ACB75

Function 00D805A4 Relevance: 9.4, APIs: 6, Instructions: 421filememoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00004000,00001000,00000040,00000000,00D80A44), ref: 00D80709

Part of subcall function 00D7F088: WriteFile.KERNEL32(00000000,?,00000000,?,00000000,00100000,00000000), ref: 00D7F0E3

UnmapViewOfFile.KERNEL32(00000000), ref: 00D80A6C
UnmapViewOfFile.KERNEL32(00000000), ref: 00D80A81
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00D80A94
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00008000), ref: 00D80AD3
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00008000), ref: 00D80AE9

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Virtual$FileFree$UnmapView$AllocWrite
String ID:
API String ID: 639450980-0
Opcode ID: b2486fe395031f75f2e1ee533e6b3753b37381001f30b980f96c602227bc7476
Instruction ID: b93dce238b74c69baac88061c5fa8a337dbad1dda776e6b15a530b6c49cb8063
Opcode Fuzzy Hash: b2486fe395031f75f2e1ee533e6b3753b37381001f30b980f96c602227bc7476
Instruction Fuzzy Hash: E8126D74A002098FDB44DF99C685ADDBBF1AF4C304F2581A5E808AB366D776AE45CF60

Function 00E14070 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 443memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00001AA0,?,?,?,00000000,00E145ED,?,?,?,?,0000022A,00000000,00000000), ref: 00E1410E
EnumDisplayDevicesW.USER32(00000000,00000000,00000001,00000000), ref: 00E14219
LocalFree.KERNEL32(00000000,?,?,?,00000000,00E145ED,?,?,?,?,0000022A,00000000,00000000), ref: 00E14560

Strings

$M, xrefs: 00E14272, 00E14317
D@, xrefs: 00E142C9, 00E14394, 00E145D3

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$AllocDevicesDisplayEnumFree
String ID: $M$D@
API String ID: 510220458-1125412535
Opcode ID: c751b737effea83bd40eef873e6df4bd5a520f0c7dedb9281d0519332b82420a
Instruction ID: 0a5eee68bcf84049b67a747e954a86abeffe4b623bb2f88b18720dc988b8992d
Opcode Fuzzy Hash: c751b737effea83bd40eef873e6df4bd5a520f0c7dedb9281d0519332b82420a
Instruction Fuzzy Hash: 460228B1A001199FDB54DFA9D880BD9B3FAFB48704F1091A5E915EB391DB30EE85CB60

Function 00D92DD8 Relevance: 9.1, APIs: 6, Instructions: 72windowthreadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,?), ref: 00D92DEB
GetCurrentProcessId.KERNEL32(?,?), ref: 00D92DF0
IsWindowVisible.USER32(?), ref: 00D92DFF
IsIconic.USER32(?), ref: 00D92E09
GetWindowRect.USER32(?,?), ref: 00D92E24
OffsetRect.USER32(?,?,?), ref: 00D92E48

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$ProcessRect$CurrentIconicOffsetThreadVisible
String ID:
API String ID: 3306312098-0
Opcode ID: b4536166430b24f56d80325082e8794f045da90fcbbb6c8efc3c39a6b7c1ea20
Instruction ID: cbf81082d652569985fd909b8085ce7d0764d34a3d22720d2c36bec363da9ef9
Opcode Fuzzy Hash: b4536166430b24f56d80325082e8794f045da90fcbbb6c8efc3c39a6b7c1ea20
Instruction Fuzzy Hash: F021B970A0060AAB8F20DE68D9C18AFB3F9EF543507604A55F866D7645D730EE458BB1

Function 00D9A438 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00D9A493
FindResourceW.KERNEL32(00000000,00000000), ref: 00D9A4CA
FindResourceA.KERNEL32(00000000,00000000), ref: 00D9A511

Strings

TME, xrefs: 00D9A4FD
TME, xrefs: 00D9A4B6, 00D9A54C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FindResource$Version
String ID: TME$TME
API String ID: 3530931182-1856497155
Opcode ID: 005dfb8c384836a2587aaed118cfc85ecd9229d935e3af04366d5ec1b57675d8
Instruction ID: e6f0af93af8f8e36660e02d1f920be3fba68ce5ae220ff6aa8a9549f7ec4664c
Opcode Fuzzy Hash: 005dfb8c384836a2587aaed118cfc85ecd9229d935e3af04366d5ec1b57675d8
Instruction Fuzzy Hash: 6B512D75B042099FDF00EBA8C891AAEB3F9EF49304F214565E805A7351DB74AE06CBB1

Function 00D8AC24 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,?,?,00000000,?,00D8AEF1,00000000,?,00000104), ref: 00D8AC8B
FindFirstFileA.KERNEL32(00000000,?,?,?,?,00000000,?,00D8AEF1,00000000,?,00000104), ref: 00D8ACBC
FindFirstFileW.KERNEL32(00000000,?,?,?,?,00000000,?,00D8AEF1,00000000,?,00000104), ref: 00D8ACD2
FindClose.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00D8AEF1,00000000,?,00000104), ref: 00D8ACD8

Strings

$M, xrefs: 00D8AC77

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$FileFirst$CloseVersion
String ID: $M
API String ID: 572644041-4012774626
Opcode ID: 1b07a55c8499c5e2f5526b4108a69f5c7f44479f61d2b37a26d42617d0dcb1c9
Instruction ID: 7d1bd518eced74c860974b193da8b4aadfddb74855f95c2902e204ff82a58e35
Opcode Fuzzy Hash: 1b07a55c8499c5e2f5526b4108a69f5c7f44479f61d2b37a26d42617d0dcb1c9
Instruction Fuzzy Hash: C741C374A046159FCB14EF69D880AA973F9FB48305F1148EAE905D73A1EB30ED06CB71

Function 00D92E8C Relevance: 7.5, APIs: 5, Instructions: 48windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00D92E99
IsIconic.USER32 ref: 00D92EA3
GetWindowRect.USER32(?,?), ref: 00D92EB1
OffsetRect.USER32(?,?,?), ref: 00D92EE1
CreateRectRgnIndirect.GDI32(?), ref: 00D92EEA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Rect$Window$CreateIconicIndirectOffsetVisible
String ID:
API String ID: 3025739543-0
Opcode ID: 9b2551de90eada7e87bf009a62ddaff601695be0ac6f9f85fe53331bebe8763d
Instruction ID: 55c7003f05b5734c0e7f2e8ee493a9663a87adcfd615c22269cebce6874867a2
Opcode Fuzzy Hash: 9b2551de90eada7e87bf009a62ddaff601695be0ac6f9f85fe53331bebe8763d
Instruction Fuzzy Hash: 7E019671B00159AB8B10DBA9DCC5CBBB3EDEF04361B554955FD19D7241D630ED0087B0

Function 00D74EA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D75176), ref: 00D74EFA

Strings

,M, xrefs: 00D74F8A, 00D74FCE, 00D74FF0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version
String ID: ,M
API String ID: 1889659487-3747503907
Opcode ID: 1859f6fbecb5138a4ffd218e186fdcf4cc077eb1b49b3e77c83cf998230d13d4
Instruction ID: 2f321119aa4a1951bbeeadcaff53f8d31e0835ff47ebd558e3a3b8efae541ab5
Opcode Fuzzy Hash: 1859f6fbecb5138a4ffd218e186fdcf4cc077eb1b49b3e77c83cf998230d13d4
Instruction Fuzzy Hash: 84715F34A04618DFDB20EFA8D845B9DB3B5EF48300F6082A5E40CA7395EB719E45DB76

Function 00D75460 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D7571B), ref: 00D754B4

Strings

,M, xrefs: 00D75545, 00D75589, 00D755AB, 00D755CD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version
String ID: ,M
API String ID: 1889659487-3747503907
Opcode ID: f60ae5873516fc083c54cb695c506738277535659e6e51b188b8e471ff76dfd5
Instruction ID: 3af93c1e617bd4d09a0b886882b3d49b8709ac2522a1accddb426931d140ef52
Opcode Fuzzy Hash: f60ae5873516fc083c54cb695c506738277535659e6e51b188b8e471ff76dfd5
Instruction Fuzzy Hash: EA718330A04608DFDB10EF98DC85A9DB3F6EF48314F2082A5A418A7395EB719E45DF71

Function 00D720DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000001,00D6F784,-00000006,00DB75D2,00000000,00000000,00000000,00000000,00000000,00000000,00D6F784,00000001,00000000,00000000,00000000), ref: 00D72109
GetModuleHandleW.KERNEL32(kernel32.dll,MultiByteToWideChar,?,00000001,00D6F784,-00000006,00DB75D2,00000000,00000000,00000000,00000000,00000000,00000000,00D6F784,00000001,00000000), ref: 00D7211F

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Strings

kernel32.dll, xrefs: 00D7211A
MultiByteToWideChar, xrefs: 00D72115

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID: MultiByteToWideChar$kernel32.dll
API String ID: 3310240892-2998143648
Opcode ID: 23972fe10071bab1e886c0654873fe994f5d8a6b31dc47b18f640fac61871d9d
Instruction ID: 05249e2eccd452da315c9c3a3943a287d30c5e6b1713ef13630c3beb445ee37f
Opcode Fuzzy Hash: 23972fe10071bab1e886c0654873fe994f5d8a6b31dc47b18f640fac61871d9d
Instruction Fuzzy Hash: 38315E30748642DBD310FB6DD886A3EA2E4EF44344F508A2DF489D7222EE74DD81877A

Function 00D8AB24 Relevance: 6.1, APIs: 4, Instructions: 68fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D8AC16,?,?,00000000,?,00D8AF2B,00000000,00000001,00000000,00000000,00000000,00000000,?,00000104), ref: 00D8AB4A
FindFirstFileA.KERNEL32(00000000,00DB670D,00000000,00D8AC16,?,?,00000000,?,00D8AF2B,00000000,00000001,00000000,00000000,00000000,00000000,?), ref: 00D8AB7C
FindFirstFileW.KERNEL32(00000000,00DB670D,00000000,00D8AC16,?,?,00000000,?,00D8AF2B,00000000,00000001,00000000,00000000,00000000,00000000,?), ref: 00D8AB93
FindClose.KERNEL32(00000000,00000000,00DB670D,00000000,00D8AC16,?,?,00000000,?,00D8AF2B,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00D8AB99

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$FileFirst$CloseVersion
String ID:
API String ID: 572644041-0
Opcode ID: 6aeaef0a397ce8892795ab48ddafa3edf68e5e5b8be55906824ded64adfd173f
Instruction ID: 1d00965685aca13d67c8e96b0b502011d73b193485bae15161af89c6da26ee51
Opcode Fuzzy Hash: 6aeaef0a397ce8892795ab48ddafa3edf68e5e5b8be55906824ded64adfd173f
Instruction Fuzzy Hash: 9C21C570A046089FDB14EF58DC91AA9B3F9EB48305F1045E6E505E33A1EB34AE44CF75

Function 00DC32D0 Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DC3384), ref: 00DC32F2
FindFirstFileW.KERNEL32(00000000,?,00000000,00DC3384), ref: 00DC330D
FindFirstFileA.KERNEL32(00000000,?,00000000,00DC3384), ref: 00DC3339
FindClose.KERNEL32(00000000,00000000,?,00000000,00DC3384), ref: 00DC3344

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$FileFirst$CloseVersion
String ID:
API String ID: 572644041-0
Opcode ID: ad1bdd5c24d1d45fc4069488f3f95badf73d49f32cc2f441ac3cab9673aa1dd3
Instruction ID: 0d0e05851f9bd53160e18665a54e0376ab6403d3584589d62e2847a7abc2892d
Opcode Fuzzy Hash: ad1bdd5c24d1d45fc4069488f3f95badf73d49f32cc2f441ac3cab9673aa1dd3
Instruction Fuzzy Hash: DB11E330A046595FCB10EBA4CC81AADF3A9EF44305F5042B9A009E3091EE349E898A34

Function 00D88E9C Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D88F50,?,00000000,?,00D88FD2,?,?,00D6F4EC,00000000), ref: 00D88EBE
FindFirstFileA.KERNEL32(00000000,?,00000000,00D88F50,?,00000000,?,00D88FD2,?,?,00D6F4EC,00000000), ref: 00D88EEF
FindFirstFileW.KERNEL32(00000000,?,00000000,00D88F50,?,00000000,?,00D88FD2,?,?,00D6F4EC,00000000), ref: 00D88F05
FindClose.KERNEL32(00000000,00000000,?,00000000,00D88F50,?,00000000,?,00D88FD2,?,?,00D6F4EC,00000000), ref: 00D88F22

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$FileFirst$CloseVersion
String ID:
API String ID: 572644041-0
Opcode ID: 7a2dbe2fbb067a787df7e55d8117c2f7643a9a1ad8bdd076a94249dae5443144
Instruction ID: 132fae51b6ff062f23f54834e3e1d67d297426c063aa7e51ba2f0c581e29c442
Opcode Fuzzy Hash: 7a2dbe2fbb067a787df7e55d8117c2f7643a9a1ad8bdd076a94249dae5443144
Instruction Fuzzy Hash: 00118670A046089FDB10EF65DC45B9DF3E9EF88305F6085A5E508E3291EE349D449B74

Function 00DE3B00 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 448COMMON

Download Yara Rule

APIs

Part of subcall function 00DB30A0: GetSystemTime.KERNEL32(?), ref: 00DB30A8
Part of subcall function 00DB30A0: SystemTimeToFileTime.KERNEL32(?,?,?), ref: 00DB30B7

GetModuleHandleW.KERNEL32(00000000), ref: 00DE3D0F
GetModuleHandleW.KERNEL32(00000000), ref: 00DE3FDC

Strings

T, xrefs: 00DE3E4B, 00DE3EE0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Time$HandleModuleSystem$File
String ID: T
API String ID: 2120564603-2757253332
Opcode ID: ec37aef261877295895ee2b24db5e69c282a8501fce09d67c0ab7c6a3279215a
Instruction ID: e18a797199a0f672bff9952e3d198b52a77b9f5aa43c9aed445331b0b04c3e4e
Opcode Fuzzy Hash: ec37aef261877295895ee2b24db5e69c282a8501fce09d67c0ab7c6a3279215a
Instruction Fuzzy Hash: 15023C74A001899FDB14EFA5C489BAEB7B6FF45300F1481A5E855EB252CB30EE49CB71

Function 00D69B54 Relevance: 4.6, APIs: 3, Instructions: 99COMMON

Download Yara Rule

APIs

IsValidLocale.KERNEL32(?,00000002,00000000,00D69CB9,?,00000000,?,00000000), ref: 00D69BFE
GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,00D69CB9,?,00000000,?,00000000), ref: 00D69C1A
GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,00D69CB9,?,00000000,?,00000000), ref: 00D69C2B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Locale$Info$Valid
String ID:
API String ID: 1826331170-0
Opcode ID: e4143d5a73a0eb175427f0b4a19ad5ee4a28bd5603e8a3fb4ceebe41e8a7495b
Instruction ID: 4ad9ead703a76171e1962d3e5eaccdd01851bb85aa38aae22dd81543642a5048
Opcode Fuzzy Hash: e4143d5a73a0eb175427f0b4a19ad5ee4a28bd5603e8a3fb4ceebe41e8a7495b
Instruction Fuzzy Hash: 4131BE74A04608EFDF20DF58ECA1BEEB7BDEB44705F1101A5A509A3290DB315E85DE35

Function 00DE52D0 Relevance: 4.6, APIs: 3, Instructions: 54COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DE5393,?,00000000,?,00DE6ABD,?,00000000,00DE6AD8,?,?,\CurrentVersion,?,Software\Microsoft\Windows,?,00000000), ref: 00DE52F9
GetLocaleInfoW.KERNEL32(00000800,00001001,?,00000104,00000000,00DE5393,?,00000000,?,00DE6ABD,?,00000000,00DE6AD8,?,?,\CurrentVersion), ref: 00DE531B
GetLocaleInfoA.KERNEL32(00000800,00001001,?,00000104,00000000,00DE5393,?,00000000,?,00DE6ABD,?,00000000,00DE6AD8,?,?,\CurrentVersion), ref: 00DE534E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: InfoLocale$Version
String ID:
API String ID: 2864024938-0
Opcode ID: 18cea09d1721090ad49304da10949adfd89e752894fc42ad4c80061daeb3edd6
Instruction ID: da64173ffcbc3c05a7a0fe09d3419d0819f77f3403106d097e2d326a1b6b8c0d
Opcode Fuzzy Hash: 18cea09d1721090ad49304da10949adfd89e752894fc42ad4c80061daeb3edd6
Instruction Fuzzy Hash: 9711C8707447485FE720FA65DC86BD9B369EF48740F4144B1F918D22D6EAF09D848A71

Function 00DE63E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceA.KERNEL32(00000000,?,00000104,?,?,00000000,00DE6520,?,?,00D6F2B4,00000000), ref: 00DE647D

Strings

:) , xrefs: 00DE64CB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: DiskFreeSpace
String ID: :)
API String ID: 1705453755-2845116023
Opcode ID: 6a040709403006669a7a39bf4c0762c783fc059226e6dc4c8601a363696257cb
Instruction ID: 940846fdacc516a651fdc7da38ce9164f76961c5eaf996b85052f356c907b73a
Opcode Fuzzy Hash: 6a040709403006669a7a39bf4c0762c783fc059226e6dc4c8601a363696257cb
Instruction Fuzzy Hash: D741F771A0410CAFDB04EFA9EC819EEB7B9EF88354F10852AF405E3255DA35EA058B74

Function 00E133A4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,00E13408,00000000,00000000,00E133FB), ref: 00E133DE

Strings

(@, xrefs: 00E133BB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CreateInstance
String ID: (@
API String ID: 542301482-3635683646
Opcode ID: ae9b9e12882f9d4adb7390313f4d4d81055c5ddb640c3253cb939baf8dcf9f7f
Instruction ID: 10c48713430d3042de90d2d99b35bdd91904254446aac505e7ac5f2870adc8c1
Opcode Fuzzy Hash: ae9b9e12882f9d4adb7390313f4d4d81055c5ddb640c3253cb939baf8dcf9f7f
Instruction Fuzzy Hash: 35E09B753447047FE215B7798D13EBA77DCD749B00B420461B814A3681E9A46C51C57A

Function 00D74BE8 Relevance: 3.2, APIs: 2, Instructions: 173fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00D74D16
FindClose.KERNEL32(00000000,00000000,?), ref: 00D74D21

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: c2540bcbde54f4cb3a051e9bf29bc0a071284e61f251a41d50f0ad5280024438
Instruction ID: 1521c4ee63d025fd457b5aee8221195f9438746f8a2351d67d5410fbe6a21e56
Opcode Fuzzy Hash: c2540bcbde54f4cb3a051e9bf29bc0a071284e61f251a41d50f0ad5280024438
Instruction Fuzzy Hash: 29617430A04248DFDB22EF98CC85BDDB7B6EF48324F208195B558A7391EB759E458B70

Function 00D751B4 Relevance: 3.2, APIs: 2, Instructions: 167fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00D752FE
FindClose.KERNEL32(00000000,00000000,?), ref: 00D75309

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 0276a1546e4376eed4c6ae9861462d840601bc880317ace5690b9d7934a15494
Instruction ID: 71222f991e87930e8d0f6fbf7f4047fd6862561b8910e12bf66e47f292166478
Opcode Fuzzy Hash: 0276a1546e4376eed4c6ae9861462d840601bc880317ace5690b9d7934a15494
Instruction Fuzzy Hash: 9B618530A04649DFDB10EF98DC81A9DB3B6EF48314F2082A5F418A7399DBB59E45CB71

Function 00D6A6B4 Relevance: 3.1, APIs: 2, Instructions: 63COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,00D6A774,?,?), ref: 00D6A6E6
GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,00D6A774,?,?), ref: 00D6A6EF

Part of subcall function 00D6A57C: FindFirstFileW.KERNEL32(00000000,?,00000000,00D6A5DA,?,00000001,?,00D6A670,?,00000000,00D6A6A3,?,00000000,?,?), ref: 00D6A5AF
Part of subcall function 00D6A57C: FindClose.KERNEL32(00000000,00000000,?,00000000,00D6A5DA,?,00000001,?,00D6A670,?,00000000,00D6A6A3,?,00000000,?,?), ref: 00D6A5BF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
String ID:
API String ID: 3216391948-0
Opcode ID: b60175beaf9c7c419415ea07292cad4a707f93b9aebf9bd67b4b9083e8c214ac
Instruction ID: f3f3ff333bad633a392e3aa548d1be77ee621b7f6593c3175d35657781c2e972
Opcode Fuzzy Hash: b60175beaf9c7c419415ea07292cad4a707f93b9aebf9bd67b4b9083e8c214ac
Instruction Fuzzy Hash: A6115174A046099FDF00EFA8C982AADB3B9EF48300F504575B905F7292DB74AE05DA72

Function 00D6A57C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00D6A5DA,?,00000001,?,00D6A670,?,00000000,00D6A6A3,?,00000000,?,?), ref: 00D6A5AF
FindClose.KERNEL32(00000000,00000000,?,00000000,00D6A5DA,?,00000001,?,00D6A670,?,00000000,00D6A6A3,?,00000000,?,?), ref: 00D6A5BF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 69bddf5c8517209bf16b37776516ab789aba34b2ee411275bd7c662e7dc7c0fb
Instruction ID: 342e5cab30066fe0868e3832984969b545a7757eee10abcba39a1bc3bf92f987
Opcode Fuzzy Hash: 69bddf5c8517209bf16b37776516ab789aba34b2ee411275bd7c662e7dc7c0fb
Instruction Fuzzy Hash: 7FF08271544A09AFC750FBBCCD6285EB7ACEB4831075106A1F445E2591EB349F049935

Function 00D716F8 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(0000000E,00000000,00000002,?,00D71BD8,-00000004,00000000,?,00000064,00000000,00000400,00000000,00000000,00D71C3D,?,?), ref: 00D7170C
GetLocaleInfoW.KERNEL32(00000000,0000000E,00000000,00000002,?,00D71BD8,-00000004,00000000,?,00000064,00000000,00000400,00000000,00000000,00D71C3D), ref: 00D71712

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Locale$InfoThread
String ID:
API String ID: 4232894706-0
Opcode ID: 71205eaad78019927405f8c09e69e0f51d6c011b014da61e7b76ded1daf6d615
Instruction ID: b6fa87a601a348c5ca380fd4bbfd04f0718dd860af2defe9e08cbaee1cd9b3fb
Opcode Fuzzy Hash: 71205eaad78019927405f8c09e69e0f51d6c011b014da61e7b76ded1daf6d615
Instruction Fuzzy Hash: 6DE0EC8C720290E9D2045BAAAD06B3532A89BD5741F10E50AB5C4EA1E1F374C88FDB36

Function 00DA89FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00DA8A1A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: fe740441e22f9f9929217efec7d22d12b13fc3ec3481919ab3c6cfbb16d35074
Instruction ID: bf0808f19b4860f267f8f59013125a50b4e1ba29b27613b7860ceb59b4ddd588
Opcode Fuzzy Hash: fe740441e22f9f9929217efec7d22d12b13fc3ec3481919ab3c6cfbb16d35074
Instruction Fuzzy Hash: 34E0D83170421817D314A55C9C8ADF6735CE748340F40417BBD05C7343ED649D4487F5

Function 00D6D4FC Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(00E48558,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DC7BF0,?,00DB31C5,00000000,00000000), ref: 00D6D523

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AllocateInitialize
String ID:
API String ID: 220217950-0
Opcode ID: b474369f7a59c677b5646b4489c5c675a2e4eae391c5e62dd9bb76be8384dbe5
Instruction ID: d1b0da0cd127826aa4fc3af356c4f6e062bbe87ce40770cafef7c7732479b8da
Opcode Fuzzy Hash: b474369f7a59c677b5646b4489c5c675a2e4eae391c5e62dd9bb76be8384dbe5
Instruction Fuzzy Hash: CEE009B2200309BB9B00DE8ADDC1CABB7ACFB4C254B848105BB1C97202C635BC608B70

Function 00DABDB4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(00DABB5C,00000002,?,?,00DAC135,00DA8EC1,?,00000000,00DA8F02,?,?,?,00000000,00000000), ref: 00DABDE1

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: ca76b8b35e16a75fc3bbc922839622ac5daac88d0deef6918c6ad5bb3d42251f
Instruction ID: edc19272abf12787b39b3c215d94e63c8bb05bc5451ae632207e1ab810db9916
Opcode Fuzzy Hash: ca76b8b35e16a75fc3bbc922839622ac5daac88d0deef6918c6ad5bb3d42251f
Instruction Fuzzy Hash: 97E0865274161057C120B7B91C43B597941CF43BB1F0C8131B4598B39BEB1A4C4603F7

Function 00DA8A48 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,00DA8B4A,?,00000001,00000000,00DA8D59), ref: 00DA8A5B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 500d50f40283ae161a360119571d00a9f5b0bdcce6ed3ba042efd82b13b5e5e9
Instruction ID: f94068bac3e9f48c013c9005b464d0a031daaa4ca5a0b939ba989622a4af487d
Opcode Fuzzy Hash: 500d50f40283ae161a360119571d00a9f5b0bdcce6ed3ba042efd82b13b5e5e9
Instruction Fuzzy Hash: DCD05EA73092206AE310525B6D45D7766DCCBC9B61F144437BA49C6142D610CC05E371

Function 00DABB78 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000400,?,00DABC2E,?,00000000,00DABD7B), ref: 00DABB93

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e6eb43bb6bb9fa6d0b60548e1ef99d6a4681700835a5e1f157de6a2cc22134c7
Instruction ID: 50fdbe9fa85c241acbafa7193e9899f977e29bfa4aea1dc53d394ae79f84d4d0
Opcode Fuzzy Hash: e6eb43bb6bb9fa6d0b60548e1ef99d6a4681700835a5e1f157de6a2cc22134c7
Instruction Fuzzy Hash: 07D0A7D1F1420017E20462589C42B663288DBC8710F10412C7788C73C0EE7C6805E2BA

Function 00DEF5C0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(FFFFFFFF,00DF25A8), ref: 00DEF5CF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 5b01e40d3eeb6dfbebd54f7937cbaa6c43d444735ba25783cd281306dc80b385
Instruction ID: 926af9d65307c485ec4da08b909719d5bf948c2b9dcda36c38c64d272bed34d4
Opcode Fuzzy Hash: 5b01e40d3eeb6dfbebd54f7937cbaa6c43d444735ba25783cd281306dc80b385
Instruction Fuzzy Hash: 95C09B785207418F8520EF6FED0842D322CE34333AB9A43545074561F4DFB4440B8F20

Function 00D7C344 Relevance: .5, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f80b2c067e7a6005cd43b21fd50e578f8091455ef3b1e1f5aa2a0d983d75987
Instruction ID: 374677be95f3d9ef3b094d4b5fbbb51d0d476f3d567ab7fe3a0c785b8c8e303f
Opcode Fuzzy Hash: 6f80b2c067e7a6005cd43b21fd50e578f8091455ef3b1e1f5aa2a0d983d75987
Instruction Fuzzy Hash: 4A123675A102458FCB14DF68C8C0AAAB7F2FF48314F19D599E8489B356E635EC91CBB0

Function 00D82380 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15e0019ee402848dca44b61e7016466971f3e1d54386c4b85e1c281bad740c4a
Instruction ID: 5d7b84a5787a4eca6c762b15a6a074d02f2971adc1829923667d46b78297739e
Opcode Fuzzy Hash: 15e0019ee402848dca44b61e7016466971f3e1d54386c4b85e1c281bad740c4a
Instruction Fuzzy Hash: 1102C279E0420ADFCB00EFA9C884AADBBF0FF18320F6445A5E455A7351D734AA81DB74

Function 00D79978 Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a40274f2d29d1a74b6ca762f585fdf450ac5d6becda12fafb2b76bc590adda
Instruction ID: 1d492e421b1d81f916ea9b90afe11e4dc196490a24cd1cf5563aab006393c83d
Opcode Fuzzy Hash: 98a40274f2d29d1a74b6ca762f585fdf450ac5d6becda12fafb2b76bc590adda
Instruction Fuzzy Hash: 71F1E6766012059FDB19CF18C494A69BBE2FF5A360F59C194F8898F365E331ED81CBA0

Function 00D83AB8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae2de1681d9689ed1c77b6eff1f395c006368939f883ea06a88fdca8d23db8c
Instruction ID: 127b8c27db6f17920af90e0c54a352835935fb2c8abbfe8a03a69d798b2fc4c5
Opcode Fuzzy Hash: dae2de1681d9689ed1c77b6eff1f395c006368939f883ea06a88fdca8d23db8c
Instruction Fuzzy Hash: B7E1FD34D843A59BCB11CFE9D8D07DDFBB0BF09218F8D40E5DA902B242C2792655DBA0

Function 00E045C4 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b2bf2c4d82134d03f625000b65d9ea2b8e101618740db382af5203ae3140dd
Instruction ID: c095a9dd6ee983274503a082a8bd9af774414bb9028900f05c7a91342d5148c8
Opcode Fuzzy Hash: 25b2bf2c4d82134d03f625000b65d9ea2b8e101618740db382af5203ae3140dd
Instruction Fuzzy Hash: 2F81C3F0A046599BCB01EFA5C941ADEBBF6EF85314F0481A1B914A32D2D734DE46CBB0

Function 00D68E64 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
Instruction ID: 4195e7644d309be7d497738a856e3ea7bc6bc8a5f57b147909453ea3e9d16327
Opcode Fuzzy Hash: d17ffc1b7c175c9f3f133bcf490b3ef334a0cf6f2a578ee1034f9dfeca47056c
Instruction Fuzzy Hash: 5C01C432B003114B870CDD3E8D9862AB6D3ABD8A10F09C73DA589C72C5CD328C1AC292

Function 00D64E11 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32039d76743bf9929dbf80f13515612f9cf38f44979065636af7e65e121ceabf
Instruction ID: 0f396184c0176e8712e351fcdf50b44bbd39b01f86c21aefeda6d2c049e03477
Opcode Fuzzy Hash: 32039d76743bf9929dbf80f13515612f9cf38f44979065636af7e65e121ceabf
Instruction Fuzzy Hash: 46010875E01209EFCB40DFA8C68199DBBF4FB09754B2084A6E905EB321E330EE40DB60

Function 00E060CC Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3753c12dfbfd1e8008c1ac2dc164cbe8468e8205f996927c679d0fe71f725b6
Instruction ID: ebe4e8701b0a1ecdffcf06b84f7ced5cca888910c463909fd9407404b9c6269f
Opcode Fuzzy Hash: e3753c12dfbfd1e8008c1ac2dc164cbe8468e8205f996927c679d0fe71f725b6
Instruction Fuzzy Hash: A5D012AA35810117F73A842CECE4797414BE748320F605C39B002FBFC1C05ECDE48224

Function 00DB4254 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10ca49d9affa38cc4837aeb61dc94420c8f6f6db2e4404334351f0f17eca80b1
Instruction ID: c5b9fb8ce78d68670dbb561a1aa0215708c896c22371a0267475085537edffbe
Opcode Fuzzy Hash: 10ca49d9affa38cc4837aeb61dc94420c8f6f6db2e4404334351f0f17eca80b1
Instruction Fuzzy Hash: 41A00271351880DFCF5BCB2CC5B0B24B3F5FB85B48F1804EC9007C7A51D6296910CA04

Function 00DD9D0C Relevance: 65.2, APIs: 34, Strings: 3, Instructions: 404windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32(00000000), ref: 00DD9D83
PrintDlgW.COMDLG32(00000042), ref: 00DD9DB2
SetMapMode.GDI32(?,00000001), ref: 00DD9DC5
GetDeviceCaps.GDI32(?,0000000A), ref: 00DD9DD0
GetDeviceCaps.GDI32(?,00000006), ref: 00DD9DDD
GetDeviceCaps.GDI32(?,00000071), ref: 00DD9DEA
GetDeviceCaps.GDI32(?,00000008), ref: 00DD9E18
GetDeviceCaps.GDI32(?,00000004), ref: 00DD9E25
GetDeviceCaps.GDI32(?,00000070), ref: 00DD9E32
GetDeviceCaps.GDI32(?,00000070), ref: 00DD9E5B
GetDeviceCaps.GDI32(?,0000005A), ref: 00DD9EA4
CreateFontA.GDI32(00000000,?,0000005A,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00DD9EBA
SelectObject.GDI32(?,00000000), ref: 00DD9ED0
GetTextMetricsW.GDI32(?,?), ref: 00DD9EEA
GetVersion.KERNEL32 ref: 00DD9F27
GetVersion.KERNEL32 ref: 00DD9F51
StartDocW.GDI32(?,?), ref: 00DD9F68
GetVersion.KERNEL32 ref: 00DD9F71
StartDocA.GDI32(?,?), ref: 00DD9F8C
StartPage.GDI32(?), ref: 00DD9F9D
GetVersion.KERNEL32 ref: 00DDA04F
DrawTextW.USER32(?,00000000,00000000,?,00000610), ref: 00DDA07D
DrawTextA.USER32(?,00000000,00000000,?,00000610), ref: 00DDA0D2
EndPage.GDI32(?), ref: 00DDA0EE
StartPage.GDI32(?), ref: 00DDA0F7
OffsetRect.USER32(?,?,?), ref: 00DDA10B
GetVersion.KERNEL32(?,?,?,?,00000000,00000000,?,00000610), ref: 00DDA110
DrawTextW.USER32(?,00000000,00000000,?,00000210), ref: 00DDA13E
DrawTextA.USER32(?,00000000,00000000,?,00000210), ref: 00DDA193
EndPage.GDI32(?), ref: 00DDA1AF
EndDoc.GDI32(?), ref: 00DDA1B8
SelectObject.GDI32(?,00000000), ref: 00DDA1CB
DeleteObject.GDI32(00000000), ref: 00DDA1DA
DeleteDC.GDI32(?), ref: 00DDA1E3

Strings

,M, xrefs: 00DD9FC5
Courier New, xrefs: 00DD9E7E
B, xrefs: 00DD9D9A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CapsDevice$TextVersion$DrawPageStart$Object$DeleteSelect$BeepCreateFontMessageMetricsModeOffsetPrintRect
String ID: ,M$B$Courier New
API String ID: 139902849-3881304278
Opcode ID: 7bb52f8367c04eee5939bbde0354981132e68706776261d7f41eff89550c20cd
Instruction ID: 8dbad7237ae5b1f27fd92dec718652246a5c5fef643c9878a383d79a83980e28
Opcode Fuzzy Hash: 7bb52f8367c04eee5939bbde0354981132e68706776261d7f41eff89550c20cd
Instruction Fuzzy Hash: 17E1EA71F40208AFDB10EBA8DC85BDEB7FAEF58300F544566F508E7291DA74AA448B71

Function 00E11E90 Relevance: 63.2, APIs: 2, Strings: 34, Instructions: 202libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(atiadlxx.dll,?,?,00E125F4), ref: 00E11EC1
LoadLibraryW.KERNEL32(atiadlxy.dll,atiadlxx.dll,?,?,00E125F4), ref: 00E11ED1

Strings

ADL2_Display_Modes_Set, xrefs: 00E1212D
ADL2_Adapter_AdapterInfo_Get, xrefs: 00E11F49
ADL2_Display_ModeTimingOverride_Get, xrefs: 00E120EE
B, xrefs: 00E12089
ADL2_Adapter_NumberOfAdapters_Get, xrefs: 00E11F30
ADL2_DFP_PixelFormat_Caps, xrefs: 00E12011
ADL2_Display_CustomizedMode_Validate, xrefs: 00E120C0
ADL2_Display_DisplayInfo_Get, xrefs: 00E11F62
ADL2_Display_ModeTimingOverride_Set, xrefs: 00E12103
ADL2_Display_SupportedPixelFormat_Get, xrefs: 00E11FC6
ADL2_Display_PixelFormat_Set, xrefs: 00E11FF8
ADL2_Display_PixelClockCaps_Get, xrefs: 00E12176
ADL2_Display_ModeTimingOverrideList_Get, xrefs: 00E120D9
ADL2_Main_Control_Destroy, xrefs: 00E11F17
ADL2_Display_CustomizedModeList_Get, xrefs: 00E12075
ADL2_Display_CustomizedMode_Delete, xrefs: 00E120A7
ADL2_Display_CustomizedModeListNum_Get, xrefs: 00E1205C
ADL2_Display_CurrentPixelClock_Get, xrefs: 00E12165
ADL2_Display_EdidData_Get, xrefs: 00E11F94
atiadlxy.dll, xrefs: 00E11ECC
ADL2_DFP_PixelFormat_Set, xrefs: 00E12043
ADL2_DFP_PixelFormat_Get, xrefs: 00E1202A
atiadlxx.dll, xrefs: 00E11EBC
ADL2_Display_CustomizedMode_Add, xrefs: 00E1208E
ADL2_Display_PixelFormat_Get, xrefs: 00E11FDF
ADL2_Main_Control_Refresh, xrefs: 00E11EFE
ADL2_Display_Modes_Get, xrefs: 00E12118
ADL2_Display_DDCBlockAccess_Get, xrefs: 00E11F7B
ADL2_Display_Size_Get, xrefs: 00E11FAD
B, xrefs: 00E120A2
ADL2_Display_PixelClockAllowableRange_Set, xrefs: 00E12187
B, xrefs: 00E12057
B, xrefs: 00E12070
ADL2_Main_Control_Create, xrefs: 00E11EE5

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: ADL2_Adapter_AdapterInfo_Get$ADL2_Adapter_NumberOfAdapters_Get$ADL2_DFP_PixelFormat_Caps$ADL2_DFP_PixelFormat_Get$ADL2_DFP_PixelFormat_Set$ADL2_Display_CurrentPixelClock_Get$ADL2_Display_CustomizedModeListNum_Get$ADL2_Display_CustomizedModeList_Get$ADL2_Display_CustomizedMode_Add$ADL2_Display_CustomizedMode_Delete$ADL2_Display_CustomizedMode_Validate$ADL2_Display_DDCBlockAccess_Get$ADL2_Display_DisplayInfo_Get$ADL2_Display_EdidData_Get$ADL2_Display_ModeTimingOverrideList_Get$ADL2_Display_ModeTimingOverride_Get$ADL2_Display_ModeTimingOverride_Set$ADL2_Display_Modes_Get$ADL2_Display_Modes_Set$ADL2_Display_PixelClockAllowableRange_Set$ADL2_Display_PixelClockCaps_Get$ADL2_Display_PixelFormat_Get$ADL2_Display_PixelFormat_Set$ADL2_Display_Size_Get$ADL2_Display_SupportedPixelFormat_Get$ADL2_Main_Control_Create$ADL2_Main_Control_Destroy$ADL2_Main_Control_Refresh$atiadlxx.dll$atiadlxy.dll$B$B$B$B
API String ID: 1029625771-3154633812
Opcode ID: 7e32af32f65406c3883d1c13cca5ea6fc5fe114a72cdeb61b5a057d31eee99d4
Instruction ID: e70cf1c36a44689414dc56f0d3da46ba281c405facdb0dfdf3ac400143c6c2a5
Opcode Fuzzy Hash: 7e32af32f65406c3883d1c13cca5ea6fc5fe114a72cdeb61b5a057d31eee99d4
Instruction Fuzzy Hash: C7518DB43016A0179A15A2A51E131ED22928BC374DB043AECBF157F7E3CA14CCEB83C9

Function 00DEF5E0 Relevance: 52.7, APIs: 5, Strings: 25, Instructions: 171libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(madExcept32.dll,00000000,00DEF856,?,?,?,00000000,00000000,00000000,00000000), ref: 00DEF612
LoadLibraryW.KERNEL32(00000000,madExcept32.dll,00000000,00DEF856,?,?,?,00000000,00000000,00000000,00000000), ref: 00DEF64B

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,00000000), ref: 00D6D972

LoadLibraryW.KERNEL32(c:\sources\madshi\madExcept32.dll,madExcept32.dll,00000000,00DEF856,?,?,?,00000000,00000000,00000000,00000000), ref: 00DEF65B
LoadLibraryW.KERNEL32(00000000,?,madExcept32.dll,00000000,00DEF856,?,?,?,00000000,00000000,00000000,00000000), ref: 00DEF6AF

Part of subcall function 00DB23D4: GetVersion.KERNEL32(00000000,00DB2479,?,?,00E44D0C,?,00DB4D56,00000000,00000000,00DB50CA,?,?,00000000,00000000,00000000,00000000), ref: 00DB23F9
Part of subcall function 00DB23D4: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00DB2479,?,?,00E44D0C,?,00DB4D56,00000000,00000000,00DB50CA,?,?,00000000), ref: 00DB2412

Strings

StopLeakChecking, xrefs: 00DEF70D
CalibrateLeakChecking, xrefs: 00DEF71D
UnloadLeakModule, xrefs: 00DEF77D
ReportLeaksNow, xrefs: 00DEF72D
Software\madshi\madCollection, xrefs: 00DEF66C, 00DEF687
StartDebugMm, xrefs: 00DEF7F6
madExcept32.dll, xrefs: 00DEF638
madExcept32.dll has the wrong version., xrefs: 00DEF828
ShowLeakReport, xrefs: 00DEF76D
ClearLeaks, xrefs: 00DEF75D
SetLeakOption, xrefs: 00DEF7E6
madExcept32.dll, xrefs: 00DEF60D
GetApiVersion, xrefs: 00DEF6D1
GetLeakReport, xrefs: 00DEF73D
HideLeakObj, xrefs: 00DEF7B6
Error..., xrefs: 00DEF823
ThisIsNoLeak, xrefs: 00DEF7A6
SetDebugMmAlignment, xrefs: 00DEF806
HideLeakPtr, xrefs: 00DEF78D
HideLeakCallstack, xrefs: 00DEF7C6
StartLeakChecking, xrefs: 00DEF6FD
\madExcept\Dlls\madExcept32.dll, xrefs: 00DEF699
GetLeakCallstack, xrefs: 00DEF74D
c:\sources\madshi\madExcept32.dll, xrefs: 00DEF656
HideInitializationLeaks, xrefs: 00DEF7D6

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LibraryLoad$AddressProc$FileModuleNameVersion
String ID: userbrateLeakChecking$ClearLeaks$Error...$GetApiVersion$GetLeakCallstack$GetLeakReport$HideInitializationLeaks$HideLeakCallstack$HideLeakObj$HideLeakPtr$ReportLeaksNow$SetDebugMmAlignment$SetLeakOption$ShowLeakReport$Software\madshi\madCollection$StartDebugMm$StartLeakChecking$StopLeakChecking$ThisIsNoLeak$UnloadLeakModule$\madExcept\Dlls\madExcept32.dll$c:\sources\madshi\madExcept32.dll$madExcept32.dll$madExcept32.dll$madExcept32.dll has the wrong version.
API String ID: 1721990271-3918984478
Opcode ID: 050631a970590ab2230632e90c2d9b8870972a48f60284d97047171ed736f561
Instruction ID: 27915e5da951c199f6cca1fa9bb4660483bd5015a2f35d676791073bd291166d
Opcode Fuzzy Hash: 050631a970590ab2230632e90c2d9b8870972a48f60284d97047171ed736f561
Instruction Fuzzy Hash: 2C516FB8B50345AFD700FB73AD82E3E369ADB15304F00543AB541A6296DEB49D4DCB78

Function 00D832E4 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 471filememorytimeCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D838BB), ref: 00D83328
CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D838BB), ref: 00D8334C
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D838BB), ref: 00D8337E
GetVersion.KERNEL32 ref: 00D8344C
CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D8346F
CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D834A5
GetFileSize.KERNEL32(00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D834B8
LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D834C6
LocalAlloc.KERNEL32(00000040,?,00000040,?,00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D834EB
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,00000040,?,00000040,?,00000000,00000000,00000000,80000000,00000003,00000000,00000003), ref: 00D8350C
GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 00D83596
GetVersion.KERNEL32(00000000,00000000,00000000,?), ref: 00D83600
WriteFile.KERNEL32(?,04034B50,0000001E,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00D83685
WriteFile.KERNEL32(?,00000000,00000000,0000001E,00000000,?,04034B50,0000001E,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D836B4
WriteFile.KERNEL32(?,00000000,?,0000001E,00000000,?,00000000,00000000,0000001E,00000000,?,04034B50,0000001E,?,00000000,00000000), ref: 00D836DE
LocalFree.KERNEL32(00000000,00000000,00000000,?,?,00000000,00000040,?,00000040,?,00000000,00000000,00000000,80000000,00000003,00000000), ref: 00D836FF
LocalFree.KERNEL32(00000000,00000040,?,00000040,?,00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D83708
CloseHandle.KERNEL32(00000000,00000040,?,00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00D8370E
GetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 00D83614

Part of subcall function 00D7EECC: SetLastError.KERNEL32(00000000,-0000000C,00000000,?,?,00D80BC0,?,?,?,?,00100000,00000000,00000000,-0000000C), ref: 00D7EEDA
Part of subcall function 00D7EECC: SetFilePointer.KERNEL32(00000000,?,?,00000000,00000000,-0000000C,00000000,?,?,00D80BC0,?,?,?,?,00100000,00000000), ref: 00D7EEE9
Part of subcall function 00D7EECC: GetLastError.KERNEL32(00000000,?,?,00000000,00000000,-0000000C,00000000,?,?,00D80BC0,?,?,?,?,00100000,00000000), ref: 00D7EEF7

WriteFile.KERNEL32(?,?,0000002E,?,00000000,00000000,00000000), ref: 00D837C0
WriteFile.KERNEL32(?,00000000,00000000,0000002E,00000000,?,?,0000002E,?,00000000,00000000,00000000), ref: 00D837E9
WriteFile.KERNEL32(?,06054B50,00000016,?,00000000,00000000,00000000), ref: 00D83820
CloseHandle.KERNEL32(?), ref: 00D8383C
GetVersion.KERNEL32(?), ref: 00D83847
DeleteFileW.KERNEL32(00000000,?), ref: 00D8385C
DeleteFileA.KERNEL32(00000000,?), ref: 00D83882

Strings

., xrefs: 00D837C9

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$Write$CreateLocalVersion$AllocCloseDeleteErrorFreeHandleLast$AttributesPointerReadSizeTime
String ID: .
API String ID: 2008773782-248832578
Opcode ID: ce5bfde60223cf9ae09537a9fac0115922548f0f7499c4f25b974220de383ef9
Instruction ID: 610837e6b26a76d0ce9dc0e8f7a33c52f37ffec3807ff36d1410cd5076101c9d
Opcode Fuzzy Hash: ce5bfde60223cf9ae09537a9fac0115922548f0f7499c4f25b974220de383ef9
Instruction Fuzzy Hash: 62020A70E04209AFDB10EBA8D886BDEB7B9EF08704F244555E508FB291DB74AE45CB71

Function 00DDB650 Relevance: 42.4, APIs: 28, Instructions: 402windowCOMMON

Download Yara Rule

APIs

GetDeviceCaps.GDI32(?,0000000C), ref: 00DDB6A9
IsWindowEnabled.USER32(?), ref: 00DDB6C3
GetClientRect.USER32(?,?), ref: 00DDB6FF
DrawFrameControl.USER32(?,?,00000004,00000210), ref: 00DDB733
DrawFrameControl.USER32(?,?,00000004,00000010), ref: 00DDB749
GetSysColor.USER32(00000015), ref: 00DDB750
CreateSolidBrush.GDI32(?), ref: 00DDB760
FillRect.USER32(?,?,00000000), ref: 00DDB773
DeleteObject.GDI32(00000000), ref: 00DDB779
GetSysColor.USER32(0000000F), ref: 00DDB780
GetDeviceCaps.GDI32(?,0000000C), ref: 00DDB7D2
InflateRect.USER32(?,000000FD,000000FD), ref: 00DDB895
DrawFocusRect.USER32(?,?), ref: 00DDB8A5
GetVersion.KERNEL32(?,00000010,?,?,00000000), ref: 00DDB8D8
GetWindowTextW.USER32(?,?,00000064), ref: 00DDB8F1
GetWindowTextA.USER32(?,?,00000064), ref: 00DDB918
IsWindowEnabled.USER32(?), ref: 00DDB96B
SetTextColor.GDI32(?,00FFFFFF), ref: 00DDB984
GetVersion.KERNEL32(?,00FFFFFF,?,00000000,00000001,?,00000010,?,?,00000000), ref: 00DDB989
TextOutW.GDI32(?,?,00000005,00000000,00000000,?,00FFFFFF,?,00000000,00000001,?,00000010,?,?,00000000), ref: 00DDB9B6
TextOutA.GDI32(?,?,00000005,00000000,00000000), ref: 00DDBA0A
GetSysColor.USER32(00000015), ref: 00DDBA11
SetTextColor.GDI32(?,00000000), ref: 00DDBA1E
SetTextColor.GDI32(?,?), ref: 00DDBA30
GetVersion.KERNEL32(?,?,?,00000000,00000001,?,00000010,?,?,00000000), ref: 00DDBA35
TextOutW.GDI32(?,?,-00000004,00000000,00000000,?,?,?,00000000,00000001,?,00000010,?,?,00000000), ref: 00DDBA62
TextOutA.GDI32(?,?,-00000004,00000000,00000000), ref: 00DDBAB6
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00DDBADB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Text$Color$RectWindow$DrawVersion$CapsControlDeviceEnabledFrame$BrushClientCreateDeleteFillFocusInflateObjectSolid
String ID:
API String ID: 2072113309-0
Opcode ID: bb92718f0ce80a689197de63d0eeecfe02d60cee19d44165c8dcf5a3d64b2fae
Instruction ID: c3ff4d7bf2f6a20a8ab8b4c5043609b3c5dc48cfe90e9fafdd13d345944058f9
Opcode Fuzzy Hash: bb92718f0ce80a689197de63d0eeecfe02d60cee19d44165c8dcf5a3d64b2fae
Instruction Fuzzy Hash: 84E1E875A00209AFCB10EFA8C981E9EB7B9EF48314F1545A6F514EB352CB34EE419B70

Function 00DACDF0 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 00DACDF9

Part of subcall function 00DACDC4: GetProcAddress.KERNEL32(00000000), ref: 00DACDDD

Strings

VarXor, xrefs: 00DACEF9
VarAdd, xrefs: 00DACE49
VarI4FromStr, xrefs: 00DACF25
VarMod, xrefs: 00DACEB7
VarDiv, xrefs: 00DACE8B
VarOr, xrefs: 00DACEE3
VarAnd, xrefs: 00DACECD
VarR4FromStr, xrefs: 00DACF3B
VarNot, xrefs: 00DACE33
oleaut32.dll, xrefs: 00DACDF4
VarMul, xrefs: 00DACE75
VarCyFromStr, xrefs: 00DACF7D
VarIdiv, xrefs: 00DACEA1
VarNeg, xrefs: 00DACE1D
VarBstrFromDate, xrefs: 00DACFBF
VarBstrFromCy, xrefs: 00DACFA9
VariantChangeTypeEx, xrefs: 00DACE07
VarSub, xrefs: 00DACE5F
VarBoolFromStr, xrefs: 00DACF93
VarBstrFromBool, xrefs: 00DACFD5
VarR8FromStr, xrefs: 00DACF51
VarDateFromStr, xrefs: 00DACF67
VarCmp, xrefs: 00DACF0F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 1646373207-1918263038
Opcode ID: 96b32cbbc7580ea476ef574144e7b9b4b7d53249325110f57f27b05005c21a7c
Instruction ID: 5a5bf0d9be3baa484c160b0fc3c9efbbb6c64d42427858d8730bba5d2d46bd10
Opcode Fuzzy Hash: 96b32cbbc7580ea476ef574144e7b9b4b7d53249325110f57f27b05005c21a7c
Instruction Fuzzy Hash: 244130A26283046E5708AB7EB8014377BD9D747335770643AB505DBBD1DD30AC868A3E

Function 00DE0194 Relevance: 38.9, APIs: 10, Strings: 12, Instructions: 355windowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00DE07F0,?), ref: 00DE03E7
SendMessageA.USER32(5653006A,00001304,00000000,00000000), ref: 00DE041F
GetVersion.KERNEL32(5653006A,00001304,00000000,00000000), ref: 00DE0437
SendMessageW.USER32(5653006A,0000133C,-00000001,00000001), ref: 00DE0454
SendMessageA.USER32(5653006A,00001305,-00000001,00000001), ref: 00DE048B
SendMessageA.USER32(5653006A,00001308,-00000001,00000000), ref: 00DE04EB
GetVersion.KERNEL32 ref: 00DE0561
SendMessageW.USER32(5653006A,0000133E,00000000,00000001), ref: 00DE058C
SendMessageA.USER32(5653006A,00001307,00000000,00000001), ref: 00DE05C2
InvalidateRect.USER32(5653006A,00000000,00000000), ref: 00DE05E4

Strings

general|call stack, xrefs: 00DE026E
\M, xrefs: 00DE053A
,M, xrefs: 00DE02CF, 00DE0356
cpu registers, xrefs: 00DE0378
memory dump, xrefs: 00DE0241, 00DE0250
call stack, xrefs: 00DE025F
disasm, xrefs: 00DE03A5
`M, xrefs: 00DE04C6, 00DE054B
cpu regs, xrefs: 00DE0387
disassembling, xrefs: 00DE0396
XM, xrefs: 00DE0518
allocation number, xrefs: 00DE01E5

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MessageSend$Version$InvalidateRect
String ID: ,M$XM$\M$`M$allocation number$call stack$cpu registers$cpu regs$disasm$disassembling$general|call stack$memory dump
API String ID: 1025676142-1532063459
Opcode ID: 62e3b618edc7a4e41659bbb6d131048d93ef0d017e4a4552ccb29721db3a61ab
Instruction ID: 06292d5e14f5fedbb18114c8be170a81e980f3b454010797482b1b01517334ab
Opcode Fuzzy Hash: 62e3b618edc7a4e41659bbb6d131048d93ef0d017e4a4552ccb29721db3a61ab
Instruction Fuzzy Hash: CCE14C34A04249DFDB10EBA5C885B9EB7F5EF48314F6041A5E904A73A1DBB0AE85CF71

Function 00DF2C7C Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 230registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000006,Config Manager\Enum,00000000,00020019,?,00000000,00DF2F6B,?,?,?,00000006,00000000,00000000), ref: 00DF2CB1
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,80000006,Config Manager\Enum,00000000,00020019), ref: 00DF2CDC
LocalAlloc.KERNEL32(00000040,?,?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,80000006,Config Manager\Enum), ref: 00DF2CF9
RegEnumKeyA.ADVAPI32(?,?,00000000,?), ref: 00DF2D1D
RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,?,?,?,?,00000006,00000000,00000000), ref: 00DF2DD6
RegCloseKey.ADVAPI32(?,80000002,00000000,00000000,00020019,?,?,?,?,00000006,00000000,00000000), ref: 00DF2F15
LocalFree.KERNEL32(00000000,00000040,?,?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,80000006), ref: 00DF2F28
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,80000006,Config Manager\Enum,00000000), ref: 00DF2F31

Part of subcall function 00DF2BAC: RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020019,?), ref: 00DF2BDA
Part of subcall function 00DF2BAC: RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00020019,?), ref: 00DF2C05
Part of subcall function 00DF2BAC: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00020019,?), ref: 00DF2C1E
Part of subcall function 00DF2BAC: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DF2C35
Part of subcall function 00DF2BAC: LocalFree.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00DF2C63
Part of subcall function 00DF2BAC: RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00020019,?), ref: 00DF2C6C

Strings

CurrentDriveLetterAssignment, xrefs: 00DF2E7E
NetService, xrefs: 00DF2E16
DeviceDesc, xrefs: 00DF2E6B
System\CurrentControlSet\Services\Class\, xrefs: 00DF2E43, 00DF2ECF
HardWareKey, xrefs: 00DF2D40
Config Manager\Enum, xrefs: 00DF2CA7
Problem, xrefs: 00DF2D63
NetClient, xrefs: 00DF2E03
Enum\, xrefs: 00DF2DBE
\SWENUM\, xrefs: 00DF2D9E
Class, xrefs: 00DF2DE7
Driver, xrefs: 00DF2EB4
:] , xrefs: 00DF2E9B
NetTrans, xrefs: 00DF2E29

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$CloseOpenQuery$AllocFreeValue$EnumInfo
String ID: :] $Class$Config Manager\Enum$CurrentDriveLetterAssignment$DeviceDesc$Driver$Enum\$HardWareKey$NetClient$NetService$NetTrans$Problem$System\CurrentControlSet\Services\Class\$\SWENUM\
API String ID: 3580524629-1364326832
Opcode ID: 921aa83fb7f803e8a99e84eec21f753728e9e9bedcc24886f2d9c02c5f024307
Instruction ID: 9dc54033b686a5a067d4488daa2a518dafe3c2554436f1565c21797213168ab7
Opcode Fuzzy Hash: 921aa83fb7f803e8a99e84eec21f753728e9e9bedcc24886f2d9c02c5f024307
Instruction Fuzzy Hash: F0810C35E1010DABDB04EAD5D882FFEB3B9EF48304F558066FA04E7291DA34AE058B70

Function 00DF3D90 Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 193memorylibraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,NtQuerySystemInformation,00000000,00DF4024), ref: 00DF3DCE

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

LoadLibraryW.KERNEL32(psapi.dll,GetModuleFileNameExW,00000000,00DF4024), ref: 00DF3DF1
GetModuleHandleW.KERNEL32(user32.dll,GetGuiResources,00000000,00DF4024), ref: 00DF3E14
LocalFree.KERNEL32(00000000), ref: 00DF3E51
LocalAlloc.KERNEL32(00000040,00010000,00000000), ref: 00DF3E5C
LocalAlloc.KERNEL32(00000040,00000000), ref: 00DF3E8F
OpenProcess.KERNEL32(00000410,00000000,?), ref: 00DF3EDD
GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00DF3F44
CloseHandle.KERNEL32(00000000), ref: 00DF3FBC
LocalFree.KERNEL32(00000000), ref: 00DF3FF9

Strings

NtQuerySystemInformation, xrefs: 00DF3DC4
ntdll.dll, xrefs: 00DF3DC9
<M, xrefs: 00DF3F22
GetGuiResources, xrefs: 00DF3E0A
\??\, xrefs: 00DF3F9B
Idle, xrefs: 00DF3FE0
user32.dll, xrefs: 00DF3E0F
\SystemRoot\System32\, xrefs: 00DF3F2D
GetModuleFileNameExW, xrefs: 00DF3DE7
psapi.dll, xrefs: 00DF3DEC
8M, xrefs: 00DF3F90

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$Handle$AllocFreeModule$AddressCloseDirectoryLibraryLoadOpenProcProcessSystem
String ID: 8M$<M$GetGuiResources$GetModuleFileNameExW$Idle$NtQuerySystemInformation$\??\$\SystemRoot\System32\$ntdll.dll$psapi.dll$user32.dll
API String ID: 655375459-2796516331
Opcode ID: 85c17343ddb64f627f312faa5a05e549449c228ffb9be28e54ffc38738a00ace
Instruction ID: 5446a6dd4069c1bf0c201762d7e6dea68afc7983e31571b87c3dbad82fa877a0
Opcode Fuzzy Hash: 85c17343ddb64f627f312faa5a05e549449c228ffb9be28e54ffc38738a00ace
Instruction Fuzzy Hash: B6715F75A0020CAFDB20EFA5DC45BAE77B9EF58704F168195F604A7281DB709E89CB70

Function 00D7436C Relevance: 35.3, APIs: 10, Strings: 10, Instructions: 308COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D748C5,?,00E44D0C,?,00DB4F78,00000000,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%), ref: 00D743AC
GetModuleHandleW.KERNEL32(ntdll.dll,RtlGetVersion), ref: 00D743DC
GetVersionExW.KERNEL32(0000011C,00000000,ntdll.dll,RtlGetVersion), ref: 00D74405
GetVersionExW.KERNEL32(00000114,0000011C,00000000,ntdll.dll,RtlGetVersion), ref: 00D7441F
GetVersionExA.KERNEL32(00000094,00000000,00D748C5,?,00E44D0C,?,00DB4F78,00000000,?,?,?,00000000,00000000,00000000,00000000,%exceptClass%), ref: 00D74447
GetSystemMetrics.USER32(00000059), ref: 00D747E9
GetSystemMetrics.USER32(00000056), ref: 00D74803
GetSystemMetrics.USER32(00000058), ref: 00D7481D

Strings

RtlGetVersion, xrefs: 00D743D2
PM, xrefs: 00D74756
ntdll.dll, xrefs: 00D743D7
Media Center, xrefs: 00D7484E
kernel32.dll, xrefs: 00D7476D
Tablet PC, xrefs: 00D74811
Starter, xrefs: 00D7482B
R2, xrefs: 00D747F7
x64, xrefs: 00D74866
GetNativeSystemInfo, xrefs: 00D74768

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version$MetricsSystem$HandleModule
String ID: Media Center$ R2$ Starter$ Tablet PC$ x64$GetNativeSystemInfo$PM$RtlGetVersion$kernel32.dll$ntdll.dll
API String ID: 2438162231-3662182711
Opcode ID: 2df0fec29331d3df30107353b6e96b4529fe336d38abbb8ad696a6f5170e6f8e
Instruction ID: adf42f2f0e902e8636f43beaf20e98512e525eed28d67f67a1775e9886a373b3
Opcode Fuzzy Hash: 2df0fec29331d3df30107353b6e96b4529fe336d38abbb8ad696a6f5170e6f8e
Instruction Fuzzy Hash: FCD1D7306083848FDB6BD7799C46399BB959B03305F148996F48CA7292EF74998CDB32

Function 00DC3424 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 309synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000000), ref: 00DC3627
CloseHandle.KERNEL32(?,?,00000000), ref: 00DC3634
GetVersion.KERNEL32(?,?,00000000), ref: 00DC366A
GetModuleHandleW.KERNEL32(shell32.dll,ShellExecuteExW), ref: 00DC369C

Part of subcall function 00DC32D0: GetVersion.KERNEL32(00000000,00DC3384), ref: 00DC32F2
Part of subcall function 00DC32D0: FindFirstFileW.KERNEL32(00000000,?,00000000,00DC3384), ref: 00DC330D
Part of subcall function 00DC32D0: FindClose.KERNEL32(00000000,00000000,?,00000000,00DC3384), ref: 00DC3344

Part of subcall function 00D93370: GetVersion.KERNEL32(00000000,00D934B2), ref: 00D9339A
Part of subcall function 00D93370: LoadImageW.USER32(00000000,00000000,00000000,00000000,00000000,00002010), ref: 00D933BB
Part of subcall function 00D93370: LocalAlloc.KERNEL32(00000040,00000018,00000000,00D934B2), ref: 00D933FC
Part of subcall function 00D93370: GetObjectW.GDI32(00000000,00000018,00000000), ref: 00D9340F
Part of subcall function 00D93370: CreateCompatibleDC.GDI32(00000000), ref: 00D9342B
Part of subcall function 00D93370: SelectObject.GDI32(00000000,00000000), ref: 00D9343E
Part of subcall function 00D93370: SelectObject.GDI32(00000000,?), ref: 00D9347A
Part of subcall function 00D93370: DeleteDC.GDI32(00000000), ref: 00D93483
Part of subcall function 00D93370: LocalFree.KERNEL32(00000000,00000040,00000018,00000000,00D934B2), ref: 00D93489
Part of subcall function 00D93370: DeleteObject.GDI32(00000000), ref: 00D9348F

Part of subcall function 00DC32D0: FindFirstFileA.KERNEL32(00000000,?,00000000,00DC3384), ref: 00DC3339

Strings

edit, xrefs: 00DC3676
edit, xrefs: 00DC36EC
shell32.dll, xrefs: 00DC3697
@, xrefs: 00DC365C
<, xrefs: 00DC3655
ShellExecuteExW, xrefs: 00DC3692
AttachCheck, xrefs: 00DC34BA, 00DC379A
ScrShotImg, xrefs: 00DC348B, 00DC3526

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Object$FindVersion$CloseDeleteFileFirstHandleLocalSelect$AllocCompatibleCreateFreeImageLoadModuleSingleWait
String ID: <$@$AttachCheck$ScrShotImg$ShellExecuteExW$edit$edit$shell32.dll
API String ID: 777353599-4273357011
Opcode ID: f8ba7043f536fe80c4927bf0103e6056a46cc0c0e56cc3cf7080dd7c5202fae1
Instruction ID: 0d62cb338da98cb5b0070490bd72938cc68d6f02ba505ff9347e5238f270f2a1
Opcode Fuzzy Hash: f8ba7043f536fe80c4927bf0103e6056a46cc0c0e56cc3cf7080dd7c5202fae1
Instruction Fuzzy Hash: 9CD1F6B4A0020AEFDF14EFA8D585B9DB7B5EF49300F548469E805AB291DB30AE45CB71

Function 00D89114 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 278fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89202
GetFileAttributesW.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89217
GetVersion.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89221
GetFileAttributesA.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89246
GetVersion.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89274
GetFileAttributesW.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89289
GetVersion.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D89293
GetFileAttributesA.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D892BC
GetVersion.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,?,00D89B68,00000000,?,?,?,00000000), ref: 00D892DA
CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 00D892FE
CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 00D8932F
CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000), ref: 00D8934A
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000003,00000000,00000003), ref: 00D89362
UnmapViewOfFile.KERNEL32(?,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000003,00000000), ref: 00D8941E
CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000003,00000000), ref: 00D89424
CloseHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000), ref: 00D8942A

Strings

$M, xrefs: 00D891A7
.tds, xrefs: 00D891AF, 00D891F8
,M, xrefs: 00D89175

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$Version$Attributes$Create$CloseHandleView$MappingUnmap
String ID: $M$,M$.tds
API String ID: 513229809-2750482672
Opcode ID: a04091dd398fcf4f5d3c7dec69f95dc4acc5e12ec8b4608d1563931450744948
Instruction ID: a2c2b5cdf04f43bafd0581ef992124d83fcbe5a1aeb6001a80e7e413c0a3e0b4
Opcode Fuzzy Hash: a04091dd398fcf4f5d3c7dec69f95dc4acc5e12ec8b4608d1563931450744948
Instruction Fuzzy Hash: 32A18030B442099FDB14FBA8D855BAEF3A5EF44310F288164F954AB2D1DA74ED418B74

Function 00E03A04 Relevance: 33.5, APIs: 12, Strings: 7, Instructions: 278registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000002,00000000,?,00000000,00000009,?,?,00000000,00E03D8A,?,?,00000000,00000000,00000000,?), ref: 00E03AB0
RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,80000002,00000000,?,00000000,00000009,?,?,00000000), ref: 00E03ADE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?,?,00000000,?,?,00000000,00000000,00000000,00000000,80000002,00000000,?), ref: 00E03AFE
RegQueryValueExW.ADVAPI32(?,Driver,00000000,00000000,?,?,?,?,00000000,00000001,?,?,00000001,?,?,00000000), ref: 00E03B2A
RegOpenKeyExW.ADVAPI32(?,Device Parameters,00000000,00000001,?,?,?,00E03E30,?,?,?,Driver,00000000,00000000,?,?), ref: 00E03BC0
RegQueryValueExW.ADVAPI32(?,EDID,00000000,00000000,?,?,?,Device Parameters,00000000,00000001,?,?,?,00E03E30,?,?), ref: 00E03BE5
RegCloseKey.ADVAPI32(?,?,?,EDID,00000000,00000000,?,?,?,Device Parameters,00000000,00000001,?,?,?,00E03E30), ref: 00E03BF4
RegCloseKey.ADVAPI32(?,?,Driver,00000000,00000000,?,?,?,?,00000000,00000001,?,?,00000001,?,?), ref: 00E03BFD
RegCloseKey.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,00000000,80000002,00000000,?,00000000,00000009,?,?), ref: 00E03C0C
RegOpenKeyExW.ADVAPI32(80000002,00000000,\Device Parameters,?,?,00E03E30,?,?,System\CurrentControlSet\Enum\Display\,00000000,00000001,?,?,?,00000000,00E03D8A), ref: 00E03CB1
RegQueryValueExW.ADVAPI32(?,EDID,00000000,00000000,?,?,80000002,00000000,\Device Parameters,?,?,00E03E30,?,?,System\CurrentControlSet\Enum\Display\,00000000), ref: 00E03CD6
RegCloseKey.ADVAPI32(?,?,?,EDID,00000000,00000000,?,?,80000002,00000000,\Device Parameters,?,?,00E03E30,?,?), ref: 00E03CE5

Strings

\Device Parameters, xrefs: 00E03C8B
Monitor, xrefs: 00E03A5A
Driver, xrefs: 00E03B21
System\CurrentControlSet\Enum\Display\, xrefs: 00E03A95, 00E03C4B
EDID, xrefs: 00E03BDC, 00E03CCD
Device Parameters, xrefs: 00E03BB7
\\?\DISPLAY, xrefs: 00E03C31

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseOpen$QueryValue$Enum
String ID: Device Parameters$Driver$EDID$Monitor$System\CurrentControlSet\Enum\Display\$\Device Parameters$\\?\DISPLAY
API String ID: 2834868890-1010352321
Opcode ID: 42a61f8895cd565a5fe03e70bee3b4ea9a91e534258ba477544b1620c85599c5
Instruction ID: 111453d8ed53b83168d7a086fc17d48c06146be63c0544e76f3d91ce496c16d7
Opcode Fuzzy Hash: 42a61f8895cd565a5fe03e70bee3b4ea9a91e534258ba477544b1620c85599c5
Instruction Fuzzy Hash: FEA14C71E00219ABEB20EAA8CC85BEEB7BDEB48704F1051A5F514F7281D7749F858B70

Function 00DD039C Relevance: 33.4, APIs: 1, Strings: 18, Instructions: 192libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(winhttp.dll), ref: 00DD0509

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,00000000), ref: 00D6D972

Part of subcall function 00DD0320: GlobalAlloc.KERNEL32(00000040,00000000,00000000,00DD038D,?,?,00000000), ref: 00DD0351

Strings

WinHttpReadData, xrefs: 00DD05F0
WinHttpOpen, xrefs: 00DD0510
WinHttpCloseHandle, xrefs: 00DD0600
://, xrefs: 00DD03F2
WinHttpWriteData, xrefs: 00DD0590
WinHttpAddRequestHeaders, xrefs: 00DD0540
WinHttpGetIEProxyConfigForCurrentUser, xrefs: 00DD0560
WinHttpReceiveResponse, xrefs: 00DD05A0
winhttp.dll, xrefs: 00DD0504
WinHttpQueryDataAvailable, xrefs: 00DD05E0
WinHttpOpenRequest, xrefs: 00DD0530
WinHttpGetProxyForUrl, xrefs: 00DD0570
WinHttpSendRequest, xrefs: 00DD0550
WinHttpSetCredentials, xrefs: 00DD05D0
WinHttpConnect, xrefs: 00DD0520
WinHttpSetOption, xrefs: 00DD0580
WinHttpQueryHeaders, xrefs: 00DD05B0
WinHttpQueryAuthSchemes, xrefs: 00DD05C0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressProc$AllocGlobalLibraryLoad
String ID: ://$WinHttpAddRequestHeaders$WinHttpCloseHandle$WinHttpConnect$WinHttpGetIEProxyConfigForCurrentUser$WinHttpGetProxyForUrl$WinHttpOpen$WinHttpOpenRequest$WinHttpQueryAuthSchemes$WinHttpQueryDataAvailable$WinHttpQueryHeaders$WinHttpReadData$WinHttpReceiveResponse$WinHttpSendRequest$WinHttpSetCredentials$WinHttpSetOption$WinHttpWriteData$winhttp.dll
API String ID: 2731625760-3351187014
Opcode ID: d68b0d7e724307a38ba2882782bfdf76f9920e843eb114a36a895464b5e14831
Instruction ID: 081974e749d91819aaa573051e2e2be5b10ceb48090f845502d70d6c8be60625
Opcode Fuzzy Hash: d68b0d7e724307a38ba2882782bfdf76f9920e843eb114a36a895464b5e14831
Instruction Fuzzy Hash: 48717F74A016049FC704EF35E882AAA3BA5EF85314F108167F840AB396DB74DD49CFB5

Function 00DB1ED4 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 232memoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DB2184,?,?,?,00000000), ref: 00DB1F14
GetModuleHandleW.KERNEL32(kernel32.dll,Thread32Next,00000000,kernel32.dll,Thread32First,00000000,kernel32.dll,CreateToolhelp32Snapshot,00000000,00DB2184,?,?,?,00000000), ref: 00DB1F5D
GetCurrentProcessId.KERNEL32(?,?,?,?,00000000), ref: 00DB1FA1
CloseHandle.KERNEL32(000000FF,00DB2168,?,00000000), ref: 00DB1FF7
GetModuleHandleW.KERNEL32(kernel32.dll,Thread32First,00000000,kernel32.dll,CreateToolhelp32Snapshot,00000000,00DB2184,?,?,?,00000000), ref: 00DB1F45

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,00000000), ref: 00D6D972

GetModuleHandleW.KERNEL32(kernel32.dll,CreateToolhelp32Snapshot,00000000,00DB2184,?,?,?,00000000), ref: 00DB1F2E

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

GetModuleHandleW.KERNEL32(ntdll.dll,NtQuerySystemInformation,00000000,00DB2184,?,?,?,00000000), ref: 00DB200E
LocalFree.KERNEL32(?,00000000,00DB2161,?,?,?,?,00000000), ref: 00DB2058
LocalAlloc.KERNEL32(00000040,00010000,?,00000000,00DB2161,?,?,?,?,00000000), ref: 00DB2063
GetCurrentProcessId.KERNEL32(?,?,?,?,00000000), ref: 00DB20B7

Strings

Thread32Next, xrefs: 00DB1F53
kernel32.dll, xrefs: 00DB1F29, 00DB1F40, 00DB1F58
Thread32First, xrefs: 00DB1F3B
NtQuerySystemInformation, xrefs: 00DB2004
CreateToolhelp32Snapshot, xrefs: 00DB1F24
ntdll.dll, xrefs: 00DB2009

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Handle$Module$AddressCurrentLocalProcProcess$AllocCloseFreeVersion
String ID: CreateToolhelp32Snapshot$NtQuerySystemInformation$Thread32First$Thread32Next$kernel32.dll$ntdll.dll
API String ID: 2956289956-2969370507
Opcode ID: 81a452d49c832a8e128dfa67202f9e04f02cf0e29e5cb8d3313efd79bfc3a08f
Instruction ID: 7b221ad889a74a15c68e9b66928cba35504738238fba01e2c025cc1ff8ea5196
Opcode Fuzzy Hash: 81a452d49c832a8e128dfa67202f9e04f02cf0e29e5cb8d3313efd79bfc3a08f
Instruction Fuzzy Hash: 418137B6E00208EFDB10EBA9DC92BAEB7F8EB48710F544469E515E7290E6749904CB30

Function 00DE472C Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 291threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DE4777
GetCurrentThreadId.KERNEL32 ref: 00DE479A

Strings

@, xrefs: 00DE479F, 00DE4A0C
EAbort, xrefs: 00DE47DB
EAccessViolation, xrefs: 00DE4884

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID: @$EAbort$EAccessViolation
API String ID: 2882836952-3704233169
Opcode ID: bb2f88bf58773c0aafd63e755522fd87c9ce4fa713352e9809d22fc17091564a
Instruction ID: ccf42febcdc475a476e9c49ec206829d393f5b88aa7ff54706e6c7bf828c111e
Opcode Fuzzy Hash: bb2f88bf58773c0aafd63e755522fd87c9ce4fa713352e9809d22fc17091564a
Instruction Fuzzy Hash: 82B1AF70A0428A9FDB10EFA6C885BAEB7F5FB09314F1445A6E414E3291DB34E944CFB5

Function 00DDA26C Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 171processfilethreadCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DDA486,?,?,?,?,00DE3F82,00000000,?), ref: 00DDA2B2
GetCommandLineW.KERNEL32(00000000,00DDA486,?,?,?,?,00DE3F82,00000000,?), ref: 00DDA2C2
GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00DDA486,?,?,?,?,00DE3F82,00000000,?), ref: 00DDA2E9
CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,?,00000044,?,00000104,?,00000000,00DDA486,?,?), ref: 00DDA312
GetCommandLineA.KERNEL32(00000000,00DDA486,?,?,?,?,00DE3F82,00000000,?), ref: 00DDA323
GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00DDA486,?,?,?,?,00DE3F82,00000000,?), ref: 00DDA354
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,?,00000044,?,00000104,?,00000000,00DDA486,?,?), ref: 00DDA37D
CreateFileMappingA.KERNEL32(000000FF,?,00000004,00000000,00000058,00000000), ref: 00DDA3DF
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,000000FF,?,00000004,00000000,00000058,00000000,?,00000000,00000000,00000000,00000000), ref: 00DDA3F2
GetCurrentProcessId.KERNEL32(00000000,000F001F,00000000,00000000,00000000,000000FF,?,00000004,00000000,00000058,00000000,?,00000000,00000000,00000000,00000000), ref: 00DDA3FD
GetCurrentProcess.KERNEL32(00000000,?,00000004,00000000,00000000,00000002,00000000,000F001F,00000000,00000000,00000000,000000FF,?,00000004,00000000,00000058), ref: 00DDA413
DuplicateHandle.KERNEL32(00000000,00000000,?,00000004,00000000,00000000,00000002,00000000,000F001F,00000000,00000000,00000000,000000FF,?,00000004,00000000), ref: 00DDA419
ResumeThread.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,000000FF,?,00000004,00000000,00000058,00000000,?,00000000,00000000,00000000), ref: 00DDA434
GetCurrentProcess.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,00000004,00000000,?,00000044,?,00000104,?,00000000,00DDA486), ref: 00DDA441
TerminateProcess.KERNEL32(00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000004,00000000,?,00000044,?,00000104,?,00000000,00DDA486), ref: 00DDA447

Strings

D, xrefs: 00DDA2AB
madExceptRestart, xrefs: 00DDA3BD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Process$Current$Create$CommandDirectoryFileLine$DuplicateHandleMappingResumeTerminateThreadVersionView
String ID: D$madExceptRestart
API String ID: 2670087947-3299302940
Opcode ID: 29031185f94784e805e932b549da45fbfcf5ee6535a051bf130705810d759c00
Instruction ID: df0976559f8e8ebb824e487adbfbef8672b250be07012cc0ef0c525452fc5b39
Opcode Fuzzy Hash: 29031185f94784e805e932b549da45fbfcf5ee6535a051bf130705810d759c00
Instruction Fuzzy Hash: 39517371B4420CABEB10EBA4DC86FAE77ADEF04704F504166F609E72C2DE709A058B75

Function 00E092F4 Relevance: 28.4, APIs: 13, Strings: 3, Instructions: 403filesleepmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E06C4C: GetCurrentProcessId.KERNEL32(?,00E06D38,?,00000000,00E06D1E,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06C93

WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00E09809,?,?,00000000,00E09852,?,?,?,00000000,?,00E08B41,?,000F001F), ref: 00E093FC
MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000,00000000,00E09778,?,00000000,00E097E5,?,00000000,00E09809,?,?,00000000), ref: 00E09493
VirtualProtect.KERNEL32(?,00000008,00000040,00000000,00000000,00E09754,?,00000000,00E09778,?,00000000,00E097E5,?,00000000,00E09809), ref: 00E094E8

Part of subcall function 00E0904C: GetCurrentProcessId.KERNEL32(?,?,00E09270,?,00000000,00E09251,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E090FF
Part of subcall function 00E0904C: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00000000,00000000,?,?,?,00E09270,?,00000000,00E09251,?,?,?,00000000), ref: 00E0914E

GetThreadContext.KERNEL32(?,00010001), ref: 00E095D0
Sleep.KERNEL32(0000000A,?,00010001), ref: 00E095F4
CloseHandle.KERNEL32(?,?,00010001), ref: 00E09602
GetThreadContext.KERNEL32(?,00010001), ref: 00E096BA
Sleep.KERNEL32(0000000A,?,00010001), ref: 00E096FB
CloseHandle.KERNEL32(?,?,00010001), ref: 00E09709
VirtualProtect.KERNEL32(?,00000008,00000000,00000000,?,00000008,00000040,00000000,00000000,00E09754,?,00000000,00E09778,?,00000000,00E097E5), ref: 00E09722
UnmapViewOfFile.KERNEL32(00000000,00E0975B,00000000,00000000,00E09754,?,00000000,00E09778,?,00000000,00E097E5,?,00000000,00E09809,?,?), ref: 00E0974E

Strings

P_, xrefs: 00E0941D
`X, xrefs: 00E0964A
x_, xrefs: 00E09386

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseContextCurrentFileHandleObjectProcessProtectSingleSleepThreadViewVirtualWait$Unmap
String ID: P_$`X$x_
API String ID: 3415455020-4218252826
Opcode ID: 4dd4783e14ccdcb00c31898de9af1ed6b835d75aa38031fde250ca2d62137fe5
Instruction ID: f1e52da5c0300ea936e5c22c9129828fd33ed688e18f44d94fbb301a0c092fe9
Opcode Fuzzy Hash: 4dd4783e14ccdcb00c31898de9af1ed6b835d75aa38031fde250ca2d62137fe5
Instruction Fuzzy Hash: 77F15975A002499FDB11DFA8D891B9EB7B9EF48304F1494A6E408B7293D770AE85CF70

Function 00DC9F70 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 265processCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000000,00DCA367,?,?,?,00000000,00000000), ref: 00DC9FBC
ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000104,?,00000000,00DCA367,?,?,?,00000000,00000000), ref: 00DC9FDD
ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,?,00000000,00DCA367,?,?,?,00000000,00000000), ref: 00DCA022
GetVersion.KERNEL32(?,?,?,00000000,00000000), ref: 00DCA1C9
GetVersion.KERNEL32 ref: 00DCA243
CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00DCA274
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00DCA2BC
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00DCA2D6
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00DCA2E6

Strings

mailto\shell\open\command, xrefs: 00DC9FA3
&body=, xrefs: 00DCA126
OUTLOOK, xrefs: 00DCA07C
D, xrefs: 00DCA239
0M, xrefs: 00DCA06C
mailto:, xrefs: 00DCA0A0
?subject=, xrefs: 00DCA0E3

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version$CloseCreateEnvironmentExpandHandleProcessStrings
String ID: &body=$0M$?subject=$D$OUTLOOK$mailto:$mailto\shell\open\command
API String ID: 70308441-1102511572
Opcode ID: ea38a2dfbf3cfc084da92dc973d00fc1fd11f939fd2bf33bab6a9f56ee81f1d9
Instruction ID: 5cecdbb82ae5ec7de1af24c60da2ffbf518dcf0f95e8a252e8448a00d2106ae1
Opcode Fuzzy Hash: ea38a2dfbf3cfc084da92dc973d00fc1fd11f939fd2bf33bab6a9f56ee81f1d9
Instruction Fuzzy Hash: BDA16034A0411E9BDF10EBA4CC95FDDB3B9EF44308F6041A9E508A7291DB74AF859B72

Function 00DB3ADC Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 212synchronizationmemoryCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3B22
LocalSize.KERNEL32(00000000), ref: 00DB3B8F
LocalSize.KERNEL32(00000000), ref: 00DB3BC3
LocalFree.KERNEL32(00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BDD
LocalSize.KERNEL32(00000000), ref: 00DB3BE9
LocalFree.KERNEL32(00000000,00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BF7
LocalFree.KERNEL32(00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BFD
GetCurrentProcess.KERNEL32(00000000,00100040,00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3C36
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00100040,00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3C40
DuplicateHandle.KERNEL32(00000000,00000000,00000000,00000000,00100040,00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000), ref: 00DB3C46
LocalAlloc.KERNEL32(00000040,0000001C,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3C63
CloseHandle.KERNEL32(00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3CCA
LocalSize.KERNEL32(?), ref: 00DB3CE5
WaitForSingleObject.KERNEL32(?,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3CF5
ReleaseMutex.KERNEL32(?,00DB3D3B,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3D2E

Strings

madExcept - TraceProcessThread, xrefs: 00DB3AE2

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$Size$Free$CurrentHandleObjectProcessSingleWait$AllocCloseDuplicateMutexRelease
String ID: madExcept - TraceProcessThread
API String ID: 255169786-2631385117
Opcode ID: 466eabbb0b1fa57fa45efb92db58f223d5cd8b104d90d5f3883dfdd516cfa345
Instruction ID: d278ca252370be174405cc0781d37f5b78920d802fb3b2ebda370a1f64b63999
Opcode Fuzzy Hash: 466eabbb0b1fa57fa45efb92db58f223d5cd8b104d90d5f3883dfdd516cfa345
Instruction Fuzzy Hash: AE817E70A04304DFDF10EFA9D885B9EB7A5EB18310F188865F806AB296DB74DE44DB74

Function 00D894C4 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 272fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,?,00D89B4C,?,?,?,00000000), ref: 00D8953B
GetVersion.KERNEL32 ref: 00D89589
CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00D895B3
CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00D895EA
CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00D89605
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003), ref: 00D8961D
UnmapViewOfFile.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000), ref: 00D8970A
CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000), ref: 00D89710
CloseHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00D89716

Strings

.pdb, xrefs: 00D89525, 00D89722
,M, xrefs: 00D894FC
.jdbg, xrefs: 00D897BF
(, xrefs: 00D89688
.map, xrefs: 00D8974B
.mad, xrefs: 00D8977B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$Create$CloseHandleView$AttributesMappingUnmapVersion
String ID: ($,M$.jdbg$.mad$.map$.pdb
API String ID: 2246755837-695174310
Opcode ID: d74611348264f5017defb708a5e93f49ee14947669d06f4bc3ab8823a224a053
Instruction ID: ce6362c037838e138ae7700f5788915e34977081eb02b94869795e249bfc2f3e
Opcode Fuzzy Hash: d74611348264f5017defb708a5e93f49ee14947669d06f4bc3ab8823a224a053
Instruction Fuzzy Hash: DFB13E7460020AAFDB10EF54C895BAEF7B5EF49310F288265E9446B396DB70ED41CBB0

Function 00D8809C Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 144libraryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D882C2,?,00000000), ref: 00D880D5
GetModuleFileNameW.KERNEL32(00D60000,?,00000104,00000000,00D882C2,?,00000000), ref: 00D880F3
LoadLibraryW.KERNEL32(00000000,?,00000000), ref: 00D88153
GetModuleFileNameA.KERNEL32(00D60000,?,00000104,00000000,00D882C2,?,00000000), ref: 00D8816E
LoadLibraryA.KERNEL32(00000000,?,00000000), ref: 00D881CE

Strings

SymCleanup, xrefs: 00D881E9
,M, xrefs: 00D8810D
SymEnumSymbolsW, xrefs: 00D88229
SymInitializeW, xrefs: 00D881D9
dbghelp.dll, xrefs: 00D8813A
SymGetModuleInfoW64, xrefs: 00D88219
SymEnumLinesW, xrefs: 00D88239
dbghelp.dll, xrefs: 00D881B5
SymUnloadModule64, xrefs: 00D88209
SymLoadModuleExW, xrefs: 00D881F9

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileLibraryLoadModuleName$Version
String ID: ,M$SymCleanup$SymEnumLinesW$SymEnumSymbolsW$SymGetModuleInfoW64$SymInitializeW$SymLoadModuleExW$SymUnloadModule64$dbghelp.dll$dbghelp.dll
API String ID: 562993773-350854419
Opcode ID: ee37796d05a842c8032218baee76d3a849b0da4a4b17d0983716b37cb7888409
Instruction ID: a23bb2006b8c508052c5bcf2d6f54b88dafe1b8723b508595359aba547489996
Opcode Fuzzy Hash: ee37796d05a842c8032218baee76d3a849b0da4a4b17d0983716b37cb7888409
Instruction Fuzzy Hash: BD51B174A44308EFDB50FBA5EC85BAE73A9EB46300F500266E100A32A2DF709D49DF74

Function 00D92F98 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 102threadwindowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll,GetCursorInfo), ref: 00D92FC0

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

GetCursorPos.USER32(?), ref: 00D92FDF
WindowFromPoint.USER32(?,?,00000000,user32.dll,GetCursorInfo), ref: 00D92FEE
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00D92FFA
GetCurrentThreadId.KERNEL32 ref: 00D9300C
AttachThreadInput.USER32(00000000,00000000,000000FF,?,?,00000000,user32.dll,GetCursorInfo), ref: 00D93012
GetCursor.USER32(?,?,00000000,user32.dll,GetCursorInfo), ref: 00D93017
GetCurrentThreadId.KERNEL32 ref: 00D93026
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,00000000,user32.dll,GetCursorInfo), ref: 00D9302C
GetIconInfo.USER32(?,?), ref: 00D93043
DeleteObject.GDI32(?), ref: 00D93054
DeleteObject.GDI32(?), ref: 00D93061
DrawIconEx.USER32(?,?,?,?,00000000,00000000,00000000,00000000,00000003), ref: 00D93095

Strings

GetCursorInfo, xrefs: 00D92FB6
user32.dll, xrefs: 00D92FBB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Thread$AttachCurrentCursorDeleteIconInputObjectWindow$AddressDrawFromHandleInfoModulePointProcProcess
String ID: GetCursorInfo$user32.dll
API String ID: 1841342172-4002949112
Opcode ID: 49331373489bd9d666295a77e57ab6f5c1e6c594ccecba272356783fd9801a03
Instruction ID: 49be8eb022a9220d0fa336fd336a7775a2318c697d31e2be5713cde1cf67ecc0
Opcode Fuzzy Hash: 49331373489bd9d666295a77e57ab6f5c1e6c594ccecba272356783fd9801a03
Instruction Fuzzy Hash: C2310C71F0030A6BDF20EEF9DD85BAEB7ADAF08340F144164B604B7186DA74DA408771

Function 00DEEB78 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 99COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00DEEBA6
GetModuleHandleW.KERNEL32(kernelbase.dll), ref: 00DEEBBB
GetModuleHandleW.KERNEL32(kernel32.dll,kernelbase.dll), ref: 00DEEBCB
GetModuleHandleW.KERNEL32(kernel32.dll,CreateThread,00E48ED8,00E48ED4,00E48ED0,00E48ECC,00E5418C,00000000,CreateRemoteThread,00000000,CreateRemoteThreadEx,kernelbase.dll), ref: 00DEEC13
GetModuleHandleW.KERNEL32(kernel32.dll,CreateThread,00E48ED8,00E48ED4,00E48ED0,00E48ECC,00E54190,00000000,CreateRemoteThreadEx,kernelbase.dll), ref: 00DEEC55
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,Function_0008E9C8,00E48EC4), ref: 00DEECB7
FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,Function_0008E9C8,00E48EC4), ref: 00DEECBD

Strings

CreateRemoteThreadEx, xrefs: 00DEEBD2
QueueUserWorkItem, xrefs: 00DEECA4
kernel32.dll, xrefs: 00DEEC8C, 00DEECA9
CreateThread, xrefs: 00DEEC87
CreateThread, xrefs: 00DEEC09, 00DEEC4B
CreateRemoteThread, xrefs: 00DEEBE3
kernelbase.dll, xrefs: 00DEEBB6
kernel32.dll, xrefs: 00DEEBC6, 00DEEC0E, 00DEEC50

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessVersion
String ID: CreateRemoteThread$CreateRemoteThreadEx$CreateThread$CreateThread$QueueUserWorkItem$kernel32.dll$kernel32.dll$kernelbase.dll
API String ID: 1150045806-1138866079
Opcode ID: 667a2832e765b6209ffec7fdb417fea42f3be9489a0d640d09b55a6789147706
Instruction ID: 3532386f566957bd6a02e720c7f26ffe4fe1ce425b003c1cd3b43baccf59db53
Opcode Fuzzy Hash: 667a2832e765b6209ffec7fdb417fea42f3be9489a0d640d09b55a6789147706
Instruction Fuzzy Hash: D621AE64B803D52AD761B2B33E13B3F2B868B61B44F292825F445BB2C7CD908C094676

Function 00D73370 Relevance: 25.7, APIs: 17, Instructions: 213windowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D735DF), ref: 00D733AB
FindResourceW.KERNEL32(?,00000000,00000002,00000000,00D735DF), ref: 00D733C2
FindResourceA.KERNEL32(?,00000000,00000002), ref: 00D733E6
SizeofResource.KERNEL32(?,00000000,?,00000000,00000002,00000000,00D735DF), ref: 00D733F7
LoadResource.KERNEL32(?,00000000,?,00000000,?,00000000,00000002,00000000,00D735DF), ref: 00D73412
LockResource.KERNEL32(00000000), ref: 00D7343D
FreeResource.KERNEL32(00000000,00000000), ref: 00D73472
GetSysColor.USER32(0000000F), ref: 00D73479
CreateCompatibleDC.GDI32(00000000), ref: 00D7352B
CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 00D7354E
GdiFlush.GDI32(00000000,00000000), ref: 00D7355F
GdiFlush.GDI32(00000000,00000000), ref: 00D73579
SelectObject.GDI32(00000000,00000000), ref: 00D73580
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00D7359C
SelectObject.GDI32(00000000,?), ref: 00D735A6
DeleteObject.GDI32(00000000), ref: 00D735AC
DeleteDC.GDI32(00000000), ref: 00D735B6

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$Object$CreateDeleteFindFlushSelect$ColorCompatibleFreeLoadLockSectionSizeofVersion
String ID:
API String ID: 893730647-0
Opcode ID: f42601513a7a3ab2d6d0b1fc62bb330b368dee47858f47cb210df7eb6587ff1c
Instruction ID: 292c77a5a97cdce6cd941e06294a9415644ac8ef4d56f2c32379dc7f7e076221
Opcode Fuzzy Hash: f42601513a7a3ab2d6d0b1fc62bb330b368dee47858f47cb210df7eb6587ff1c
Instruction Fuzzy Hash: D4610971F005096BDB15EB68CC52BBEB6AAEF89300F198135F804EB385DA749E0197F4

Function 00DB5A04 Relevance: 25.0, APIs: 6, Strings: 8, Instructions: 493memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(cc32220mt.dll,00000000,00DB61D4,?,?,?,?,00000022,00000000,00000000), ref: 00DB5A62
GetModuleHandleW.KERNEL32(cc32220.dll,cc32220mt.dll,00000000,00DB61D4,?,?,?,?,00000022,00000000,00000000), ref: 00DB5A72
VirtualProtect.KERNEL32(?,?,00000040,?), ref: 00DB6166
VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?), ref: 00DB618E
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,___VCL_clear_EH,00000000,___terminatePTR,00000000,_malloc,00000000,@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1,00000000,____ExceptionHandler,cc32220mt.dll,00000000,00DB61D4), ref: 00DB6197
FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,___VCL_clear_EH,00000000,___terminatePTR,00000000,_malloc,00000000,@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1,00000000,____ExceptionHandler,cc32220mt.dll,00000000,00DB61D4), ref: 00DB619D

Strings

_malloc, xrefs: 00DB5A99
@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1, xrefs: 00DB5A89
____ExceptionHandler, xrefs: 00DB5A79
cc32220.dll, xrefs: 00DB5A6D
___terminatePTR, xrefs: 00DB5AA9
4P, xrefs: 00DB5B06
cc32220mt.dll, xrefs: 00DB5A5D
___VCL_clear_EH, xrefs: 00DB5AB9

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModuleProtectVirtual$CacheCurrentFlushInstructionProcess
String ID: 4P$@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1$___VCL_clear_EH$____ExceptionHandler$___terminatePTR$_malloc$cc32220.dll$cc32220mt.dll
API String ID: 2904972074-1295998363
Opcode ID: 46684759ab4ef094874ebaf407d4a8f1ca5240b79374c9317794a882267752fc
Instruction ID: bff895f401802cbd6be000cfec8670ae30994ef1b3a64f9fe54af2ee57098ff6
Opcode Fuzzy Hash: 46684759ab4ef094874ebaf407d4a8f1ca5240b79374c9317794a882267752fc
Instruction Fuzzy Hash: DA226035A00628CFCB20DF68DC85BD9B3B5FB45314F0481A5E40AA7255DB78AE8ACF71

Function 00DDF358 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 349windowCOMMON

Download Yara Rule

APIs

InitCommonControls.COMCTL32(00000000,00DDF805,?,00D6FE5C,?,?,00DDFE9B,?,?,?,?,?,?,00000000,00000000), ref: 00DDF38A

Part of subcall function 00DDF30C: GetClientRect.USER32(?,?), ref: 00DDF31D
Part of subcall function 00DDF30C: SendMessageA.USER32(?,00001328,00000000,?), ref: 00DDF334
Part of subcall function 00DDF30C: InflateRect.USER32(?,000000FD,000000FD), ref: 00DDF344

SendMessageA.USER32(00DDC5E9,00000030,?,00000000), ref: 00DDF446
SendMessageA.USER32(00DDC5E9,00001003,00000001,?), ref: 00DDF463
GetVersion.KERNEL32(00DDC5E9,00001003,00000001,?,00DDC5E9,00000030,?,00000000,00000000,00DDF805,?,00D6FE5C,?,?,00DDFE9B), ref: 00DDF4C0
SendMessageW.USER32(00DDC5E9,00001061,00000000,00000007), ref: 00DDF4F4
SendMessageA.USER32(00DDC5E9,0000101B,00000000,00000007), ref: 00DDF533
GetVersion.KERNEL32 ref: 00DDF6D8
SendMessageW.USER32(00DDC5E9,0000104D,00000000,00000001), ref: 00DDF707
SendMessageW.USER32(00DDC5E9,0000104C,00000000,00000001), ref: 00DDF720
SendMessageA.USER32(00DDC5E9,00001007,00000000,00000001), ref: 00DDF75A
SendMessageA.USER32(00DDC5E9,00001006,00000000,00000001), ref: 00DDF773
SendMessageA.USER32(00DDC5E9,0000101E,00000000,000000FF), ref: 00DDF7BF
ShowWindow.USER32(00DDC5E9,00000005,00DDC5E9,00001003,00000001,?,00DDC5E9,00000030,?,00000000,00000000,00DDF805,?,00D6FE5C,?), ref: 00DDF7D2

Strings

SysListView32, xrefs: 00DDF414

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MessageSend$RectVersion$ClientCommonControlsInflateInitShowWindow
String ID: SysListView32
API String ID: 3922575636-78025650
Opcode ID: 1f1cbe5c36563c01cc6b1c8ba2cb1c14ab4c88cec22510b4c2f77f89660f59e7
Instruction ID: c15ad90c4cf088fe79d5899c61f1433debab8815dfcec1a92626746fd7c02171
Opcode Fuzzy Hash: 1f1cbe5c36563c01cc6b1c8ba2cb1c14ab4c88cec22510b4c2f77f89660f59e7
Instruction Fuzzy Hash: DFE1EA74A04209AFDB10DF98C985FAEB7B5FF08300F6481A6E945AB391D774AE45CB70

Function 00D87C9C Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 329fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D8806A,?,?,00D6F660,00000000), ref: 00D87CD2
CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00D8806A,?,?,00D6F660,00000000), ref: 00D87CF5
CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00D8806A,?,?,00D6F660,00000000), ref: 00D87D25
CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00D8806A), ref: 00D87D40
MapViewOfFile.KERNEL32(?,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003), ref: 00D87D5E
GetFileSize.KERNEL32(00000000,00000000,?,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001), ref: 00D87D70
GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,?,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 00D87D7D
GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,?,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 00D87DB9
UnmapViewOfFile.KERNEL32(00000000,00000000,00000000,?,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000), ref: 00D88022
CloseHandle.KERNEL32(?,?,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000), ref: 00D8802B
CloseHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00D8806A), ref: 00D88031

Strings

,M, xrefs: 00D87E33
<M, xrefs: 00D87F76
JDBG, xrefs: 00D87D89

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$CreateSize$CloseHandleView$MappingUnmapVersion
String ID: ,M$<M$JDBG
API String ID: 2900297216-2232017922
Opcode ID: 76d847c4966156778c6b0e1539ccb79b059d811e651dfa8e5da807fb336c96c1
Instruction ID: fa2d45b107b711a78f902c5dbe3860909312b59aee916ac03d39275203a03945
Opcode Fuzzy Hash: 76d847c4966156778c6b0e1539ccb79b059d811e651dfa8e5da807fb336c96c1
Instruction Fuzzy Hash: B6D10834A04209AFDB10EFA8D981BDDB7F6EF48314F248555F905AB291DA70ED45CBB0

Function 00DDB2F0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 234windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D6DF18: GetWindowLongW.USER32(00000000,FFFFFFEC), ref: 00D6DF1A

FindResourceA.KERNEL32(?,00000000,00000002), ref: 00DDB370
SizeofResource.KERNEL32(?,00000000,?,00000000,00000002,00000000,00DDB5A9), ref: 00DDB381
LoadResource.KERNEL32(?,00000000,?,00000000,?,00000000,00000002,00000000,00DDB5A9), ref: 00DDB39C
LockResource.KERNEL32(00000000), ref: 00DDB3C8
CreateCompatibleDC.GDI32(00000000), ref: 00DDB4E9
CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 00DDB50C
GdiFlush.GDI32(00000000,?,00000000,?,00000000,00000000,00000000,00000000), ref: 00DDB51D
GdiFlush.GDI32(00000000,?,00000000,?,00000000,00000000,00000000,00000000), ref: 00DDB537
SelectObject.GDI32(00000000,00000000), ref: 00DDB53E
BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 00DDB55E
SelectObject.GDI32(00000000,?), ref: 00DDB568
DeleteObject.GDI32(00000000), ref: 00DDB56E
DeleteDC.GDI32(00000000), ref: 00DDB578

Strings

mei, xrefs: 00DDB356

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$Object$CreateDeleteFlushSelect$CompatibleFindLoadLockLongSectionSizeofWindow
String ID: mei
API String ID: 802138125-2477442943
Opcode ID: d15e9999f998dcaefcb5b0f968ab48228e970956d669b78220079e25df566b68
Instruction ID: 8829becd4da6ed0fd58d3efc792b363805d1205b6732cc3606e89db236803c33
Opcode Fuzzy Hash: d15e9999f998dcaefcb5b0f968ab48228e970956d669b78220079e25df566b68
Instruction Fuzzy Hash: 8D815171B002099BDB04DFA9DC81BAEB7BAEF88314F158136A805E7356DB74D9458BB0

Function 00DF3188 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 195libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(setupapi.dll,00000000,00DF3409,?,?,?,?,00000009,00000000,00000000), ref: 00DF31AE
FreeLibrary.KERNEL32(00000000,00000000,SetupDiGetDeviceRegistryPropertyW,00000000,SetupDiEnumDeviceInfo,00000000,SetupDiDestroyDeviceInfoList,00000000,SetupDiGetClassDevsW,setupapi.dll,00000000,00DF3409), ref: 00DF33DC

Part of subcall function 00DF30F0: LocalAlloc.KERNEL32(00000040,00000000,?,?,00000000,00000000,?), ref: 00DF3140
Part of subcall function 00DF30F0: LocalFree.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000040,00000000,?,?,00000000,00000000,?), ref: 00DF3179

Part of subcall function 00DB2C70: GetVersion.KERNEL32(00000000,00DB2E2B,?,?,?,00000000), ref: 00DB2CA3
Part of subcall function 00DB2C70: RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020019,?,00000000,00DB2E2B,?,?,?,00000000), ref: 00DB2CC7
Part of subcall function 00DB2C70: RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B,?,?,?), ref: 00DB2CF2
Part of subcall function 00DB2C70: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B), ref: 00DB2D0F
Part of subcall function 00DB2C70: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000), ref: 00DB2D26
Part of subcall function 00DB2C70: LocalFree.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002), ref: 00DB2D39
Part of subcall function 00DB2C70: RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B), ref: 00DB2D42

Strings

setupapi.dll, xrefs: 00DF31A9
Unknown, xrefs: 00DF3286
sw\, xrefs: 00DF32B4
SetupDiEnumDeviceInfo, xrefs: 00DF31D8
<M, xrefs: 00DF32A9
SetupDiDestroyDeviceInfoList, xrefs: 00DF31CA
SetupDiGetDeviceRegistryPropertyW, xrefs: 00DF31E5
LegacyDriver, xrefs: 00DF3273
SetupDiGetClassDevsW, xrefs: 00DF31BD
Characteristics, xrefs: 00DF3386
System\CurrentControlSet\Control\Class\, xrefs: 00DF32E7, 00DF3378
Volume, xrefs: 00DF3299

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$Free$AllocLibraryQueryValue$CloseLoadOpenVersion
String ID: <M$Characteristics$LegacyDriver$SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsW$SetupDiGetDeviceRegistryPropertyW$System\CurrentControlSet\Control\Class\$Unknown$Volume$setupapi.dll$sw\
API String ID: 490677372-4008625493
Opcode ID: 7b8a4e42df3533b82221d833ac8dd5db787c5691f72560f3d17cd4e059bea737
Instruction ID: 1e64b60d3af019c375955f9b29fdba7c7eaa7220d33c0b2c88df2a102e3a2c8a
Opcode Fuzzy Hash: 7b8a4e42df3533b82221d833ac8dd5db787c5691f72560f3d17cd4e059bea737
Instruction Fuzzy Hash: CC614C31A0020C9BDB10EBE8D881BEEB7F9EF48314F16C125F605A7285DE74AE458B74

Function 00DF00A0 Relevance: 24.2, APIs: 16, Instructions: 181filewindowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DF0300), ref: 00DF00D8
GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00DF0300), ref: 00DF00F1
CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000,00DF0300), ref: 00DF010C
GetModuleFileNameA.KERNEL32(?,?,00000104,00000000,00DF0300), ref: 00DF0122
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000,00DF0300), ref: 00DF013D
CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104), ref: 00DF0158
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000003,00000000,00000003), ref: 00DF0170
GetFileSize.KERNEL32(00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000003), ref: 00DF01AE
UnmapViewOfFile.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000003,00000000), ref: 00DF01F1
CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000003,00000000), ref: 00DF01F7
CloseHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000003,00000000,00000003,00000000,00000000,?,?), ref: 00DF01FD
GetVersion.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000,00DF0300), ref: 00DF020A
MessageBoxW.USER32(00000000,00000000,?,?), ref: 00DF023B
MessageBoxA.USER32(00000000,00000000,?,?), ref: 00DF027D
GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,?,00000104,00000000,00DF0300), ref: 00DF0284

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$CreateHandleModule$CloseMessageNameVersionView$MappingSizeUnmap
String ID:
API String ID: 2886986497-0
Opcode ID: 7ee1df1e7c2508ed9799a3f73e4cb9d14fee569147af716cf69c8f6d22f9cf7c
Instruction ID: c8fba31316569715ce6624bfec5224ff45aedeca87025fa27d4b7076bfff594e
Opcode Fuzzy Hash: 7ee1df1e7c2508ed9799a3f73e4cb9d14fee569147af716cf69c8f6d22f9cf7c
Instruction Fuzzy Hash: 91615034A4020CAFE720EBA4DC4AF9D77B5EF45700F1581A5F604BB2D2DA70AE458A75

Function 00DCA470 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 216libraryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DCA73D,?,?,?,?,00000007,00000000,00000000), ref: 00DCA4BB
LoadLibraryW.KERNEL32(IpHlpApi.dll,00000000,00DCA73D,?,?,?,?,00000007,00000000,00000000), ref: 00DCA5EA

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

FreeLibrary.KERNEL32(00000000,00000000,GetNetworkParams,IpHlpApi.dll,00000000,00DCA73D,?,?,?,?,00000007,00000000,00000000), ref: 00DCA6F7

Strings

DhcpNameServer, xrefs: 00DCA4F7
Tcpip\Parameters, xrefs: 00DCA4CA
L, xrefs: 00DCA5B9
GetNetworkParams, xrefs: 00DCA5F9
VxD\MSTCP, xrefs: 00DCA4D9
, xrefs: 00DCA575
System\CurrentControlSet\Services\, xrefs: 00DCA4E9
IpHlpApi.dll, xrefs: 00DCA5E5
NameServer, xrefs: 00DCA523
L, xrefs: 00DCA579

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Library$AddressFreeLoadProcVersion
String ID: $DhcpNameServer$GetNetworkParams$IpHlpApi.dll$NameServer$System\CurrentControlSet\Services\$Tcpip\Parameters$VxD\MSTCP$L$L
API String ID: 493525861-2465379459
Opcode ID: 88533f7f57b6759c20fdb675749005498ef8f58637c88b47971ba793489f53fd
Instruction ID: 85fe025638e09b807d92fa61b3b88b9f1ac646d1fd9a25205e69f920c39eda8a
Opcode Fuzzy Hash: 88533f7f57b6759c20fdb675749005498ef8f58637c88b47971ba793489f53fd
Instruction Fuzzy Hash: 3B816174A0410E9FDB10EB98C891FAEB7B9EF44308F144169E405A7395DB74AE46CBB2

Function 00DB79E4 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 134filememorywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB7918: GetCurrentProcessId.KERNEL32(?,00000000,00DB799E,?,00000000), ref: 00DB7944
Part of subcall function 00DB7918: WaitForSingleObject.KERNEL32(00000000,000000FF,00DC7BF0,00000000,00000000,?,00000000,00DB799E,?,00000000), ref: 00DB797E

Part of subcall function 00DB3164: GetModuleHandleA.KERNEL32(advapi32.dll,SetEntriesInAclA), ref: 00DB318F
Part of subcall function 00DB3164: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DB31F9
Part of subcall function 00DB3164: InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,advapi32.dll,SetEntriesInAclA), ref: 00DB32B8

GetCurrentProcessId.KERNEL32(00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98,?,00DC7BF0,00DC7BF0,00000000), ref: 00DB7A3F
OpenFileMappingA.KERNEL32(00000006,00000000,00000000), ref: 00DB7A6D
GetCurrentProcessId.KERNEL32(?,00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98,?,00DC7BF0,00DC7BF0,00000000), ref: 00DB7A81
CreateFileMappingA.KERNEL32(000000FF,00DC77AA,00000004,00000000,00000004,00000000), ref: 00DB7AB7
MessageBoxA.USER32(00000000,internal error (opening settings buffer),madExcept,00000000), ref: 00DB7AD2
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98,?,00DC7BF0,00DC7BF0,00000000), ref: 00DB7AE9
VirtualAlloc.KERNEL32(00000000,00000028,00001000,00000004,00000000,000F001F,00000000,00000000,00000000,00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98), ref: 00DB7AFB
InitializeCriticalSection.KERNEL32(-00000008,00000000,00000028,00001000,00000004,00000000,000F001F,00000000,00000000,00000000,00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98), ref: 00DB7B19
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98,?,00DC7BF0,00DC7BF0,00000000), ref: 00DB7B2C
CloseHandle.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,00DC7BF0,00000000,00DB7B76,?,00000000,00DB7B98,?,00DC7BF0,00DC7BF0,00000000), ref: 00DB7B34

Strings

madExcept, xrefs: 00DB7AC6
madExceptSettingsBuf2, xrefs: 00DB7A56, 00DB7A98
internal error (opening settings buffer), xrefs: 00DB7ACB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentFileProcess$HandleInitializeMappingView$AllocCloseCreateCriticalDescriptorMessageModuleObjectOpenSectionSecuritySingleVirtualWait
String ID: internal error (opening settings buffer)$madExcept$madExceptSettingsBuf2
API String ID: 2700174819-900549878
Opcode ID: a88648b9ad469fd7c9e39f02c2a47613846504b763098f3d6e958b40f2858350
Instruction ID: e788386bd4bc551edc0bf576716b182b8711ff5dd77001b2e0ba74a8cdb8c496
Opcode Fuzzy Hash: a88648b9ad469fd7c9e39f02c2a47613846504b763098f3d6e958b40f2858350
Instruction Fuzzy Hash: 4741A270B48348AFEB10EBA9DC42FAE77A5EF89B10F104425F505BB2D1DA7098059B78

Function 00D934C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll,SetThreadDpiAwarenessContext,00000000,00D935D2), ref: 00D934F4

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00D9351A
GetSystemMetrics.USER32(00000050), ref: 00D9352B
GetSystemMetrics.USER32(0000004C), ref: 00D93536
GetSystemMetrics.USER32(0000004D), ref: 00D93540
GetSystemMetrics.USER32(0000004E), ref: 00D9354A
GetSystemMetrics.USER32(0000004F), ref: 00D93554
GetDeviceCaps.GDI32(00000000,00000008), ref: 00D9356B
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00D93576
DeleteDC.GDI32(00000000), ref: 00D935B0

Strings

DISPLAY, xrefs: 00D93515
user32.dll, xrefs: 00D934EF
SetThreadDpiAwarenessContext, xrefs: 00D934EA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MetricsSystem$CapsDevice$AddressCreateDeleteHandleModuleProc
String ID: DISPLAY$SetThreadDpiAwarenessContext$user32.dll
API String ID: 4225280107-486779596
Opcode ID: 641912badc6644e5b43670ecbc01bb30d900a0003e8d763177d0643e74dd4a9a
Instruction ID: ee076268477658fc8af61b79504eea209cd17dffabf5298c0652eeb7259fceee
Opcode Fuzzy Hash: 641912badc6644e5b43670ecbc01bb30d900a0003e8d763177d0643e74dd4a9a
Instruction Fuzzy Hash: 08314CB0E043496FDB40EBB49C42BAFBAB9EF49700F114126F515F62C1EA749A058B75

Function 00DF2590 Relevance: 22.6, APIs: 15, Instructions: 116filethreadCOMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(-0000000C), ref: 00DF25FA
GetCurrentThreadId.KERNEL32 ref: 00DF2609

Part of subcall function 00DB3ADC: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3B22
Part of subcall function 00DB3ADC: LocalSize.KERNEL32(00000000), ref: 00DB3B8F
Part of subcall function 00DB3ADC: LocalSize.KERNEL32(00000000), ref: 00DB3BC3
Part of subcall function 00DB3ADC: LocalFree.KERNEL32(00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BDD
Part of subcall function 00DB3ADC: LocalSize.KERNEL32(00000000), ref: 00DB3BE9
Part of subcall function 00DB3ADC: LocalFree.KERNEL32(00000000,00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BF7
Part of subcall function 00DB3ADC: LocalFree.KERNEL32(00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BFD

CloseHandle.KERNEL32(?,00000000,00000000,00000000,-0000000C), ref: 00DF2620
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,-0000000C), ref: 00DF262D
CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,-0000000C), ref: 00DF263B
UnmapViewOfFile.KERNEL32(00000000,-0000000C), ref: 00DF2646
SetEvent.KERNEL32(00000000), ref: 00DF2669
CloseHandle.KERNEL32(00000000,00000000), ref: 00DF266F
SetEvent.KERNEL32(00000000), ref: 00DF268B
CloseHandle.KERNEL32(00000000,00000000), ref: 00DF2691
DeleteCriticalSection.KERNEL32(00000000), ref: 00DF26AD
DeleteCriticalSection.KERNEL32(00000000), ref: 00DF26D5
DeleteCriticalSection.KERNEL32(00000000), ref: 00DF26F8
DeleteCriticalSection.KERNEL32(00E54154), ref: 00DF271C
DeleteCriticalSection.KERNEL32(00E5416C,00E54154), ref: 00DF2726

Part of subcall function 00DEF5C0: SetUnhandledExceptionFilter.KERNEL32(FFFFFFFF,00DF25A8), ref: 00DEF5CF

Part of subcall function 00DE5F18: EnterCriticalSection.KERNEL32(00E5416C,?,?,?,00DF25BB,00000000,00DF25C5), ref: 00DE5F2A
Part of subcall function 00DE5F18: VirtualFree.KERNEL32(?,00000000,00008000,00E5416C,?,?,?,00DF25BB,00000000,00DF25C5), ref: 00DE5F55
Part of subcall function 00DE5F18: LeaveCriticalSection.KERNEL32(00E5416C,00E5416C,?,?,?,00DF25BB,00000000,00DF25C5), ref: 00DE5F70

Part of subcall function 00DC2B74: SetEvent.KERNEL32(00000000,?,00DF25D4), ref: 00DC2B90
Part of subcall function 00DC2B74: CloseHandle.KERNEL32(00000000,00000000,?,00DF25D4), ref: 00DC2B96
Part of subcall function 00DC2B74: SetEvent.KERNEL32(00000000,00000000,00000000,?,00DF25D4), ref: 00DC2BB2
Part of subcall function 00DC2B74: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,?,00DF25D4), ref: 00DC2BB8
Part of subcall function 00DC2B74: WaitForSingleObject.KERNEL32(00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2BE0
Part of subcall function 00DC2B74: TerminateThread.KERNEL32(00000000,00000000,00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2BF1
Part of subcall function 00DC2B74: LocalFree.KERNEL32(00000000,00000000,00000000,00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2C05
Part of subcall function 00DC2B74: CloseHandle.KERNEL32(00000000,00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2C17

Part of subcall function 00DEF040: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00DF25D9), ref: 00DEF0A0
Part of subcall function 00DEF040: FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00DF25D9), ref: 00DEF0A6

Part of subcall function 00DEEDD4: VirtualProtect.KERNEL32(00000000,00000004,00000040,?,?,00DF25DE), ref: 00DEEDF0
Part of subcall function 00DEEDD4: VirtualProtect.KERNEL32(00000000,00000004,?,?,00000000,00000004,00000040,?,?,00DF25DE), ref: 00DEEE14
Part of subcall function 00DEEDD4: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,?,00DF25DE), ref: 00DEEE89
Part of subcall function 00DEEDD4: FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00DF25DE), ref: 00DEEE8F

Part of subcall function 00DE4300: ResumeThread.KERNEL32(00000000,00DF25E8), ref: 00DE4320
Part of subcall function 00DE4300: WriteFile.KERNEL32(00000000,?,00000090,?,00000000,00000000,00DF25E8), ref: 00DE4355
Part of subcall function 00DE4300: CloseHandle.KERNEL32(00000000,00000000,?,00000090,?,00000000,00000000,00DF25E8), ref: 00DE4360
Part of subcall function 00DE4300: WaitForSingleObject.KERNEL32(00000000,000001F4,00000000,00000000,?,00000090,?,00000000,00000000,00DF25E8), ref: 00DE4370
Part of subcall function 00DE4300: SetEvent.KERNEL32(00000000,00000000,00000000,00DF25E8), ref: 00DE4391
Part of subcall function 00DE4300: CloseHandle.KERNEL32(00000000,00000000,00000000,00DF25E8), ref: 00DE43A5
Part of subcall function 00DE4300: WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43B9
Part of subcall function 00DE4300: TerminateThread.KERNEL32(00000000,00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43CA
Part of subcall function 00DE4300: LocalFree.KERNEL32(00000000,00000000,00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43DE
Part of subcall function 00DE4300: SetEvent.KERNEL32(00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43F2
Part of subcall function 00DE4300: CloseHandle.KERNEL32(00000000,00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43FD
Part of subcall function 00DE4300: CloseHandle.KERNEL32(00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE4416

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseHandle$Local$CriticalSection$EventFree$Delete$ObjectSingleThreadWait$CurrentSizeVirtual$CacheFileFlushInstructionProcessProtectTerminate$DecrementEnterExceptionFilterInterlockedLeaveResumeUnhandledUnmapViewWrite
String ID:
API String ID: 5865534-0
Opcode ID: 02ead5fea6784112ae7fb023d035c8baca0bd4d9307a0c365f5fc429e04cdbbe
Instruction ID: 0dc6b92f91c2b8bb0dd2a5cfd7cf80d506d32ad73bb35e35b5ea5321d8a21e6c
Opcode Fuzzy Hash: 02ead5fea6784112ae7fb023d035c8baca0bd4d9307a0c365f5fc429e04cdbbe
Instruction Fuzzy Hash: 51416178A013409FD344FBBAFE86B2D33E9EB26341F054825B505E71A2DE388849CB31

Function 00E063BC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 231libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00E066A8), ref: 00E0645E
GetProcAddress.KERNEL32(00000000,00000000), ref: 00E06464
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E064C6

Part of subcall function 00E061BC: OpenProcessToken.ADVAPI32(00000000,00000008), ref: 00E061CC
Part of subcall function 00E061BC: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,00000000,00000008), ref: 00E061EB
Part of subcall function 00E061BC: LocalAlloc.KERNEL32(00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E061F9
Part of subcall function 00E061BC: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000008,00000008,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E06216
Part of subcall function 00E061BC: CloseHandle.KERNEL32(00000000,00000000,?,TokenIntegrityLevel,00000008,00000008,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E0622F

Part of subcall function 00E0617C: GetVersion.KERNEL32(00E0665B,00000000,00E066A8), ref: 00E06185
Part of subcall function 00E0617C: GetVersion.KERNEL32(00E0665B,00000000,00E066A8), ref: 00E0618E
Part of subcall function 00E0617C: GetVersion.KERNEL32(00E0665B,00000000,00E066A8), ref: 00E06197

InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06605
SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06613
FreeSid.ADVAPI32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06622
FreeSid.ADVAPI32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06631
FreeSid.ADVAPI32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06640
LocalFree.KERNEL32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E0664F

Part of subcall function 00D6D4FC: AllocateAndInitializeSid.ADVAPI32(00E48558,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DC7BF0,?,00DB31C5,00000000,00000000), ref: 00D6D523

InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,00E066A8), ref: 00E0666B
SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,00000000,00000000,?,00000001,00000000,00E066A8), ref: 00E06677

Strings

H\, xrefs: 00E06448

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: DescriptorFreeSecurity$InitializeTokenVersion$DaclHandleInformationLocalProcess$AddressAllocAllocateCloseCurrentModuleOpenProc
String ID: H\
API String ID: 199522504-1531559508
Opcode ID: 6aa99d4991cf5794adaa14d4cf2a5618769fe3e7d8d945bc42dc9c6b571d6e4a
Instruction ID: 9ca62fce947ac89a9515e191a16b4ae62bf8fc9358eb09790f2b550ba3f007d9
Opcode Fuzzy Hash: 6aa99d4991cf5794adaa14d4cf2a5618769fe3e7d8d945bc42dc9c6b571d6e4a
Instruction Fuzzy Hash: 1B8118B0E002099FEB50DFA8D856BEEBBF9AF09304F104565E508F7282D7759A85CB61

Function 00D95204 Relevance: 21.2, APIs: 14, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 00D94EDC: CreateFontA.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00D94F18
Part of subcall function 00D94EDC: CreateFontA.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,MS Sans Serif), ref: 00D94F3E

SelectObject.GDI32(?,?), ref: 00D95252
GetVersion.KERNEL32(?,?,00000000,00D95410), ref: 00D95262
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00D95286
GetTextExtentPoint32A.GDI32(?,00000000,00000000,?), ref: 00D952CB
SetBkMode.GDI32(?,00000001), ref: 00D952FD
SetTextColor.GDI32(?,?), ref: 00D9530A
SetTextColor.GDI32(?,00FFFFFF), ref: 00D9531E
TextOutW.GDI32(?,?,?,00000000,00000000,?,00FFFFFF,?,?,00000000,00D95410), ref: 00D95351
SetTextColor.GDI32(?,?), ref: 00D9536A
GetVersion.KERNEL32(?,?,00000000,00D95410), ref: 00D9536F
TextOutW.GDI32(?,?,?,00000000,00000000,?,?,00000000,00D95410), ref: 00D95397
TextOutA.GDI32(?,?,?,00000000,00000000), ref: 00D953DA
SelectObject.GDI32(?,00000000), ref: 00D953E7
DeleteObject.GDI32(?), ref: 00D953F0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Text$ColorObject$CreateExtentFontPoint32SelectVersion$DeleteMode
String ID:
API String ID: 3751506751-0
Opcode ID: 1a1214c6efc7c5fa9796a3d79b34d4fe93fbbcd6e886abbf8aab91ed64ff74c3
Instruction ID: 4ebd4624edb58876476a166615191b6c36576a6a5562b92a144273ec25780f28
Opcode Fuzzy Hash: 1a1214c6efc7c5fa9796a3d79b34d4fe93fbbcd6e886abbf8aab91ed64ff74c3
Instruction Fuzzy Hash: 3A51F7B5E00609AFCF51EFE9D881AAEB7F9EF18310F144565F918E3241CA34AE019B70

Function 00D9927C Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 136windowregistryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 00D992C0
GetVersion.KERNEL32(00000000,00007F00,00000000,00D9943D), ref: 00D992C8
RegisterClassW.USER32(000000C0), ref: 00D992E8

Part of subcall function 00D6E1BC: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D6E1FB

RegisterClassA.USER32(000000C0), ref: 00D9934D
GetSystemMenu.USER32(?,00000000,000000C0,00000000,00007F00,00000000,00D9943D), ref: 00D993EC
RemoveMenu.USER32(00000000,0000F020,00000000,?,00000000,000000C0,00000000,00007F00,00000000,00D9943D), ref: 00D993FB
RemoveMenu.USER32(00000000,0000F030,00000000,00000000,0000F020,00000000,?,00000000,000000C0,00000000,00007F00,00000000,00D9943D), ref: 00D99408
RemoveMenu.USER32(00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,?,00000000,000000C0,00000000,00007F00,00000000,00D9943D), ref: 00D99415
RemoveMenu.USER32(00000000,0000F000,00000000,00000000,0000F120,00000000,00000000,0000F030,00000000,00000000,0000F020,00000000,?,00000000,000000C0,00000000), ref: 00D99422

Strings

madNVAssistantWnd, xrefs: 00D992DC
MZP, xrefs: 00D9930E, 00D99373
madNVAssistantWnd, xrefs: 00D99341

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Menu$Remove$ClassRegister$CreateCursorLoadSystemVersionWindow
String ID: MZP$madNVAssistantWnd$madNVAssistantWnd
API String ID: 2287988271-3888496203
Opcode ID: a66e907ef41b8db3f79a3b4f0bd4ee626a050a4dcdc2b1619e09c781ee2f8f06
Instruction ID: 1a94094273bbbfb11cda73986838a3bb9506a6d6447239c75f6af99a9feba3f0
Opcode Fuzzy Hash: a66e907ef41b8db3f79a3b4f0bd4ee626a050a4dcdc2b1619e09c781ee2f8f06
Instruction Fuzzy Hash: 19510774B40204AFEB50DF68C986F9EB7E5EB08710F108565F904AB3D1D674E9408BB8

Function 00D9509C Relevance: 21.1, APIs: 14, Instructions: 122COMMON

Download Yara Rule

APIs

CreatePen.GDI32(?,00000001,?), ref: 00D950B6
SelectObject.GDI32(?,?), ref: 00D950C3
SetBkColor.GDI32(?,?), ref: 00D950D0
MoveToEx.GDI32(?,?,?,00000000), ref: 00D950F4
LineTo.GDI32(?,?,?), ref: 00D95109
MoveToEx.GDI32(?,?,?,00000000), ref: 00D95119
LineTo.GDI32(?,?,?), ref: 00D9512C
MoveToEx.GDI32(?,?,?,00000000), ref: 00D9513E
LineTo.GDI32(?,?,?), ref: 00D95152
MoveToEx.GDI32(?,?,?,00000000), ref: 00D95164
LineTo.GDI32(?,?,?), ref: 00D95179
SetBkColor.GDI32(?,?), ref: 00D9518D
SelectObject.GDI32(?,?), ref: 00D95197
DeleteObject.GDI32(?), ref: 00D951A0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LineMove$Object$ColorSelect$CreateDelete
String ID:
API String ID: 1677892028-0
Opcode ID: 772047011522fd7bdd9197919a12afc3dcd8283056a7f1cf4542554f01db7778
Instruction ID: 8c76d101e1ccd8f7c2f18e9ab591aabf58a16a0afc60a0cacc6dc93772d9e9a7
Opcode Fuzzy Hash: 772047011522fd7bdd9197919a12afc3dcd8283056a7f1cf4542554f01db7778
Instruction Fuzzy Hash: 0231C2B1B00209AFDB10EEA9AD85EAF7BADEF44790F004515B919E7246DA34DD108BB0

Function 00E3C588 Relevance: 21.1, APIs: 14, Instructions: 115threadmemoryCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00E3C597
GetFileSecurityW.ADVAPI32(00000000,00000007,00000000,00000000,?), ref: 00E3C5B1
GetLastError.KERNEL32(00000000,00000007,00000000,00000000,?), ref: 00E3C5BE
SetLastError.KERNEL32(00000000,00000000,00000007,00000000,00000000), ref: 00E3C5D8
LocalAlloc.KERNEL32(00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C5EC
GetFileSecurityW.ADVAPI32(00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C610
ImpersonateSelf.ADVAPI32(00000002,00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C61F
GetCurrentThread.KERNEL32 ref: 00E3C635
OpenThreadToken.ADVAPI32(00000000,0000000E,00000000,00000000,00000002,00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000), ref: 00E3C63B
MapGenericMask.ADVAPI32(00000007,00120089,00000000,0000000E,00000000,00000000,00000002,00000000,00000007,00000000,00000000), ref: 00E3C68A
AccessCheck.ADVAPI32(00000000,001200A0,001200A0,00000000,00000000,00120089,00000014,00000000,00000007,00120089,00000000,0000000E,00000000,00000000,00000002,00000000), ref: 00E3C6D1
CloseHandle.KERNEL32(00000000,00000000,001200A0,001200A0,00000000,00000000,00120089,00000014,00000000,00000007,00120089,00000000,0000000E,00000000,00000000,00000002), ref: 00E3C6F0
RevertToSelf.ADVAPI32(00000000,0000000E,00000000,00000000,00000002,00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000), ref: 00E3C6F5
LocalFree.KERNEL32(00000000,00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C6FB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$FileLocalSecuritySelfThread$AccessAllocCheckCloseCurrentFreeGenericHandleImpersonateMaskOpenRevertToken
String ID:
API String ID: 821111340-0
Opcode ID: d508dbe024a8bf106c02a60c74b5e48aeed637b897d30e35e4fbb994fd92abe6
Instruction ID: e65210fad2539ed46babf622b5533fac8b48a7675b70bc5d4f17923b052bad1c
Opcode Fuzzy Hash: d508dbe024a8bf106c02a60c74b5e48aeed637b897d30e35e4fbb994fd92abe6
Instruction Fuzzy Hash: BE417EB1608341ABD700EBA4D946BAFBBDCAF88718F10191EF585E6182DB74D944CB73

Function 00D88098 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 113libraryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D882C2,?,00000000), ref: 00D880D5
GetModuleFileNameW.KERNEL32(00D60000,?,00000104,00000000,00D882C2,?,00000000), ref: 00D880F3
LoadLibraryW.KERNEL32(00000000,?,00000000), ref: 00D88153
GetModuleFileNameA.KERNEL32(00D60000,?,00000104,00000000,00D882C2,?,00000000), ref: 00D8816E
LoadLibraryA.KERNEL32(00000000,?,00000000), ref: 00D881CE

Strings

SymCleanup, xrefs: 00D881E9
,M, xrefs: 00D8810D
SymEnumSymbolsW, xrefs: 00D88229
SymInitializeW, xrefs: 00D881D9
dbghelp.dll, xrefs: 00D8813A
SymGetModuleInfoW64, xrefs: 00D88219
SymEnumLinesW, xrefs: 00D88239
SymUnloadModule64, xrefs: 00D88209
SymLoadModuleExW, xrefs: 00D881F9

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileLibraryLoadModuleName$Version
String ID: ,M$SymCleanup$SymEnumLinesW$SymEnumSymbolsW$SymGetModuleInfoW64$SymInitializeW$SymLoadModuleExW$SymUnloadModule64$dbghelp.dll
API String ID: 562993773-1650989533
Opcode ID: 8f6bcc121b1ae905b2921b2ab1df3a2365ea52498e04016524e30657d7b4832f
Instruction ID: b61341479aa5b84479735c89611212952cea2ee9d524592d5de4179aa1fa16c4
Opcode Fuzzy Hash: 8f6bcc121b1ae905b2921b2ab1df3a2365ea52498e04016524e30657d7b4832f
Instruction Fuzzy Hash: 3841F574A44708EFDB50FB75EC85BA937A8EB46300F950266E140A22A2CF704D49EFB4

Function 00D76BC8 Relevance: 21.1, APIs: 14, Instructions: 87filememoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000000,00000000,00D76DE5,?,00000000,?,00000000,00000000,00000002), ref: 00D76BDC
LocalAlloc.KERNEL32(00000040,00010000,?,00000000,00000000,00D76DE5,?,00000000,?,00000000,00000000,00000002), ref: 00D76BEF
GetModuleFileNameW.KERNEL32(00000000,00000000,00008000,00000040,00010000,?,00000000,00000000,00D76DE5,?,00000000,?,00000000,00000000,00000002), ref: 00D76BFD
CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,00008000,00000040,00010000,?,00000000,00000000,00D76DE5), ref: 00D76C12
LocalAlloc.KERNEL32(00000040,00000105,?,00000000,00000000,00D76DE5,?,00000000,?,00000000,00000000,00000002), ref: 00D76C22
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,00000040,00000105,?,00000000,00000000,00D76DE5,?,00000000,?,00000000,00000000,00000002), ref: 00D76C30
CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,00000104,00000040,00000105,?,00000000,00000000,00D76DE5), ref: 00D76C45
LocalFree.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,00000104,00000040,00000105,?,00000000,00000000), ref: 00D76C4D
GetVersion.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,00000104,00000040,00000105,?,00000000,00000000), ref: 00D76C57
CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00D76C6E
CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00D76C82
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,80000000,00000001,00000000), ref: 00D76C96
CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,80000000,00000001), ref: 00D76C9E
CloseHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00D76CA4

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$Create$Local$AllocCloseHandleMappingModuleNameVersion$FreeView
String ID:
API String ID: 4018463966-0
Opcode ID: fbe1c26d231694f6b686711150684701c992c9204e12a7693c46600598a89d23
Instruction ID: 185fb76951dc497f47e57db0bcac7f195bb981c3e8ec93482bbdd6f646a36242
Opcode Fuzzy Hash: fbe1c26d231694f6b686711150684701c992c9204e12a7693c46600598a89d23
Instruction Fuzzy Hash: 401106A1BC5B153AF63231B56C83F6A244ACB11F60F394524BB89BE0D3E9D4AD4102BD

Function 00DB2C70 Relevance: 19.7, APIs: 13, Instructions: 161registrymemoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DB2E2B,?,?,?,00000000), ref: 00DB2CA3
RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020019,?,00000000,00DB2E2B,?,?,?,00000000), ref: 00DB2CC7
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B,?,?,?), ref: 00DB2CF2
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B), ref: 00DB2D0F
RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000), ref: 00DB2D26
LocalFree.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002), ref: 00DB2D39
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B), ref: 00DB2D42
RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,?,00000000,00DB2E2B,?,?,?,00000000), ref: 00DB2D70
RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B,?,?,?), ref: 00DB2DAB
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B), ref: 00DB2DC8
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000), ref: 00DB2DDF
LocalFree.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,00000000,80000002), ref: 00DB2E02
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000000,80000002,00000000,00000000,00020019,?,00000000,00DB2E2B), ref: 00DB2E0B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LocalQueryValue$AllocCloseFreeOpen$Version
String ID:
API String ID: 582665004-0
Opcode ID: 511323600258a1c1099a4c3af981ab0c77ade328a76c807405ee509c6316a0aa
Instruction ID: b078b1a6b12ebe1468c15b4c414d06c3acad11fa5bf5f43b1d1503e2891b8f28
Opcode Fuzzy Hash: 511323600258a1c1099a4c3af981ab0c77ade328a76c807405ee509c6316a0aa
Instruction Fuzzy Hash: 66513F71E00208AFDB10EAA9DC42FEEB7BDEF49704F544465F901E7241EA749A018BB1

Function 00D8BBF0 Relevance: 19.6, APIs: 3, Strings: 8, Instructions: 370COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00D8C077,?,00000000,?,00000001), ref: 00D8BD1C
GetVersion.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00D8C077,?,00000000,?,00000001), ref: 00D8BE56
GetModuleHandleW.KERNEL32(user32.dll,?,00000000,00000000,00000000,00000000,00000000,00D8C077,?,00000000,?,00000001), ref: 00D8BE74

Strings

@HandleAnyException, xrefs: 00D8BE11
user32.dll, xrefs: 00D8BE6F
System, xrefs: 00D8BDBC, 00D8BDD2, 00D8BDE8, 00D8BDFE, 00D8BE18
@Halt0, xrefs: 00D8BDF7
@HandleFinally, xrefs: 00D8BDE1
@HandleAutoException, xrefs: 00D8BDCB
@HandleOnException, xrefs: 00D8BDB5
DispatchMessageA, xrefs: 00D8BE7B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModuleQueryVersionVirtual
String ID: @Halt0$@HandleAnyException$@HandleAutoException$@HandleFinally$@HandleOnException$DispatchMessageA$System$user32.dll
API String ID: 1237424064-2702513104
Opcode ID: 49b451cab54d1e659fc0629f0cb9d35c14bbc7d61f19e6f0278d7b4474a8766a
Instruction ID: 5edb92851cf126d9d694d35b63d84678f6ff8f8a0dfa6f096298f3630b0ea706
Opcode Fuzzy Hash: 49b451cab54d1e659fc0629f0cb9d35c14bbc7d61f19e6f0278d7b4474a8766a
Instruction Fuzzy Hash: 9CD18F31B402099FCB14EF69CC81BAD77B2EB84321F189529E541EB395D779A84A8B70

Function 00DE4300 Relevance: 19.6, APIs: 13, Instructions: 86synchronizationthreadfileCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32(00000000,00DF25E8), ref: 00DE4320
WriteFile.KERNEL32(00000000,?,00000090,?,00000000,00000000,00DF25E8), ref: 00DE4355
CloseHandle.KERNEL32(00000000,00000000,?,00000090,?,00000000,00000000,00DF25E8), ref: 00DE4360
WaitForSingleObject.KERNEL32(00000000,000001F4,00000000,00000000,?,00000090,?,00000000,00000000,00DF25E8), ref: 00DE4370
CloseHandle.KERNEL32(00000000,00000000,00DF25E8), ref: 00DE437D
SetEvent.KERNEL32(00000000,00000000,00000000,00DF25E8), ref: 00DE4391
CloseHandle.KERNEL32(00000000,00000000,00000000,00DF25E8), ref: 00DE43A5
WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43B9
TerminateThread.KERNEL32(00000000,00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43CA
LocalFree.KERNEL32(00000000,00000000,00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43DE
SetEvent.KERNEL32(00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43F2
CloseHandle.KERNEL32(00000000,00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE43FD
CloseHandle.KERNEL32(00000000,00000000,00000032,00000000,00000000,00DF25E8), ref: 00DE4416

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseHandle$EventObjectSingleThreadWait$FileFreeLocalResumeTerminateWrite
String ID:
API String ID: 3913588694-0
Opcode ID: 6e95a044839b6394525ec8aed18800e6b51be41157a32d50b724e081ce22b419
Instruction ID: 02f87ab2a672f346c898a645c275c5c1498492da708ba14fd2f8ae5da7581180
Opcode Fuzzy Hash: 6e95a044839b6394525ec8aed18800e6b51be41157a32d50b724e081ce22b419
Instruction Fuzzy Hash: 05314D79A40300AFE650EBBBEE49B1E33A9A70A300F484515B194E71E1DFB5984BDB30

Function 00DEA358 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 266threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DEA5F2

Strings

$M, xrefs: 00DEA49F
cpu registers, xrefs: 00DEA514
disassembling, xrefs: 00DEA563
\M, xrefs: 00DEA468
stack dump, xrefs: 00DEA53D
XM, xrefs: 00DEA435
Plugins, xrefs: 00DEA428
>> will be calculated soon, xrefs: 00DEA4C5, 00DEA50F, 00DEA538, 00DEA55E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID: $M$>> will be calculated soon$Plugins$XM$\M$cpu registers$disassembling$stack dump
API String ID: 2882836952-7464929
Opcode ID: 8947cf3ebb268bf8576a3a64d79ecd8414dd46e34a416c0f0ebdbcce285c1d54
Instruction ID: 61473bbeebbc649c251952b41219442a24e81e6eb7a0e12cabd54e050229f401
Opcode Fuzzy Hash: 8947cf3ebb268bf8576a3a64d79ecd8414dd46e34a416c0f0ebdbcce285c1d54
Instruction Fuzzy Hash: 3CA15F34A0024A9FDB01EF9DC895AADB3F5EF49300F6581A9E814AB351CB70BD45CB72

Function 00D6B254 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D6B30C

Strings

HL, xrefs: 00D6B269
hL, xrefs: 00D6B2CE

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID: HL$hL
API String ID: 3997070919-3103751371
Opcode ID: ff56ab58849816619ecbba87275a7b3d8fc65e8aad779cdb8f42cd18ef2c2876
Instruction ID: 3fab961fce37172c1d13c8e8d97e8a04b4a6e615b3e904cc197f8a0618419f58
Opcode Fuzzy Hash: ff56ab58849816619ecbba87275a7b3d8fc65e8aad779cdb8f42cd18ef2c2876
Instruction Fuzzy Hash: D6A16E75A003099FDB15CFA8D881BAEB7B5FF49320F18452AE505E7381DB70A989CB70

Function 00DE2068 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 161COMMON

Download Yara Rule

APIs

ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DE20A2
CreateFontW.GDI32(000000F5,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Tahoma), ref: 00DE20D2
CreateFontW.GDI32(000000F4,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,MS Sans Serif), ref: 00DE2105
CreateFontW.GDI32(000000F5,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Courier New), ref: 00DE2132
CreateFontW.GDI32(000000F8,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Small Fonts), ref: 00DE215F

Part of subcall function 00DE1F54: GetVersion.KERNEL32(00000000,00DE2055,?,?,?,?,00000000,00000000), ref: 00DE1F72
Part of subcall function 00DE1F54: SendMessageA.USER32(00000000,00000030,?,00000000), ref: 00DE2035

Part of subcall function 00D75E1C: VirtualAlloc.KERNEL32(00000000,00000011,00001000,00000040), ref: 00D75E34
Part of subcall function 00D75E1C: VirtualProtect.KERNEL32(00000000,00000011,00000020,00000025,00000000,00000011,00001000,00000040), ref: 00D75E69

GetVersion.KERNEL32(?,?,?,00000000,?,000000F8,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000), ref: 00DE21BE

Part of subcall function 00D6E0DC: SetWindowLongW.USER32(?,FFFFFFFC,00000000), ref: 00D6E0DF

Strings

Tahoma, xrefs: 00DE20B0
MS Sans Serif, xrefs: 00DE20E3
Courier New, xrefs: 00DE2110
SysTabControl32, xrefs: 00DE2192
Small Fonts, xrefs: 00DE213D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Create$Font$VersionVirtual$AllocImageList_LongMessageProtectSendWindow
String ID: Courier New$MS Sans Serif$Small Fonts$SysTabControl32$Tahoma
API String ID: 651317326-1202811010
Opcode ID: d0407d899f1afa2a9d7801d014798cbb6dfc10d73bde3dd72a4e0524d67a2ee3
Instruction ID: 0cce81cc804ef6d2d6791b9844a896713cc66481c639350ee260e7f04d7db479
Opcode Fuzzy Hash: d0407d899f1afa2a9d7801d014798cbb6dfc10d73bde3dd72a4e0524d67a2ee3
Instruction Fuzzy Hash: E251FE35B80304BFE720DA598D83F9977A5AB49B10F344254B614BF3D1C6F1BE4097A8

Function 00DF073C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 146COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00DF090C), ref: 00DF0764
GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?,0000001C,00000000,00DF08EC,?,00000000,00000000,00DF090C), ref: 00DF07C4
LoadResource.KERNEL32(?,00000000,?,?,00000104,00000000,?,0000001C,00000000,00DF08EC,?,00000000,00000000,00DF090C), ref: 00DF07EE
LockResource.KERNEL32(00000000,?,00000000,?,?,00000104,00000000,?,0000001C,00000000,00DF08EC,?,00000000,00000000,00DF090C), ref: 00DF0804
SizeofResource.KERNEL32(?,00000000,00000000,?,00000000,?,?,00000104,00000000,?,0000001C,00000000,00DF08EC,?,00000000,00000000), ref: 00DF081E
SizeofResource.KERNEL32(?,00000000,?,00000000,00000000,00DF090C), ref: 00DF0853
SizeofResource.KERNEL32(?,00000000,?,00000000,00000000,00DF090C), ref: 00DF0890
VirtualQuery.KERNEL32(00000000,?,0000001C,00000000,00DF08EC,?,00000000,00000000,00DF090C), ref: 00DF08D4

Strings

CrashOnUnderrun, xrefs: 00DF086D
ReportLeaks, xrefs: 00DF08AA
CrashOnBuffer, xrefs: 00DF0838

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$Sizeof$Module$FileHandleLoadLockNameQueryVirtual
String ID: CrashOnBuffer$CrashOnUnderrun$ReportLeaks
API String ID: 3561672752-2504369854
Opcode ID: f41d1983e453cc743d05daed6beba534b6aee12103dcb68f5df5644e9d01d6d2
Instruction ID: 8a4b3ad542089c7b0e837dc9a984f763de4495fa60ad8194ee6ffb906c27ebb8
Opcode Fuzzy Hash: f41d1983e453cc743d05daed6beba534b6aee12103dcb68f5df5644e9d01d6d2
Instruction Fuzzy Hash: 4D512F75E0424CAFDB10EBA8CC45BAEBBB8EB08350F558565F610F7292D674AD40CBB0

Function 00DEF148 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 92filethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DEF162

Part of subcall function 00DB3D68: RaiseException.KERNEL32(406D1388,00000000,00000004,00001000,00000000,00DB3DF5,?,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00DB3DE6

Part of subcall function 00D72318: GetVersion.KERNEL32(00000000,madExcept - TraceProcessThread,00DB3DB1,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00D72342
Part of subcall function 00D72318: GetModuleHandleW.KERNEL32(kernel32.dll,WideCharToMultiByte,00000000,madExcept - TraceProcessThread,00DB3DB1,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00D72358

GetVersion.KERNEL32(00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DEF1A6
OpenFileMappingW.KERNEL32(000F001F,00000000,Global\madTraceProcessMap,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DEF1BE
OpenFileMappingW.KERNEL32(000F001F,00000000,madTraceProcessMap,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DEF1D9
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DEF1F0
UnmapViewOfFile.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DEF22C
CloseHandle.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DEF232
GetCurrentThreadId.KERNEL32 ref: 00DEF241

Strings

madExcept - TraceProcessThread, xrefs: 00DEF167
Global\madTraceProcessMap, xrefs: 00DEF1B2
madTraceProcessMap, xrefs: 00DEF1CD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$CurrentHandleMappingOpenThreadVersionView$CloseExceptionModuleRaiseUnmap
String ID: Global\madTraceProcessMap$madExcept - TraceProcessThread$madTraceProcessMap
API String ID: 3541353731-340354429
Opcode ID: c6aebbe0c0239a2c9772e840341b22c89dbbe91c8561faa35041f6800af0a993
Instruction ID: d3e77a74d1be887802162683c3f8aa27ffab7b8e9b5745e211044881645a8f41
Opcode Fuzzy Hash: c6aebbe0c0239a2c9772e840341b22c89dbbe91c8561faa35041f6800af0a993
Instruction Fuzzy Hash: A531D234B44388BFDB11BBBADC83B5D37A9DF51700F600434B600BA192CBB4AA05D678

Function 00D930D4 Relevance: 18.2, APIs: 12, Instructions: 229windowCOMMON

Download Yara Rule

APIs

EnumWindows.USER32(Function_00032DD8,?), ref: 00D93183
EnumWindows.USER32(Function_00032EFC,?), ref: 00D931F7
GetRgnBox.GDI32(?,?), ref: 00D93204
DeleteObject.GDI32(?), ref: 00D93210
GetStockObject.GDI32(00000000), ref: 00D9326E
FillRect.USER32(?,?,00000000), ref: 00D9327C
SelectClipRgn.GDI32(?,00000000), ref: 00D93289
BitBlt.GDI32(?,00000000,00000000,00000000,?,?,?,?,00CC0020), ref: 00D932AF
SelectClipRgn.GDI32(?,00000000), ref: 00D932C6
DeleteObject.GDI32(00000000), ref: 00D932CF
SelectClipRgn.GDI32(?,00000000), ref: 00D93336
DeleteObject.GDI32(00000000), ref: 00D9333F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Object$ClipDeleteSelect$EnumWindows$FillRectStock
String ID:
API String ID: 3818731149-0
Opcode ID: 428a1cdc4c2b3ea04ef5891e2af01097ddf2eb904f761767ad0b8831097996aa
Instruction ID: 4de8e270f8aa7ddfb4eb33800b6c73e8adf56eddf2485433da66979829135d3f
Opcode Fuzzy Hash: 428a1cdc4c2b3ea04ef5891e2af01097ddf2eb904f761767ad0b8831097996aa
Instruction Fuzzy Hash: A091A2B5A40209AFCF40DFA8D981AEEB7F9EF08310F244529F914E7251DB74AA45CB74

Function 00DC947C Relevance: 18.2, APIs: 12, Instructions: 185networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000201,?,?,?,?,?,00DC97C2,?,00DD9507), ref: 00DC9494
socket.WSOCK32(00000002,00000003,00000001,00000201,?,?,?,?,?,00DC97C2,?,00DD9507), ref: 00DC94A7
setsockopt.WSOCK32(00000000,00000000,00000007,?,00000004,00000002,00000003,00000001,00000201,?,?,?,?,?,00DC97C2,?), ref: 00DC94CB
setsockopt.WSOCK32(00000000,00000000,00000004,?,00000004,00000000,00000000,00000007,?,00000004,00000002,00000003,00000001,00000201,?), ref: 00DC94E1
inet_addr.WSOCK32(00000000,00000000,00000000,00000007,?,00000004,00000002,00000003,00000001,00000201,?,?,?,?,?,00DC97C2), ref: 00DC9508
gethostbyname.WSOCK32(00000000,00000000,00000000,00000000,00000007,?,00000004,00000002,00000003,00000001,00000201,?,?,?,?,?), ref: 00DC9530
GetCurrentProcessId.KERNEL32(00000000,00000000,00000000,00000000,00000007,?,00000004,00000002,00000003,00000001,00000201,?,?,?,?,?), ref: 00DC95B2
sendto.WSOCK32(00000000,?,00000020,00000000,?,00000010,00000000,00000000,00000000,00000000,00000007,?,00000004,00000002,00000003,00000001), ref: 00DC9636
select.WSOCK32(00000000,?,00000000,00000000,?,00000000,?,00000020,00000000,?,00000010,00000000,00000000,00000000,00000000,00000007), ref: 00DC9675
recvfrom.WSOCK32(00000000,00000000,00000414,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,00000020,00000000,?), ref: 00DC968B
GetCurrentProcessId.KERNEL32(00000000,00000000,00000414,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,00000020,00000000,?), ref: 00DC96CA
WSACleanup.WSOCK32(00000201,?,?,?,?,?,00DC97C2,?,00DD9507), ref: 00DC96FB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcesssetsockopt$CleanupStartupgethostbynameinet_addrrecvfromselectsendtosocket
String ID:
API String ID: 2325496574-0
Opcode ID: 407a45293f726ca692efa517cee7a8761c06c6735d7386ac6138858fe210153d
Instruction ID: ed5e1464af2a8b940f6ddd52cd1ea486b20dd6cc3178784cf2f4c7a684c2ef5b
Opcode Fuzzy Hash: 407a45293f726ca692efa517cee7a8761c06c6735d7386ac6138858fe210153d
Instruction Fuzzy Hash: B361A074244345AFE720EB68C945BAAB7E4EF85710F04852DF988CB2D2E778C845E736

Function 00D91B20 Relevance: 17.8, APIs: 14, Instructions: 282memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00046308), ref: 00D91B39
LocalAlloc.KERNEL32(00000040,00023184,00000040,00046308), ref: 00D91B48
LocalAlloc.KERNEL32(00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91B57
LocalAlloc.KERNEL32(00000040,00023184,00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91B66
LocalAlloc.KERNEL32(00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91B75
LocalAlloc.KERNEL32(00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91B84
LocalAlloc.KERNEL32(00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91B93
LocalFree.KERNEL32(00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91D47
LocalFree.KERNEL32(?,00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00046308), ref: 00D91D50
LocalFree.KERNEL32(?,?,00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184,00000040), ref: 00D91DF3
LocalFree.KERNEL32(?,?,?,00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040,00023184), ref: 00D91DFC
LocalFree.KERNEL32(00000020,?,?,?,00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184,00000040), ref: 00D91E05
LocalFree.KERNEL32(?,00000020,?,?,?,00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040,00023184), ref: 00D91E0E
LocalFree.KERNEL32(00000020,?,00000020,?,?,?,00000000,00000040,00000800,00000040,00001C00,00000040,00023184,00000040,00023184,00000040), ref: 00D91E17

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$AllocFree
String ID:
API String ID: 2012307162-0
Opcode ID: 6b805baa26faee4e505a3c8faf946ce8aba618a18b642a806272d177db60b70e
Instruction ID: b3102acb7e2efcfc848a5d607af64a1b82c09d5a03959bd7d5d176883256b069
Opcode Fuzzy Hash: 6b805baa26faee4e505a3c8faf946ce8aba618a18b642a806272d177db60b70e
Instruction Fuzzy Hash: 62B10775F4010A9BCB00DFA9D986ADEB7F1FF48310F288165E504E7341E779A9528BA0

Function 00E3C148 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 269filememoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000048,00000000,00E3C451,?,00000000,00E3C4BC), ref: 00E3C190
InitializeCriticalSection.KERNEL32(?,00000040,00000048,00000000,00E3C451,?,00000000,00E3C4BC), ref: 00E3C1A2
GetFileAttributesW.KERNEL32(?,?,00000040,00000048,00000000,00E3C451,?,00000000,00E3C4BC), ref: 00E3C1FD
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,?,00000040,00000048,00000000,00E3C451,?,00000000,00E3C4BC), ref: 00E3C21B
GetFileSize.KERNEL32(000000FF,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000,?,?,00000040,00000048,00000000,00E3C451), ref: 00E3C233
ReadFile.KERNEL32(000000FF,00000000,00000000,?,00000000,000000FF,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000,?,?), ref: 00E3C265
CloseHandle.KERNEL32(000000FF,000000FF,00000000,?,80000000,00000001,00000000,00000003,00000000,00000000,?,?,00000040,00000048,00000000,00E3C451), ref: 00E3C307

Strings

O, xrefs: 00E3C4A3
Software\madshi\madVR, xrefs: 00E3C31A
Settings, xrefs: 00E3C315

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$AllocAttributesCloseCreateCriticalHandleInitializeLocalReadSectionSize
String ID: Settings$Software\madshi\madVR$O
API String ID: 2617989618-431612474
Opcode ID: 84052a69f5e79c8c6e7cb85208bb2bbc313f1cb4ff836dbdc3e4db90103bba50
Instruction ID: c08a8723df1d37ab2fbf3477cd9e28d8132df64af77d744973593a00d3eb4938
Opcode Fuzzy Hash: 84052a69f5e79c8c6e7cb85208bb2bbc313f1cb4ff836dbdc3e4db90103bba50
Instruction Fuzzy Hash: 3AA12771A00208DFDB10DFA8D985BAEBBF5EF49304F2095A5E814B7292D735EE41CB61

Function 00D96A08 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(0000000F), ref: 00D96A4C

Part of subcall function 00D95020: InflateRect.USER32(?), ref: 00D9503E
Part of subcall function 00D95020: CreateSolidBrush.GDI32(?), ref: 00D95047
Part of subcall function 00D95020: FillRect.USER32(?,?,00000000), ref: 00D95054
Part of subcall function 00D95020: DeleteObject.GDI32(00000000), ref: 00D9505A

GetSysColor.USER32(0000000F), ref: 00D96A7C
GetSysColor.USER32(0000000F), ref: 00D96AB6
GetSysColor.USER32(00000005), ref: 00D96AC1
GetSysColor.USER32(00000010), ref: 00D96AE5
GetSysColor.USER32(00000008), ref: 00D96AF0
GetSysColor.USER32(00000005), ref: 00D96B63
DrawFocusRect.USER32(?,?), ref: 00D96BB0

Strings

Tahoma, xrefs: 00D96B56, 00D96B85
Marlett, xrefs: 00D96B1C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Color$Rect$BrushCreateDeleteDrawFillFocusInflateObjectSolid
String ID: Marlett$Tahoma
API String ID: 2656558131-2348366563
Opcode ID: b58d946f3ec164a6762f097a389e258bcbd97061f27cbc982fd4b19dc680ab55
Instruction ID: 91941efabe2cdbd8c620f3214386cf0c79f195d57ff85f47d2e9099f9fe999a6
Opcode Fuzzy Hash: b58d946f3ec164a6762f097a389e258bcbd97061f27cbc982fd4b19dc680ab55
Instruction Fuzzy Hash: FC516F71F40609ABDB11DFA9CC82B9EB6B6EF44710F144125FA04BB296D6B09D4487B4

Function 00DA9D64 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97filewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00DA9B6C: VirtualQuery.KERNEL32(?,?,0000001C,00000000,00DA9D18), ref: 00DA9B9F
Part of subcall function 00DA9B6C: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00DA9BC3
Part of subcall function 00DA9B6C: GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 00DA9BDE
Part of subcall function 00DA9B6C: LoadStringW.USER32(00000000,0000FFEB,?,00000100), ref: 00DA9C79

WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,00DA9E89), ref: 00DA9DC5
WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00DA9DF8
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00DA9E0A
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00DA9E10
GetStdHandle.KERNEL32(000000F4,00DA9EA4,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 00DA9E24
WriteFile.KERNEL32(00000000,000000F4,00DA9EA4,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 00DA9E2A
LoadStringW.USER32(00000000,0000FFEC,?,00000040), ref: 00DA9E4E
MessageBoxW.USER32(00000000,?,?,00002010), ref: 00DA9E68

Strings

<, xrefs: 00DA9DA2
T, xrefs: 00DA9D94

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
String ID: <$T
API String ID: 135118572-1535824369
Opcode ID: 40ebd169ab601bc6bf2005aef0c74f2fedd25013533fbad0804b0d7ebb820111
Instruction ID: 566f7914a124a055284b23c8e715336273c61d7a87782e200e8c8acf625990a9
Opcode Fuzzy Hash: 40ebd169ab601bc6bf2005aef0c74f2fedd25013533fbad0804b0d7ebb820111
Instruction Fuzzy Hash: 6B3164B1A44208BFEB14EBA4DC93FDAB7ADEB09700F904161B604E71D1DEB46E448B75

Function 00DEFE8C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75filesynchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00DEFF61,?,?,?,?,00000000,00000000), ref: 00DEFEA8
OpenFileMappingA.KERNEL32(00000004,00000000,00000000), ref: 00DEFED6
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?,00000000,00DEFF61,?,?,?,?,00000000), ref: 00DEFEF1
CloseHandle.KERNEL32(?,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?,00000000,00DEFF61), ref: 00DEFF00
OpenProcess.KERNEL32(00100000,00000000,00000000,?,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?,00000000,00DEFF61), ref: 00DEFF0F
WaitForSingleObject.KERNEL32(00000000,000000FF,00100000,00000000,00000000,?,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?,00000000), ref: 00DEFF1D
CloseHandle.KERNEL32(00000000,00000000,000000FF,00100000,00000000,00000000,?,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?), ref: 00DEFF23
UnmapViewOfFile.KERNEL32(00000000,00100000,00000000,00000000,?,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?,00000000,00DEFF61), ref: 00DEFF3B
CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,?,00000000,00DEFF61), ref: 00DEFF41

Strings

madExceptRestart, xrefs: 00DEFEBF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseFileHandle$OpenProcessView$CurrentMappingObjectSingleUnmapWait
String ID: madExceptRestart
API String ID: 2482783696-2743691351
Opcode ID: da649f61619afdde641463b40ba09c198cdd626e9d4f27c5d2682d9283c8107c
Instruction ID: 8187e89e1f1298638d13fbb24b2176461f1184d9152beb111a3e9f01e2394f4e
Opcode Fuzzy Hash: da649f61619afdde641463b40ba09c198cdd626e9d4f27c5d2682d9283c8107c
Instruction Fuzzy Hash: BE11BE70B483497FE721B7A5DC43F6F72ADDF86B10F610424B504AB2C2CAB4E90586B4

Function 00D93370 Relevance: 16.6, APIs: 11, Instructions: 118memoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D934B2), ref: 00D9339A
LoadImageW.USER32(00000000,00000000,00000000,00000000,00000000,00002010), ref: 00D933BB
LoadImageA.USER32(00000000,00000000,00000000,00000000,00000000,00002010), ref: 00D933E9
LocalAlloc.KERNEL32(00000040,00000018,00000000,00D934B2), ref: 00D933FC
GetObjectW.GDI32(00000000,00000018,00000000), ref: 00D9340F
CreateCompatibleDC.GDI32(00000000), ref: 00D9342B
SelectObject.GDI32(00000000,00000000), ref: 00D9343E
SelectObject.GDI32(00000000,?), ref: 00D9347A
DeleteDC.GDI32(00000000), ref: 00D93483
LocalFree.KERNEL32(00000000,00000040,00000018,00000000,00D934B2), ref: 00D93489
DeleteObject.GDI32(00000000), ref: 00D9348F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Object$DeleteImageLoadLocalSelect$AllocCompatibleCreateFreeVersion
String ID:
API String ID: 3703444550-0
Opcode ID: cf652cdb93111410427550376ff7d5356f4fdcbac614b924f632b50c3a6823ad
Instruction ID: acd1f2c3d18d637f585d5ef773102032ed83e2c323e46e37cd55b9b9fa8394ed
Opcode Fuzzy Hash: cf652cdb93111410427550376ff7d5356f4fdcbac614b924f632b50c3a6823ad
Instruction Fuzzy Hash: 3D316D70B44309BBEB10EAA9DD43FAFB6A9EF48700F144425F604E72C1DA749E0087B5

Function 00DE962C Relevance: 16.6, APIs: 11, Instructions: 114threadmemoryCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DE9644
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,?,00000000), ref: 00DE967D
GetCurrentThread.KERNEL32 ref: 00DE9683
GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,00000000,00000002,?,?,00000000), ref: 00DE9689
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,00000000), ref: 00DE968F
VirtualAlloc.KERNEL32(00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,00000000), ref: 00DE96B5
GetThreadContext.KERNEL32(?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,00000000), ref: 00DE96C7
VirtualQuery.KERNEL32(?,?,0000001C,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 00DE96DD
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 00DE9731
GetThreadPriority.KERNEL32(?,00000000,00000000,00008000,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000), ref: 00DE973A
CloseHandle.KERNEL32(?,?,00000000,00000000,00008000,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000), ref: 00DE9760

Part of subcall function 00DB2264: GetVersion.KERNEL32(00000000,00DB23C0,?,?,00000000,madExcept - TraceProcessThread), ref: 00DB229F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread$Virtual$HandleProcess$AllocCloseContextDuplicateFreePriorityQueryVersion
String ID:
API String ID: 3750514052-0
Opcode ID: d31b5f5d7c3ce901cbbb0d3e761b8ab7d50d3468e2995ed63e44825a14fb861d
Instruction ID: dbea9d29d7de4b1fc4a21ca494f813e07f1b4366de304b4e3d8deebae4a56de3
Opcode Fuzzy Hash: d31b5f5d7c3ce901cbbb0d3e761b8ab7d50d3468e2995ed63e44825a14fb861d
Instruction Fuzzy Hash: D1416C71B00359ABDB10EFA9D885B9EBBF9EF48310F144565F958EB282D7749900CBB0

Function 00DEE378 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 254COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,TThread,00000000), ref: 00DEE550

Strings

HookTThread, xrefs: 00DEE56D
TThread, xrefs: 00DEE44F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcess
String ID: HookTThread$TThread
API String ID: 2050909247-3437922582
Opcode ID: 5663f0c070129a7391adb28b742fd41ba43cc0c9d7519abce918fbfa44e0223f
Instruction ID: 6ce5dbaed6ece808c960daadbe16f431811070f664346b2c720321372fffc998
Opcode Fuzzy Hash: 5663f0c070129a7391adb28b742fd41ba43cc0c9d7519abce918fbfa44e0223f
Instruction Fuzzy Hash: DDA18974A00289DFDB10EF9AC985B9EB7B6FB49310F5484A5E904AB3A1D730ED45CB70

Function 00DA8A74 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 216threadCOMMON

Download Yara Rule

APIs

IsValidLocale.KERNEL32(?,00000001,00000000,00DA8D59,?,?,?,?,00000000,00000000), ref: 00DA8A9B
GetThreadLocale.KERNEL32(?,00000001,00000000,00DA8D59,?,?,?,?,00000000,00000000), ref: 00DA8AA4

Part of subcall function 00DA8A48: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,00DA8B4A,?,00000001,00000000,00DA8D59), ref: 00DA8A5B

Part of subcall function 00DA89FC: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00DA8A1A

Strings

AMPM, xrefs: 00DA8CD2
2, xrefs: 00DA8D35
:mm:ss, xrefs: 00DA8D0C
:mm, xrefs: 00DA8CF1
AMPM , xrefs: 00DA8CE1
m/d/yy, xrefs: 00DA8BA5
mmmm d, yyyy, xrefs: 00DA8BCA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Locale$Info$ThreadValid
String ID: AMPM$2$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
API String ID: 233154393-3379564615
Opcode ID: b36ccf615816ea8ab0c3d134c3307a9cf8bb1944970091f7b45c79c91d5837bc
Instruction ID: 8bcc94a123e3086b2c1a3cb2c8a1ea18f5e68fc689770f9d783a41643eb8c166
Opcode Fuzzy Hash: b36ccf615816ea8ab0c3d134c3307a9cf8bb1944970091f7b45c79c91d5837bc
Instruction Fuzzy Hash: 3D717030B011489BDB05EBA4C841AEF73AAEF8A304F548172F904AB356DF35DE06A775

Function 00DA948C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 199threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00D6643C: GetTickCount.KERNEL32 ref: 00D66473
Part of subcall function 00D6643C: GetTickCount.KERNEL32 ref: 00D6648B

Part of subcall function 00DA89FC: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00DA8A1A

GetThreadLocale.KERNEL32(00000000,00000004), ref: 00DA9524
EnumCalendarInfoW.KERNEL32(00DA9350,00000000,00000000,00000004), ref: 00DA952F
GetThreadLocale.KERNEL32(00000000,00000003,00DA9350,00000000,00000000,00000004), ref: 00DA956A
EnumCalendarInfoW.KERNEL32(00DA93F4,00000000,00000000,00000003,00DA9350,00000000,00000000,00000004), ref: 00DA9575
GetThreadLocale.KERNEL32(00000000,00000004), ref: 00DA9606
EnumCalendarInfoW.KERNEL32(00DA9350,00000000,00000000,00000004), ref: 00DA9611
GetThreadLocale.KERNEL32(00000000,00000003,00DA9350,00000000,00000000,00000004), ref: 00DA964E
EnumCalendarInfoW.KERNEL32(00DA93F4,00000000,00000000,00000003,00DA9350,00000000,00000000,00000004), ref: 00DA9659

Strings

B.C., xrefs: 00DA95B4

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: InfoLocale$CalendarEnumThread$CountTick
String ID: B.C.
API String ID: 1601775584-621294921
Opcode ID: 7d08a66bd5ac4faeb5602a020acc95b9c3a6a6493d80c4b4bb605f0f0c5100fe
Instruction ID: d540fc892512264b59497e822d86b391188957c0de122923c238929619f8db47
Opcode Fuzzy Hash: 7d08a66bd5ac4faeb5602a020acc95b9c3a6a6493d80c4b4bb605f0f0c5100fe
Instruction Fuzzy Hash: 0E61F274B012009FDB10DF69D891BAAB3A5EF4A314F148966F811EB3A5C731ED05CB70

Function 00D75B80 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 166COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D75D7B,?,?,00D6F2B4,00000000,00000005,00000000,00000000,?,00DE7251), ref: 00D75BAC
GetFileVersionInfoSizeW.VERSION(00000000,00000000,00000000,00D75D7B,?,?,00D6F2B4,00000000,00000005,00000000,00000000,?,00DE7251), ref: 00D75BF0
GetFileVersionInfoW.VERSION(00000000,00000000,00000000,?,00000000,00000000,00000000,00D75D7B,?,?,00D6F2B4,00000000,00000005,00000000,00000000), ref: 00D75C1A
VerQueryValueW.VERSION(?,00D75D8C,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00D75D7B,?,?,00D6F2B4,00000000), ref: 00D75C38
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,00000000,00000000,?,00D75D8C,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00D75D7B), ref: 00D75C92
VerQueryValueW.VERSION(?,00000000,\FileVersion,00000000,00000000,00000000,\StringFileInfo\,?,00000000,?,\VarFileInfo\Translation,00000000,00000000,?,00D75D8C,00000000), ref: 00D75D20

Strings

\FileVersion, xrefs: 00D75CF6
\StringFileInfo\, xrefs: 00D75CB1
\VarFileInfo\Translation, xrefs: 00D75C89

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: QueryValueVersion$FileInfo$Size
String ID: \FileVersion$\StringFileInfo\$\VarFileInfo\Translation
API String ID: 1815656252-563019106
Opcode ID: d5a7e35200cd46006fb814b899b42ccad43b38fced989ee68067350eea84af4c
Instruction ID: a504372b4cee9dddb62b9a0db321dc1920f779145dbfcd98230edeabb283c507
Opcode Fuzzy Hash: d5a7e35200cd46006fb814b899b42ccad43b38fced989ee68067350eea84af4c
Instruction Fuzzy Hash: 90514874A00609AFDB10EBA8D885EEEB3F9EF48300F548465F504E7255EB74AE05CB72

Function 00E0904C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 161memorysynchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,00E09270,?,00000000,00E09251,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E090FF

Part of subcall function 00D6D6C0: CreateMutexA.KERNEL32(?,00000001,00000000,?,00DB7979,00DC7BF0,00000000,00000000,?,00000000), ref: 00D6D6D6

WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00000000,00000000,?,?,?,00E09270,?,00000000,00E09251,?,?,?,00000000), ref: 00E0914E
VirtualProtect.KERNEL32(0000000A,00000004,00000040,?,00000000,000000FF,00000000,00000000,00000000,?,?,?,00E09270,?,00000000,00E09251), ref: 00E091C6
VirtualProtect.KERNEL32(0000000A,00000004,?,?,0000000A,00000004,00000040,?,00000000,000000FF,00000000,00000000,00000000,?,?,?), ref: 00E091F4
ReleaseMutex.KERNEL32(00000000,00000000,000000FF,00000000,00000000,00000000,?,?,?,00E09270,?,00000000,00E09251,?,?,?), ref: 00E0921D
CloseHandle.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,?,?,?,00E09270,?,00000000,00E09251,?,?), ref: 00E09229

Strings

|[, xrefs: 00E0908A
`X, xrefs: 00E09179
T[, xrefs: 00E09079

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MutexProtectVirtual$CloseCreateCurrentHandleObjectProcessReleaseSingleWait
String ID: T[$`X$|[
API String ID: 2433167092-649475269
Opcode ID: 1809a5acc6227580cf6eec43f6b8561df3bfa84b4643681f9d700322d96a187c
Instruction ID: 1fd2d77def6db2a4f541a3ac994049ee2fdd3f8f9417b25ed2fe8b88a9707251
Opcode Fuzzy Hash: 1809a5acc6227580cf6eec43f6b8561df3bfa84b4643681f9d700322d96a187c
Instruction Fuzzy Hash: E551C174A04209EFDB10EF64E845B8AB7F5EF49314F518565F044AB2A2D730EE84DB70

Function 00DB3164 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 128COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(advapi32.dll,SetEntriesInAclA), ref: 00DB318F

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DB31F9

Part of subcall function 00DB30E4: OpenProcessToken.ADVAPI32(00000000,00000008,?,00000000,?,00DC7BF0), ref: 00DB30FA
Part of subcall function 00DB30E4: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,00000000,00000008,?,00000000,?,00DC7BF0), ref: 00DB3116
Part of subcall function 00DB30E4: LocalAlloc.KERNEL32(00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008,?,00000000,?,00DC7BF0), ref: 00DB3123
Part of subcall function 00DB30E4: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,?,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008,?,00000000), ref: 00DB313D
Part of subcall function 00DB30E4: CloseHandle.KERNEL32(?,00000000,?,TokenIntegrityLevel,?,?,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00DB3156

InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,advapi32.dll,SetEntriesInAclA), ref: 00DB32B8
SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,00000000,00000000,?,00000001,00000000,advapi32.dll,SetEntriesInAclA), ref: 00DB32C7
FreeSid.ADVAPI32(00000000,?,000000FF,00000000,00000000,?,00000001,00000000,advapi32.dll,SetEntriesInAclA), ref: 00DB32D6
FreeSid.ADVAPI32(00000000,?,000000FF,00000000,00000000,?,00000001,00000000,advapi32.dll), ref: 00DB32E7
LocalFree.KERNEL32(00000000,?,000000FF,00000000,00000000,?,00000001), ref: 00DB32F8

Part of subcall function 00D6D4FC: AllocateAndInitializeSid.ADVAPI32(00E48558,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DC7BF0,?,00DB31C5,00000000,00000000), ref: 00D6D523

Strings

advapi32.dll, xrefs: 00DB318A
SetEntriesInAclA, xrefs: 00DB3185

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FreeToken$DescriptorHandleInformationInitializeLocalProcessSecurity$AddressAllocAllocateCloseCurrentDaclModuleOpenProc
String ID: SetEntriesInAclA$advapi32.dll
API String ID: 435592921-2764761592
Opcode ID: 6de69870a36d95b38b2ca11403773492079d565c113b20cf734ca6127f0146b1
Instruction ID: c770cf3478ec10daa925a4a44a1160779160ba06f44e262c97af2e2fbe232218
Opcode Fuzzy Hash: 6de69870a36d95b38b2ca11403773492079d565c113b20cf734ca6127f0146b1
Instruction Fuzzy Hash: 324137B0608300AFD350DF68D845B9BB7E9AB88314F04892DF598CB291E7B5D948DB72

Function 00DCCD2C Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 121networkCOMMON

Download Yara Rule

APIs

closesocket.WSOCK32(?,00000000,00DCCEA2), ref: 00DCCE4E
LocalFree.KERNEL32(?,00000000,00DCCEA2), ref: 00DCCE63
VirtualFree.KERNEL32(?,00000000,00008000,00000000,00DCCEA2), ref: 00DCCE77
WSACleanup.WSOCK32(00000000,00DCCEA2), ref: 00DCCE7C

Strings

221, xrefs: 00DCCDB1
., xrefs: 00DCCD70
RSET, xrefs: 00DCCD9C
QUIT, xrefs: 00DCCDB6
250, xrefs: 00DCCD6B, 00DCCD97

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Free$CleanupLocalVirtualclosesocket
String ID: .$221$250$QUIT$RSET
API String ID: 3578454468-26403291
Opcode ID: 540cd141a7042eaf1d01af9272e4fc73885e8933fc3d3e74cfdfd7e1f0fc2be5
Instruction ID: db0f676a42e23d9bda9ff1fa29a12caa0024b033a6d3923335cfdb08f748ce0b
Opcode Fuzzy Hash: 540cd141a7042eaf1d01af9272e4fc73885e8933fc3d3e74cfdfd7e1f0fc2be5
Instruction Fuzzy Hash: 7B41BF70610B46AFD721DB68C845F9EBBE8EF0A700F54542DF24AE7192DB74A948C770

Function 00DCCB60 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 97librarymemoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00DCCB6A
LoadLibraryW.KERNEL32(security.dll), ref: 00DCCB78
LoadLibraryW.KERNEL32(secur32.dll), ref: 00DCCB86
VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,InitSecurityInterfaceW,secur32.dll), ref: 00DCCC41
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,00000000,InitSecurityInterfaceW,secur32.dll), ref: 00DCCC5C

Strings

InitSecurityInterfaceW, xrefs: 00DCCB8D
security.dll, xrefs: 00DCCB73
Microsoft Unified Security Protocol Provider, xrefs: 00DCCBCC
secur32.dll, xrefs: 00DCCB81

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LibraryLoadVirtual$AllocFreeVersion
String ID: InitSecurityInterfaceW$Microsoft Unified Security Protocol Provider$secur32.dll$security.dll
API String ID: 3011846791-195603308
Opcode ID: 597e11a068e7a3302de5f4666e6e229b3370685889095064d32585214456f8d6
Instruction ID: 1c900216319ef95fbef7e37b34fbefa976eb7871485a360748a46acc6d6cd546
Opcode Fuzzy Hash: 597e11a068e7a3302de5f4666e6e229b3370685889095064d32585214456f8d6
Instruction Fuzzy Hash: 1431AF71B506027FE220DB7A8D86F65B799BF00B24F188228F6189B9C1C764F814CBB4

Function 00DE40B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83filesynchronizationthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll,SetThreadDpiAwarenessContext), ref: 00DE40E4

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

ReadFile.KERNEL32(?,?,00000090,?,00000000,00000000,user32.dll,SetThreadDpiAwarenessContext), ref: 00DE4116
SetEvent.KERNEL32(00000000), ref: 00DE4146
PostThreadMessageW.USER32(?,00000000,00000000,00000000), ref: 00DE4158
GetLastError.KERNEL32(?,?,00000090,?,00000000,00000000,user32.dll,SetThreadDpiAwarenessContext), ref: 00DE4168
ResetEvent.KERNEL32(00000000,?,?,00000090,?,00000000,00000000,user32.dll,SetThreadDpiAwarenessContext), ref: 00DE4192
WaitForSingleObject.KERNEL32(00000000,00000064,?,?,00000090,?,00000000,00000000,user32.dll,SetThreadDpiAwarenessContext), ref: 00DE419F

Strings

SetThreadDpiAwarenessContext, xrefs: 00DE40DA
user32.dll, xrefs: 00DE40DF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Event$AddressErrorFileHandleLastMessageModuleObjectPostProcReadResetSingleThreadWait
String ID: SetThreadDpiAwarenessContext$user32.dll
API String ID: 1985482037-1310550913
Opcode ID: 1e7451e3e9f092fcc7c06c10f4a812303c763a5413e7b6d694ed03dcd66c06a6
Instruction ID: c2bfd87a578085ec654092cf18c413480f23d0610c5b5123c3f5d89545b583eb
Opcode Fuzzy Hash: 1e7451e3e9f092fcc7c06c10f4a812303c763a5413e7b6d694ed03dcd66c06a6
Instruction Fuzzy Hash: 31219F31A003A4DFEF31BB7ADD46B6A33E8DB26314F0804A1A214A6195DAB44D85CB32

Function 00D85CE0 Relevance: 15.1, APIs: 10, Instructions: 126fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D85E57,?,00D6F660,00000000), ref: 00D85D06
GetFileAttributesW.KERNEL32(00000000,00000000,00D85E57,?,00D6F660,00000000), ref: 00D85D1A
GetVersion.KERNEL32(00000000,00D85E57,?,00D6F660,00000000), ref: 00D85D24
GetFileAttributesA.KERNEL32(00000000,00000000,00D85E57,?,00D6F660,00000000), ref: 00D85D4C
GetVersion.KERNEL32(00000000,00000000,00D85E57,?,00D6F660,00000000), ref: 00D85D5A
CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00D85E57,?,00D6F660,00000000), ref: 00D85D80
CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00D85E57,?,00D6F660,00000000), ref: 00D85DB4
GetFileSize.KERNEL32(?,00000000,00000000,00D85E35,?,00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00D85E57), ref: 00D85DD6
ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,00000000,00D85E35,?,00000000,80000000,00000003,00000000,00000003,00000080), ref: 00D85E00
CloseHandle.KERNEL32(?,00D85E3C,00D85E35,?,00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00D85E57,?,00D6F660), ref: 00D85E2F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$Version$AttributesCreate$CloseHandleReadSize
String ID:
API String ID: 530176067-0
Opcode ID: 90da48ffd6aca902a086b8a7ea5fe0d0d9180666de97eca4e08f7eede1d20658
Instruction ID: 9f07017b116c461926eb99a28c7f019bd35c5447071813594ab8a2c0e9c58432
Opcode Fuzzy Hash: 90da48ffd6aca902a086b8a7ea5fe0d0d9180666de97eca4e08f7eede1d20658
Instruction Fuzzy Hash: 14417370B44708ABEB21FBB8EC56B9E77A8EF08710F140569F514E72D5DA749A048731

Function 00DD0FD4 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 278COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00DD12EF

Strings

&, xrefs: 00DD128F
>, xrefs: 00DD12DA
', xrefs: 00DD12A8
", xrefs: 00DD1276
<, xrefs: 00DD12C1

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID: &$'$>$<$"
API String ID: 1452528299-87953025
Opcode ID: dda4406de3c8260fcd76e6f9e2cd22cb5853ddd76be2eacf9716f98263d91d93
Instruction ID: 8c7be4fc885339b36c20122d79b172978e36118e372c7d99795c0da9e9e32663
Opcode Fuzzy Hash: dda4406de3c8260fcd76e6f9e2cd22cb5853ddd76be2eacf9716f98263d91d93
Instruction Fuzzy Hash: 65A1BF39A44749AFDB20DBA9C846B9EBBF8EB09340F04055AE582E7790C631E944CB74

Function 00D95CA8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 235COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00D95D5F
GetSysColor.USER32(00000005), ref: 00D95DEE
GetSysColor.USER32(0000000F), ref: 00D95E24
GetSysColor.USER32(00000008), ref: 00D95E9A
GetSysColor.USER32(0000000F), ref: 00D95EB9
GetSysColor.USER32(00000010), ref: 00D95E10

Part of subcall function 00D95020: InflateRect.USER32(?), ref: 00D9503E
Part of subcall function 00D95020: CreateSolidBrush.GDI32(?), ref: 00D95047
Part of subcall function 00D95020: FillRect.USER32(?,?,00000000), ref: 00D95054
Part of subcall function 00D95020: DeleteObject.GDI32(00000000), ref: 00D9505A

GetSysColor.USER32(0000000F), ref: 00D95ECD

Strings

Arial, xrefs: 00D95DE1, 00D95E8D, 00D95EFD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Color$Rect$BrushCreateDeleteFillInflateObjectSolid
String ID: Arial
API String ID: 9615130-493054409
Opcode ID: c831fe4864a591dd3567dd913eb0ab4f8c706de1bf2c472e238496a1c5fc2252
Instruction ID: d0ada5e1510f7536c3c89619676b02d7d12be66203b7f2b5d4431e54502ff3eb
Opcode Fuzzy Hash: c831fe4864a591dd3567dd913eb0ab4f8c706de1bf2c472e238496a1c5fc2252
Instruction Fuzzy Hash: F3810A71A00609AFCF01DF98D882BEEB7BAEF48310F544165F515BB289C775AA458BB0

Function 00DB3E24 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 207synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000032,00000000,00DB40C4,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DB3E66
LocalSize.KERNEL32(?), ref: 00DB3ECB
LocalSize.KERNEL32(?), ref: 00DB3FBE

Strings

madExcept - TraceProcessThread, xrefs: 00DB3F54
madExcept - AntiFreezeThread, xrefs: 00DB3F2A
madExcept - HandleExceptionThread, xrefs: 00DB3F3F
thread , xrefs: 00DB3F9C, 00DB409B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LocalSize$ObjectSingleWait
String ID: madExcept - AntiFreezeThread$madExcept - HandleExceptionThread$madExcept - TraceProcessThread$thread
API String ID: 3817373768-1488406063
Opcode ID: bcaae293922066546fe625c5fea9325ecf182a73d4eb66a743aeef5f5f0145c1
Instruction ID: dbe4df32501b7c20430357374823bfa54053e980bcceec37c39ca25012bcb631
Opcode Fuzzy Hash: bcaae293922066546fe625c5fea9325ecf182a73d4eb66a743aeef5f5f0145c1
Instruction Fuzzy Hash: 92714A74A04208EFCB11EF98D491A9EB7F4EB49340F5180A1F9069B362D735EE41DB30

Function 00D717B4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167libraryloaderwindowCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00D719C1,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D7180A
GetProcAddress.KERNEL32(00000000,00000000), ref: 00D71810
LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00D719C1,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D7184D
LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00D719C1,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D7188D
FormatMessageA.KERNEL32(00001300,?,?,00000400,?,00000000,00000000,00000000,00D7199F,?,00000000,00D719C1), ref: 00D718C9
LocalFree.KERNEL32(?,00D71982,00001300,?,?,00000400,?,00000000,00000000,00000000,00D7199F,?,00000000,00D719C1), ref: 00D7193F

Strings

., xrefs: 00D71863

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LibraryLoad$AddressFormatFreeHandleLocalMessageModuleProc
String ID: .
API String ID: 4124434780-3974621797
Opcode ID: 14e1499ca3b9767afdba0bfd7bf2769a3bbdb0475b110ce5a0d5ad6ed88b5320
Instruction ID: 75541de7692984ea45a7aa1b5268f16398b153bea7a22476034f9e1c3ccfb2ae
Opcode Fuzzy Hash: 14e1499ca3b9767afdba0bfd7bf2769a3bbdb0475b110ce5a0d5ad6ed88b5320
Instruction Fuzzy Hash: 4D51D778B14204AFEB11EBACDC92F6EB7A9EF48700F508661F504A7291EB749D05CB71

Function 00DB268C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DB28FA), ref: 00DB26D9
GetTempPathW.KERNEL32(00000104,?,00000000,00DB28FA), ref: 00DB26F5
CreateDirectoryW.KERNEL32(?,00000000,00000104,?,00000000,00DB28FA), ref: 00DB273E
CreateDirectoryW.KERNEL32(00000000,00000000,.madExcept,?,?,?,00000000,00000104,?,00000000,00DB28FA), ref: 00DB27B2
GetTempPathA.KERNEL32(00000104,?,00000000,00DB28FA), ref: 00DB27D4
CreateDirectoryA.KERNEL32(?,00000000,00000104,?,00000000,00DB28FA), ref: 00DB2812
CreateDirectoryA.KERNEL32(00000000,00000000,.madExcept,?,?,?,00000000,00000104,?,00000000,00DB28FA), ref: 00DB289C

Strings

.madExcept, xrefs: 00DB2797, 00DB286B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CreateDirectory$PathTemp$Version
String ID: .madExcept
API String ID: 3423074100-4117059601
Opcode ID: a6d54124e5abccaf28c7621a72775961cdcf90d5a75514399aaf21d242e2be3c
Instruction ID: fd7b08fe3712d248b8cf4f7c6ea58d8d4d3b8cca2f5f3948cd9e60fe25de92c5
Opcode Fuzzy Hash: a6d54124e5abccaf28c7621a72775961cdcf90d5a75514399aaf21d242e2be3c
Instruction Fuzzy Hash: 44519031A4022D9BDF20EBA9DC86BEDB3B5EF58300F4081F5A00997255DA709E85CF71

Function 00D75964 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeA.VERSION(00000000,?,00000000,00D75B16), ref: 00D759A5
GetFileVersionInfoA.VERSION(00000000,?,00000000,?,00000000,?,00000000,00D75B16), ref: 00D759D1
VerQueryValueA.VERSION(?,00D75B24,?,00000000,00000000,?,00000000,?,00000000,?,00000000,00D75B16), ref: 00D759EF
VerQueryValueA.VERSION(?,\VarFileInfo\Translation,?,00000000,?,00D75B24,?,00000000,00000000,?,00000000,?,00000000,?,00000000,00D75B16), ref: 00D75A4A
VerQueryValueA.VERSION(?,00000000,\FileVersion,?,?,?,\StringFileInfo\,?,00000000,?,\VarFileInfo\Translation,?,00000000,?,00D75B24,?), ref: 00D75ACB

Strings

\VarFileInfo\Translation, xrefs: 00D75A41
\StringFileInfo\, xrefs: 00D75A69
\FileVersion, xrefs: 00D75AAC

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: QueryValue$FileInfoVersion$Size
String ID: \FileVersion$\StringFileInfo\$\VarFileInfo\Translation
API String ID: 102455768-563019106
Opcode ID: cc04c65ae443627f312f67f686c550970de7874149e6461ed48893c0c01e1169
Instruction ID: 9e5eb0f45a1ff4d401eee9bed8353e8187e68ebca4eeb646cdb400d804a281f8
Opcode Fuzzy Hash: cc04c65ae443627f312f67f686c550970de7874149e6461ed48893c0c01e1169
Instruction Fuzzy Hash: E0511775A04608AFDB00EB98D881EAEB7F9EF48310F558565F508E3285EB74EE05CB71

Function 00DF3608 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 141COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DF37D9,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00DF362C

Part of subcall function 00DF3188: LoadLibraryW.KERNEL32(setupapi.dll,00000000,00DF3409,?,?,?,?,00000009,00000000,00000000), ref: 00DF31AE
Part of subcall function 00DF3188: FreeLibrary.KERNEL32(00000000,00000000,SetupDiGetDeviceRegistryPropertyW,00000000,SetupDiEnumDeviceInfo,00000000,SetupDiDestroyDeviceInfoList,00000000,SetupDiGetClassDevsW,setupapi.dll,00000000,00DF3409), ref: 00DF33DC

Strings

$M, xrefs: 00DF36FF
- , xrefs: 00DF369D
Microsoft, xrefs: 00DF3707
DriverVersion, xrefs: 00DF3724
ProviderName, xrefs: 00DF36D9
DriverDate, xrefs: 00DF3748
(driver , xrefs: 00DF375F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Library$FreeLoadVersion
String ID: - $ (driver $$M$DriverDate$DriverVersion$Microsoft$ProviderName
API String ID: 3790438526-2859448490
Opcode ID: 9fd07122ef095aff6bd30cbc2863f4ebad1a445e96e26f75da86a0ac9f6e64ef
Instruction ID: bae4a0e07eb471b8785a3e894dc435fe29feb551e8ba74b37a16afd8bc5e1c64
Opcode Fuzzy Hash: 9fd07122ef095aff6bd30cbc2863f4ebad1a445e96e26f75da86a0ac9f6e64ef
Instruction Fuzzy Hash: 41515A74A0010CAFDB50EB98C981AADB7F9EB48344F628099B60597362DB74EF41DB70

Function 00DB2264 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DB23C0,?,?,00000000,madExcept - TraceProcessThread), ref: 00DB229F

Strings

madExcept - TraceProcessThread, xrefs: 00DB226A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version
String ID: madExcept - TraceProcessThread
API String ID: 1889659487-2631385117
Opcode ID: 3186043aaa42ddf64b0d61de759b7111d1d3b4318b3b50a07bb27056eae8d53e
Instruction ID: 10047ca2c085036d3e6445e5b56ff8f4c137856bb82ba853df7e047844ef6614
Opcode Fuzzy Hash: 3186043aaa42ddf64b0d61de759b7111d1d3b4318b3b50a07bb27056eae8d53e
Instruction Fuzzy Hash: 93414BB6A04209EFDB10DFB5DD45ABEB7F8EB49750F208469E905E3351EA38D900CA70

Function 00DF049C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D77238: GetVersion.KERNEL32(00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000,?,00D86A74,?,00000000,00D86C91), ref: 00D77262
Part of subcall function 00D77238: FindResourceW.KERNEL32(?,00000000,0000000A,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000,?,00D86A74,?), ref: 00D77278
Part of subcall function 00D77238: LoadResource.KERNEL32(?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000), ref: 00D772F4
Part of subcall function 00D77238: SizeofResource.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000), ref: 00D77303
Part of subcall function 00D77238: LockResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4), ref: 00D7730A
Part of subcall function 00D77238: FreeResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4), ref: 00D77322

VirtualProtect.KERNEL32(00000018,000000F0,00000040,?,?,00000000,00DF0615), ref: 00DF051A
VirtualProtect.KERNEL32(00000018,000000F0,?,?,00000018,000000F0,00000040,?,?,00000000,00DF0615), ref: 00DF056B
VirtualProtect.KERNEL32(00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF0581
VirtualProtect.KERNEL32(00000018,000000E0,?,?,00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF05EB
GetCurrentProcess.KERNEL32(00000000,00000000,00000018,000000E0,?,?,00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF05F4
FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000018,000000E0,?,?,00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF05FA

Strings

MAD, xrefs: 00DF04BD
CALIBRATE, xrefs: 00DF04C2

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$ProtectVirtual$CacheCurrentFindFlushFreeInstructionLoadLockProcessSizeofVersion
String ID: userBRATE$MAD
API String ID: 1882499578-3621652002
Opcode ID: fe69d50a5810d5012cede1c9ee77cf6447f42587ffd2aa2a0abee61518c12af8
Instruction ID: 7821154558fb9d4aa57a56a3aecf88c36d5d4280fb78d06ff214549c473b1ac4
Opcode Fuzzy Hash: fe69d50a5810d5012cede1c9ee77cf6447f42587ffd2aa2a0abee61518c12af8
Instruction Fuzzy Hash: C241AD71A00708EFC720DFA9C981A9ABBF9FF48310B618665E145D7792D770EA05CF60

Function 00DC27B8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66threadsynchronizationCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00DC27C0
GetCurrentThreadId.KERNEL32 ref: 00DC27D5
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00DC27F9
EnterCriticalSection.KERNEL32(00000000), ref: 00DC2816
GetCurrentThreadId.KERNEL32 ref: 00DC283C
LeaveCriticalSection.KERNEL32(00000000,00DC2876,00000000), ref: 00DC2869
SetLastError.KERNEL32(?), ref: 00DC288D

Strings

@, xrefs: 00DC27DA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalCurrentErrorLastSectionThread$EnterLeaveObjectSingleWait
String ID: @
API String ID: 4100131725-935976969
Opcode ID: 54615c525e1b17e32880f240ec7260f22e2d92d8d24a0907211dfeefb48c56f1
Instruction ID: 852c0f4e26526b6344da1cc8eb721e0c9a27cabdaf6f33b8f2b0b5932e631881
Opcode Fuzzy Hash: 54615c525e1b17e32880f240ec7260f22e2d92d8d24a0907211dfeefb48c56f1
Instruction Fuzzy Hash: 0D11E235A087029FDB15EBA9FC85F2A73ADFB55314F240669F040932D1CB35984AC6B5

Function 00DC9A1C Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 306libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(mapi32.dll,MAPISendMail,00000000,00DC9E28), ref: 00DC9A84

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

SetWindowPos.USER32(00000000,000000FE,00000000,00000000,00000000,00000000,00000003), ref: 00DC9D3F
SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 00DC9DB6

Strings

MAPISendMail, xrefs: 00DC9A7A
\M, xrefs: 00DC9B0A
O, xrefs: 00DC9C89
mapi32.dll, xrefs: 00DC9A7F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$AddressLibraryLoadProc
String ID: MAPISendMail$\M$mapi32.dll$O
API String ID: 324724604-3011770286
Opcode ID: 13c3b989217aae23fa3e5f7fae836d6fd52c1a0549f2029d6c0ac7805f28486f
Instruction ID: 819a3f3e98214ba739126b75d1a78cad8ea13b4917d5ba408718e2c89afd8380
Opcode Fuzzy Hash: 13c3b989217aae23fa3e5f7fae836d6fd52c1a0549f2029d6c0ac7805f28486f
Instruction Fuzzy Hash: 9BD12874A0020A9FDB10EFA8D8A5F9EF7B5FF49310F104169E805AB3A1DB34A945CB70

Function 00DCE0D4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 159fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00DCE33B), ref: 00DCE132
ReadFile.KERNEL32(?,?,?,?,00000000,00DCE394,00DCE394,00DCE3D8,?,Content-Disposition: attachment; filename=",00DCE394,Content-Transfer-Encoding: base64,00DCE394,00DCE3D8,?,; name="), ref: 00DCE27D

Strings

Content-Type: , xrefs: 00DCE1D1
; name=", xrefs: 00DCE1FF
Content-Disposition: attachment; filename=", xrefs: 00DCE21B
Content-Transfer-Encoding: base64, xrefs: 00DCE211
=?UTF-8?B?, xrefs: 00DCE15F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$PointerRead
String ID: ; name="$=?UTF-8?B?$Content-Disposition: attachment; filename="$Content-Transfer-Encoding: base64$Content-Type:
API String ID: 3154509469-997207792
Opcode ID: 7da76579233c0a8eaa25429b673d8bbc814c9ee37dfe2529b3a3210dbd25b1f4
Instruction ID: a88e3681f54789abea8160e37e04f2fbfcd486fb04146e753329efbc534773fd
Opcode Fuzzy Hash: 7da76579233c0a8eaa25429b673d8bbc814c9ee37dfe2529b3a3210dbd25b1f4
Instruction Fuzzy Hash: 07515070A4125AAFDB20EF95CC85F9DBBB9EB48700F5041E9A408A7241C774AF498F71

Function 00DAE6F4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00DAE78D
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00DAE7A9
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00DAE7E2
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00DAE85F
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00DAE878
VariantCopy.OLEAUT32(?), ref: 00DAE8AD

Strings

, xrefs: 00DAE70E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-3916222277
Opcode ID: 5567213ce63aea8bb932cc0236bfbb2d75e23a91ac60e9cb5867e5c8afd7bf0c
Instruction ID: 3007daf3bc2137fb307e9fcad3cd745412bf3c1e0eb0b0f28b7da70caebe1c6c
Opcode Fuzzy Hash: 5567213ce63aea8bb932cc0236bfbb2d75e23a91ac60e9cb5867e5c8afd7bf0c
Instruction Fuzzy Hash: 01510B75A006299BDB22DB58C881BD9B7BCEF4E310F0442E5E508E7202DA74AF84CF71

Function 00E0694C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00000800,00001000,00000004,00000000,00E06ADF), ref: 00E069AB
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000800,00001000,00000004,00000000,00E06ADF), ref: 00E06A61
GetCurrentProcess.KERNEL32(00000001,00000000,?,00000000,00000000,00000002,?,00000000,00000800,00001000,00000004,00000000,00E06ADF), ref: 00E06A6F
DuplicateHandle.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00000002,?,00000000,00000800,00001000,00000004,00000000,00E06ADF), ref: 00E06A75
VirtualFree.KERNEL32(?,00000000,00008000,00000000,00E06ADF), ref: 00E06AB7

Strings

Section, xrefs: 00E069E6
pY, xrefs: 00E06981

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcessVirtual$AllocDuplicateFreeHandle
String ID: Section$pY
API String ID: 1102303272-3087690930
Opcode ID: a11824c1e62f5353fff05cbe083da3df1e68553554dc0589f0209f1b4b575686
Instruction ID: b3c88cb06ad45c1f29a328f292c5b715ce133d973dfd2c4c6852f6e71b9a72b9
Opcode Fuzzy Hash: a11824c1e62f5353fff05cbe083da3df1e68553554dc0589f0209f1b4b575686
Instruction Fuzzy Hash: B241A170B04309AFDB00EFA9DC42B9EB7B8EB48314F608475E804F3291DB74A955CA70

Function 00DF0310 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00000000), ref: 00DF0355
GetModuleHandleA.KERNEL32(00000000,.bpl,?,?,?,00000000,00DF045B,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00DF0394
GetProcAddress.KERNEL32(00000000,00000000), ref: 00DF03A8
GetProcAddress.KERNEL32(?,00000000), ref: 00DF0408

Strings

$M, xrefs: 00DF03E6
.bpl, xrefs: 00DF03EE
.bpl, xrefs: 00DF0379

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: $M$.bpl$.bpl
API String ID: 667068680-1635014792
Opcode ID: db95314d002a77eca84d66d1e5c1bc046e062ebf88f23a056920331c28ae78e2
Instruction ID: 62adf842149397bad22d18e4bad5e0d850a9bc2e41bc106ce883ded5ef6f50d0
Opcode Fuzzy Hash: db95314d002a77eca84d66d1e5c1bc046e062ebf88f23a056920331c28ae78e2
Instruction Fuzzy Hash: 61314F74A0420DAFDB11EBA4D891ABEB7F9EF48304F118465BA05E7352DA34DE019B70

Function 00DE5744 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 80COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,00000000,00DE5842,?,00000000), ref: 00DE576D

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

GlobalMemoryStatus.KERNEL32(00000020), ref: 00DE5796

Strings

kernel32.dll, xrefs: 00DE5768
, xrefs: 00DE578B
MB (free/total), xrefs: 00DE5816
@, xrefs: 00DE577C
GlobalMemoryStatusEx, xrefs: 00DE5763

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressGlobalHandleMemoryModuleProcStatus
String ID: $ MB (free/total)$@$GlobalMemoryStatusEx$kernel32.dll
API String ID: 2450578220-3622284896
Opcode ID: e8550990ed242d0ca0b742b70c670da8bf949335f8612326a6ec6efdc1fc0eff
Instruction ID: 962686b94d68fcb483481967486be7c465a4b892a13aca7fbe00e5e9f5c14463
Opcode Fuzzy Hash: e8550990ed242d0ca0b742b70c670da8bf949335f8612326a6ec6efdc1fc0eff
Instruction Fuzzy Hash: 65218174E047489FDB10EBE5DC42B9EB7BAEF88744F508025F508AB289E7759804CA70

Function 00DE59A4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000000), ref: 00DE59C6
GetSystemMetrics.USER32(00000001), ref: 00DE59E7
GetDC.USER32(00000000), ref: 00DE5A0B
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00DE5A20
GetDeviceCaps.GDI32(00000000,0000000E), ref: 00DE5A2A
ReleaseDC.USER32(00000000,00000000), ref: 00DE5A59

Strings

bit, xrefs: 00DE5A45

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CapsDeviceMetricsSystem$Release
String ID: bit
API String ID: 447804332-695339687
Opcode ID: f3f270ef2bbb5337f69a450386ae63dc107e2ffc9126fa93dcd18bb776c67d2f
Instruction ID: 14471c6575751cf4d5644bb03e8696c78d0bc02c2d010331c53f3dc50ac3a264
Opcode Fuzzy Hash: f3f270ef2bbb5337f69a450386ae63dc107e2ffc9126fa93dcd18bb776c67d2f
Instruction Fuzzy Hash: BE11C135B402087FF701B6A49C53FAF7A9EDF48B40F908032FA04AA2C2D9B1AD0147B0

Function 00D749F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?), ref: 00D74A01
GetModuleHandleW.KERNEL32(kernel32.dll,?), ref: 00D74A1F

Part of subcall function 00D76EF4: GetProcAddress.KERNEL32(00000000,00000023), ref: 00D76F3A

GetModuleHandleW.KERNEL32(kernel32.dll,QT_Thunk), ref: 00D74A90

Strings

GetFreeSystemResources, xrefs: 00D74A77
QT_Thunk, xrefs: 00D74A86
kernel32.dll, xrefs: 00D74A1A, 00D74A8B
user.exe, xrefs: 00D74A62

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModule$AddressProcVersion
String ID: GetFreeSystemResources$QT_Thunk$kernel32.dll$user.exe
API String ID: 390958798-3315640428
Opcode ID: fcd08d41d625189e21d12cbf9b9f64af660dd2560b9c8bd0226ebb813e7188c2
Instruction ID: 2628c54a9f0e456a2a7289ab497cb19c3459ab8b61679c5662cab6415a305630
Opcode Fuzzy Hash: fcd08d41d625189e21d12cbf9b9f64af660dd2560b9c8bd0226ebb813e7188c2
Instruction Fuzzy Hash: C911D638A40704DFCB21AFB9EC4975D72B4EF04305F04D069F408A6262FB799A49CBB6

Function 00D67288 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread), ref: 00D672C1
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?,?,00D67462,00D649DF,00D64A26,00000000), ref: 00D672C7
GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?), ref: 00D672E2
WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C), ref: 00D672E8

Strings

Error, xrefs: 00D672FA
Runtime error at 00000000, xrefs: 00D672BA, 00D672FF
<, xrefs: 00D672A6

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileHandleWrite
String ID: <$Error$Runtime error at 00000000
API String ID: 3320372497-2274618779
Opcode ID: 11519a5294a83f5c398f3462aaf38acba96d449fa3b36d9b0940c81d07dc50e8
Instruction ID: 22320ca44adbcdc5f30fd61194ffd72886f606a6d07006f4e89c958cebe2c1b4
Opcode Fuzzy Hash: 11519a5294a83f5c398f3462aaf38acba96d449fa3b36d9b0940c81d07dc50e8
Instruction Fuzzy Hash: A7F0BB907C87487FF621E7A46C47F7A265CD756F15F540615F320B51D5C6E448C8A332

Function 00DEEF30 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00DEDFC8: GetModuleHandleA.KERNEL32(00000000,00000000,00DEE0D8), ref: 00DEDFFF
Part of subcall function 00DEDFC8: GetModuleHandleW.KERNEL32(00000000,00000000,00000000,00DEE0D8), ref: 00DEE030
Part of subcall function 00DEDFC8: VirtualProtect.KERNEL32(00000000,00000004,00000040,00DC27AA,00000000,00000000,00DEE0D8), ref: 00DEE098
Part of subcall function 00DEDFC8: VirtualProtect.KERNEL32(00000000,00000004,00DC27AA,00DC27AA,00000000,00000004,00000040,00DC27AA,00000000,00000000,00DEE0D8), ref: 00DEE0B1

GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00DEEF08,00E48EE8,00000000,00DEEEE4,00E48EE4,00000000,00DEEEBC,00E48EE0,00000000,00DEEE98,00E48EDC,00DC25A8,00000000), ref: 00DEEFB4
FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,00DEEF08,00E48EE8,00000000,00DEEEE4,00E48EE4,00000000,00DEEEBC,00E48EE0,00000000,00DEEE98,00E48EDC,00DC25A8), ref: 00DEEFBA

Strings

user32.dll, xrefs: 00DEEF46, 00DEEF66, 00DEEF86, 00DEEFA6
PeekMessageW, xrefs: 00DEEFA1
GetMessageA, xrefs: 00DEEF41
GetMessageW, xrefs: 00DEEF81
PeekMessageA, xrefs: 00DEEF61

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModuleProtectVirtual$CacheCurrentFlushInstructionProcess
String ID: GetMessageA$GetMessageW$PeekMessageA$PeekMessageW$user32.dll
API String ID: 2904972074-3894203765
Opcode ID: 0bb5e0742a199b0df6944eb42fec245d757aaca2a447886bbc247d503aec54a6
Instruction ID: 738a9a474ef30d507ef4347d06d5e2aa53b89586a4dcc832774cd2343937a92e
Opcode Fuzzy Hash: 0bb5e0742a199b0df6944eb42fec245d757aaca2a447886bbc247d503aec54a6
Instruction Fuzzy Hash: E8F022007C43C12BDA14B2572D27F2F2A03CFA0F55F525029B6027E7D6CC96981552BA

Function 00D63754 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000,?,?,00000000,00D633C4), ref: 00D637EA
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,00D633C4), ref: 00D63804

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 19ea0a3fee086e11da77947cf8a0f397b64a363dd7e03e894cd6d3aadc4500ae
Instruction ID: c590e0013c363654fe6d6b8814835a325b7dbfd3da9d512375fadb7201c08c36
Opcode Fuzzy Hash: 19ea0a3fee086e11da77947cf8a0f397b64a363dd7e03e894cd6d3aadc4500ae
Instruction Fuzzy Hash: 4B71E5716457008FD715CF29CD85B66BBE4AF86310F1882A9E8888B392D670DE49CBB1

Function 00D884A6 Relevance: 12.1, APIs: 8, Instructions: 132synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00000000,00000000,80000000,00000000,00000000,00000000,00000000), ref: 00D884CA
GetCurrentProcess.KERNEL32(80000000,00000000,00000CB0), ref: 00D88512
GetCurrentProcess.KERNEL32(80000000,00000000,00000000,00000000,00D85B44,?), ref: 00D8853E
GetCurrentProcess.KERNEL32(80000000,00000000,00000000,00D85AC8,?), ref: 00D885CD
GetCurrentProcess.KERNEL32(80000000,00000000), ref: 00D88611
GetCurrentProcess.KERNEL32 ref: 00D8861D
ReleaseMutex.KERNEL32(00D88650,00D88650), ref: 00D8863A
CloseHandle.KERNEL32(00D88650,00D88650,00D88650), ref: 00D88643

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcess$CloseHandleMutexRelease
String ID:
API String ID: 3665832126-0
Opcode ID: bb4fe9466d53f1ffadd0e44b72b7338f24805528e5525f90c0bd88c4ec6e7a4b
Instruction ID: d43d88ed622e1399ada4bf69ec9ee09be59bbb3e60c106cb925e294953d62231
Opcode Fuzzy Hash: bb4fe9466d53f1ffadd0e44b72b7338f24805528e5525f90c0bd88c4ec6e7a4b
Instruction Fuzzy Hash: F0413D34744204AFEB10EF68DC8AF5A7BA9EB49311F648454F908EB292CB74ED41CB64

Function 00D924C0 Relevance: 12.1, APIs: 8, Instructions: 109fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D925F7,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00D924FE
CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7,?,?,?,?,00000000,00000000,00000000), ref: 00D92521
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7,?,?,?,?,00000000,00000000,00000000), ref: 00D92551
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7), ref: 00D92571
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7), ref: 00D92591
GetVersion.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7), ref: 00D9259C
DeleteFileW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7), ref: 00D925B0
DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D925F7), ref: 00D925CF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$CreateDeleteVersion$CloseHandleWrite
String ID:
API String ID: 907546642-0
Opcode ID: 42abc500c4a5dc5d2892da8b9d7aa7c1e17f7b1fadf181aa3b2ef4f0ac8f2e3a
Instruction ID: f5a50844f93370c17dc6e1f406098eeb3c71ee116da2eecf0df6ed73ec661572
Opcode Fuzzy Hash: 42abc500c4a5dc5d2892da8b9d7aa7c1e17f7b1fadf181aa3b2ef4f0ac8f2e3a
Instruction Fuzzy Hash: 8031BF70B44249BBEF60E6B4DC53FBEB2A9DB44700F260561F500E72D2CAB4AE049231

Function 00D92390 Relevance: 12.1, APIs: 8, Instructions: 105fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D924B0,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00D923AE
CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0,?,?,?,?,00000000,00000000,00000000), ref: 00D923D1
CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0,?,?,?,?,00000000,00000000,00000000), ref: 00D92401
WriteFile.KERNEL32(00000000,?,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0), ref: 00D9242B
CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0), ref: 00D92448
GetVersion.KERNEL32(00000000,00000000,?,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0), ref: 00D92451
DeleteFileW.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0), ref: 00D92465
DeleteFileA.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00D924B0), ref: 00D92484

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$CreateDeleteVersion$CloseHandleWrite
String ID:
API String ID: 907546642-0
Opcode ID: 5a5792a3ecec1261080a815d9bd08a3bb1536592d6438d8acda38e020e97bb1e
Instruction ID: 229b8b8cdbbc8d1f56f69a8c627399be94850309b34810dcc26a5f732bb3392a
Opcode Fuzzy Hash: 5a5792a3ecec1261080a815d9bd08a3bb1536592d6438d8acda38e020e97bb1e
Instruction Fuzzy Hash: 95315E70B84208BBEF20FAB4DC43F7EB2ADDB64700F640525F904A71D2DAB8AD019275

Function 00E06B04 Relevance: 12.1, APIs: 8, Instructions: 105COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNEL32(00000004,00000000,?,00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06B7B
GetLastError.KERNEL32(00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06B8A
OpenFileMappingW.KERNEL32(00000004,00000000,?,00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06BB5
SetLastError.KERNEL32(00000000,00000004,00000000,?,00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06BC1
GetLastError.KERNEL32(00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06BCA
GetLastError.KERNEL32(00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06BD7
SetLastError.KERNEL32(00000000,00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06C00
SetLastError.KERNEL32(00000000,00000000,00E06C28,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06C08

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$FileMappingOpen
String ID:
API String ID: 3574041349-0
Opcode ID: afc7555eb3c22a8c8ab3bf28d049275a9a98739859b9a37a74e492d09d592238
Instruction ID: ed99c60c471be70398be5d30cc409eb8b44796f424bd57323de3d71b6cb5498e
Opcode Fuzzy Hash: afc7555eb3c22a8c8ab3bf28d049275a9a98739859b9a37a74e492d09d592238
Instruction Fuzzy Hash: 9B31A475B0420A9BEB00EBE4D881BAFB3B9DF55314F614565F900A3281EA70AE458671

Function 00D77238 Relevance: 12.1, APIs: 8, Instructions: 102COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000,?,00D86A74,?,00000000,00D86C91), ref: 00D77262
FindResourceW.KERNEL32(?,00000000,0000000A,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000,?,00D86A74,?), ref: 00D77278
FindResourceA.KERNEL32(?,00000000,0000000A), ref: 00D772A2
LoadResource.KERNEL32(?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000), ref: 00D772F4
SizeofResource.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000), ref: 00D77303
LockResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4), ref: 00D7730A
FreeResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4), ref: 00D77322

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$Find$FreeLoadLockSizeofVersion
String ID:
API String ID: 1950835217-0
Opcode ID: c79da373b7d1357c28499198a2e940bb4491f3741cfe5bd375c74c20718dbccd
Instruction ID: 66d41fc934847bdc4b3d7b4d314efd6384f1b8dd722a79432db549924cd43305
Opcode Fuzzy Hash: c79da373b7d1357c28499198a2e940bb4491f3741cfe5bd375c74c20718dbccd
Instruction Fuzzy Hash: 6A318D34B082097BDB11F6A8DC82FBEB2ADEF49300F144425F904E3282EE74ED019275

Function 00DC254C Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00000000,00000000,00DC27AA), ref: 00DC259E

Part of subcall function 00DEEF30: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00DEEF08,00E48EE8,00000000,00DEEEE4,00E48EE4,00000000,00DEEEBC,00E48EE0,00000000,00DEEE98,00E48EDC,00DC25A8,00000000), ref: 00DEEFB4
Part of subcall function 00DEEF30: FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,00DEEF08,00E48EE8,00000000,00DEEEE4,00E48EE4,00000000,00DEEEBC,00E48EE0,00000000,00DEEE98,00E48EDC,00DC25A8), ref: 00DEEFBA

EnterCriticalSection.KERNEL32(00000000,00000000,00DC27AA), ref: 00DC25BB
CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00DC264D,?,00000000,00000000,00DC27AA), ref: 00DC25F5
ResetEvent.KERNEL32(00000000,00000000,00DC264D,?,00000000,00000000,00DC27AA), ref: 00DC2607
CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00DC264D,?,00000000,00000000,00DC27AA), ref: 00DC261D
ResetEvent.KERNEL32(00000000,00000000,00000000,00DC264D,?,00000000,00000000,00DC27AA), ref: 00DC262F
LeaveCriticalSection.KERNEL32(00000000,00DC2654,00000000,00000000,00DC27AA), ref: 00DC2647

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Event$CriticalSection$CreateReset$CacheCurrentEnterFlushInitializeInstructionLeaveProcess
String ID:
API String ID: 3664841966-0
Opcode ID: 4ba9c2e0019ffd25eaf9fcb626fbecdf55a825c22df4b2d6ccba1c8c1068758b
Instruction ID: e0054d9a475f7cb1342eee7baa9a3d601ef2700765b9eed1615c1fe329f1a83a
Opcode Fuzzy Hash: 4ba9c2e0019ffd25eaf9fcb626fbecdf55a825c22df4b2d6ccba1c8c1068758b
Instruction Fuzzy Hash: 1D31C178A09644AFEB11EBB9ED52F2D73ADE75A700F200529F440A32E1CB745909CB34

Function 00E0B2FC Relevance: 12.1, APIs: 8, Instructions: 66networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00E0B114: WSAStartup.WSOCK32(00000201,?,00E0B30E,?,00000001,00000000,00E0B5F4,00000000,00E0B78B,?,?,?,?,00000000,00000000), ref: 00E0B129

socket.WSOCK32(00000002,00000001,00000000,?,00000001,00000000,00E0B5F4,00000000,00E0B78B,?,?,?,?,00000000,00000000), ref: 00E0B314
inet_addr.WSOCK32(00000000,00000002,00000001,00000000,?,00000001,00000000,00E0B5F4,00000000,00E0B78B,?,?,?,?,00000000,00000000), ref: 00E0B333
htons.WSOCK32(0000504A,00000000,00000002,00000001,00000000,?,00000001,00000000,00E0B5F4,00000000,00E0B78B,?,?,?,?,00000000), ref: 00E0B33D
ioctlsocket.WSOCK32(00000000,8004667E,?,0000504A,00000000,00000002,00000001,00000000,?,00000001,00000000,00E0B5F4,00000000,00E0B78B), ref: 00E0B35A
connect.WSOCK32(00000000,?,00000010,00000000,8004667E,?,0000504A,00000000,00000002,00000001,00000000,?,00000001,00000000,00E0B5F4,00000000), ref: 00E0B367
select.WSOCK32(00000000,00000000,?,00000000,?,00000000,?,00000010,00000000,8004667E,?,0000504A,00000000,00000002,00000001,00000000), ref: 00E0B391
ioctlsocket.WSOCK32(00000000,8004667E,?,00000000,00000000,?,00000000,?,00000000,?,00000010,00000000,8004667E,?,0000504A,00000000), ref: 00E0B3AC
closesocket.WSOCK32(00000000,00000000,8004667E,?,00000000,00000000,?,00000000,?,00000000,?,00000010,00000000,8004667E,?,0000504A), ref: 00E0B3B6

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ioctlsocket$Startupclosesocketconnecthtonsinet_addrselectsocket
String ID:
API String ID: 3192469240-0
Opcode ID: 437a35f8504b63a07fc42d941efdeb91713fc7e3cf0ffbcf4f0bb0cd1f27181d
Instruction ID: f2cb8ccb0204a6ff7105bd07c4332b573ad83b9781cf9ed6a6a1dd61e06cb326
Opcode Fuzzy Hash: 437a35f8504b63a07fc42d941efdeb91713fc7e3cf0ffbcf4f0bb0cd1f27181d
Instruction Fuzzy Hash: 98119D70605310AAE310EB748C42FEFAADCEF88754F004929F688E61D2E7B4894487B7

Function 00DC2B74 Relevance: 12.1, APIs: 8, Instructions: 59synchronizationthreadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(00000000,?,00DF25D4), ref: 00DC2B90
CloseHandle.KERNEL32(00000000,00000000,?,00DF25D4), ref: 00DC2B96
SetEvent.KERNEL32(00000000,00000000,00000000,?,00DF25D4), ref: 00DC2BB2
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,?,00DF25D4), ref: 00DC2BB8
WaitForSingleObject.KERNEL32(00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2BE0
TerminateThread.KERNEL32(00000000,00000000,00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2BF1
LocalFree.KERNEL32(00000000,00000000,00000000,00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2C05
CloseHandle.KERNEL32(00000000,00000000,000001F4,00000000,00000000,?,00DF25D4), ref: 00DC2C17

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseHandle$Event$FreeLocalObjectSingleTerminateThreadWait
String ID:
API String ID: 2097049876-0
Opcode ID: 71c980888da4d7989dae95fb9b47c4423cfecbf909e181e72c7711e472bc9b71
Instruction ID: 7a55c488e7c11ee9902175a3a32ab288e2bfb0d9d9ecbaae493bcb12f17fa20c
Opcode Fuzzy Hash: 71c980888da4d7989dae95fb9b47c4423cfecbf909e181e72c7711e472bc9b71
Instruction Fuzzy Hash: 0B11C474F423015FD754EB7AEE46B1E32AEE765300F144425B219E71E1DE349805DB30

Function 00E0AC94 Relevance: 12.0, APIs: 8, Instructions: 47fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E0A644: EnterCriticalSection.KERNEL32(00E5422C,00000000,00E0A77F), ref: 00E0A67F
Part of subcall function 00E0A644: LeaveCriticalSection.KERNEL32(00E5422C,00E0A743), ref: 00E0A736

CloseHandle.KERNEL32(00000000,00E0AD86,00000000,00E0B108), ref: 00E0ACC2
DeleteCriticalSection.KERNEL32(00E54248,00000000,00E0AD86,00000000,00E0B108), ref: 00E0ACD3
DeleteCriticalSection.KERNEL32(00E5422C,00E0AD86,00000000,00E0B108), ref: 00E0ACFD
DeleteCriticalSection.KERNEL32(00E54260,00E0AD86,00000000,00E0B108), ref: 00E0AD17
UnmapViewOfFile.KERNEL32(00000000,00E0AD86,00000000,00E0B108), ref: 00E0AD2B
LocalFree.KERNEL32(?,00E0AD86,00000000,00E0B108), ref: 00E0AD3F
LocalFree.KERNEL32(?,00E0AD86,00000000,00E0B108), ref: 00E0AD53
DeleteCriticalSection.KERNEL32(00E541FC,00E0AD86,00000000,00E0B108), ref: 00E0AD5D

Part of subcall function 00E0A594: EnterCriticalSection.KERNEL32(00E54248), ref: 00E0A5A3
Part of subcall function 00E0A594: SetEvent.KERNEL32(?,00000000,00E0A5F5,?,00E54248), ref: 00E0A5D4
Part of subcall function 00E0A594: LeaveCriticalSection.KERNEL32(00E54248,00E0A5FC,00E54248), ref: 00E0A5EF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$Delete$EnterFreeLeaveLocal$CloseEventFileHandleUnmapView
String ID:
API String ID: 3384265859-0
Opcode ID: 1c62185911e1532b62cecfe7e9ff01b5c12a4c5d670826d6aed3f46b155e22be
Instruction ID: da89cc5a765106eeeca93ff889ec853db7bdc09f05ccdd2918925390da419673
Opcode Fuzzy Hash: 1c62185911e1532b62cecfe7e9ff01b5c12a4c5d670826d6aed3f46b155e22be
Instruction Fuzzy Hash: AA114CA8E053849ED715E7BABD4A74437A5A71230EF091925A020731E3D77488CEC733

Function 00DC8E60 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 479COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,?,?,?,?,?,0000000A,00000000,00000000), ref: 00DC90C3
GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,?,0000000A,00000000,00000000), ref: 00DC90D8
GetVersion.KERNEL32(?,?,?,?,?,?,0000000A,00000000,00000000), ref: 00DC90E2
GetFileAttributesA.KERNEL32(00000000,?,?,?,?,?,?,0000000A,00000000,00000000), ref: 00DC910B

Strings

$M, xrefs: 00DC913C, 00DC9212
MEISEND32, xrefs: 00DC8EAB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AttributesFileVersion
String ID: $M$MEISEND32
API String ID: 3597509-3419220166
Opcode ID: 3d450579a36703e9eeae270f7c6827745a65cc273f91ea53b405cb6fa3686b16
Instruction ID: ac3dbec61c12d85817bf9374af269a648a82f15759b7187da03729a6a7a7b1f0
Opcode Fuzzy Hash: 3d450579a36703e9eeae270f7c6827745a65cc273f91ea53b405cb6fa3686b16
Instruction Fuzzy Hash: E612D474A0020A9FDB00EF98C895E9EB7B5FF49304F544169E905AB365DB31ED4ACBB0

Function 00D6394C Relevance: 10.9, APIs: 7, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4190c8bd80df79c1bae4e911240365aa160ebb0ee73c46eda3a53ae27f2a8fa0
Instruction ID: c44276e4e516333d6c8d159d71f08a4d2f7a5bbe9ae35fc2ee59a1b869f3d3e9
Opcode Fuzzy Hash: 4190c8bd80df79c1bae4e911240365aa160ebb0ee73c46eda3a53ae27f2a8fa0
Instruction Fuzzy Hash: 94C1F0627106000BE715AA7DDC8576EB796EBC5321F1C823AF254CB3D6DBA4CE4A9370

Function 00DB73B0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 311memorywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB72AC: FindResourceA.KERNEL32(00000000,TMADEXCEPT,0000000A), ref: 00DB72B4

LoadResource.KERNEL32(00DC7BF0,00000000,00000000,00DB776E,?,00000000,00DC7BF0,00DC7BF0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DB7416
LockResource.KERNEL32(00000000,00DC7BF0,00000000,00000000,00DB776E,?,00000000,00DC7BF0,00DC7BF0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DB7424
LocalAlloc.KERNEL32(00000040,00DC7BF0,?,00000000,00DC7BF0,00DC7BF0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DB7D86,00000000), ref: 00DB7483
MessageBoxA.USER32(00000000,00000000,00DB77D0,00DC7723), ref: 00DB7733

Strings

Internal error: Invalid settings resource (, xrefs: 00DB76FA
madExcept, xrefs: 00DB76F5

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$AllocFindLoadLocalLockMessage
String ID: Internal error: Invalid settings resource ($madExcept
API String ID: 2403918263-2831247935
Opcode ID: 8c5915d4fc3ef060ffa8997bebccfc442fe43966239a07055424a400dc0fcf63
Instruction ID: cdfe0ba683fbd33eb01739b8268f4332b7a3500093552765ed9f7f81e7c4c31a
Opcode Fuzzy Hash: 8c5915d4fc3ef060ffa8997bebccfc442fe43966239a07055424a400dc0fcf63
Instruction Fuzzy Hash: 83B14F70A48219EFDB10DBA4CC82FEE77B9EB55704F204161F502BB291DA70AE05C7B1

Function 00DE3248 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 243COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00000000,00000000), ref: 00DE32FF
GetVersion.KERNEL32(?,00000000,00000000), ref: 00DE3397

Strings

<, xrefs: 00DE330B, 00DE3337, 00DE3374, 00DE33A3, 00DE33D2, 00DE342A, 00DE3459
Content-Type: text/html, xrefs: 00DE3414
T, xrefs: 00DE327E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Version
String ID: <$Content-Type: text/html$T
API String ID: 1889659487-1792685201
Opcode ID: 992b43190aeb23759498e930d9ddb633b256dbac5685304e551a1347c44b4ed5
Instruction ID: e62c1e975738b4f5b3c2dee5d254e9a5a6b6f5da18c4c9f8a5bcfc95cdd8c4a4
Opcode Fuzzy Hash: 992b43190aeb23759498e930d9ddb633b256dbac5685304e551a1347c44b4ed5
Instruction Fuzzy Hash: DFA13D34A04149EFCB00FFE5D989AADB3B5EF49304F6441A5E801AB365DB30AE46DB71

Function 00E08CE8 Relevance: 10.7, APIs: 7, Instructions: 209memorythreadCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,00000000,00E08F58), ref: 00E08DC3
LocalAlloc.KERNEL32(00000040,?,?,00000000,00E08F58), ref: 00E08DCE
LocalAlloc.KERNEL32(00000040,?,00000000,00E08F58), ref: 00E08E05
GetCurrentProcessId.KERNEL32 ref: 00E08E2A
GetVersion.KERNEL32 ref: 00E08E47
GetCurrentThreadId.KERNEL32 ref: 00E08E76
LocalFree.KERNEL32(?,00E08F5F), ref: 00E08F52

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$AllocCurrentFree$ProcessThreadVersion
String ID:
API String ID: 2537464099-0
Opcode ID: 2300d18300daed12e354a40f3387ab450a41f332a2f496b206733217d6913fd3
Instruction ID: 931591f068c56794b7406a4c2881e7bbf534a715c78a4d013bf83b1f7319a83f
Opcode Fuzzy Hash: 2300d18300daed12e354a40f3387ab450a41f332a2f496b206733217d6913fd3
Instruction Fuzzy Hash: C4816471B00209AFDB00DFA9C981BAEB7F9EF49304F1450A5E944F7291DB70AD82CB61

Function 00D71D04 Relevance: 10.7, APIs: 7, Instructions: 174libraryloaderwindowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D71F1E,?,?,?,?,00000003,00000000,00000000), ref: 00D71D29
GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00D71F1E,?,?,?,?,00000003,00000000,00000000), ref: 00D71D83
GetProcAddress.KERNEL32(00000000,00000000), ref: 00D71D89
LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000000,00D71F1E,?,?,?,?,00000003,00000000,00000000), ref: 00D71DC6
FormatMessageW.KERNEL32(00001300,?,?,00000400,?,00000000,00000000,00000000,00D71EE4,?,00000000,00D71F1E), ref: 00D71E02
LocalFree.KERNEL32(?,00D71EC7,00001300,?,?,00000400,?,00000000,00000000,00000000,00D71EE4,?,00000000,00D71F1E), ref: 00D71E77

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressFormatFreeHandleLibraryLoadLocalMessageModuleProcVersion
String ID:
API String ID: 2152434335-0
Opcode ID: 4584493868a946f9d4d24902545f2b5e49308a20ef0bf88174386b592064b257
Instruction ID: 9b0d59a5159a71588d69b17bbc375f93717d5af085f351ddc6662b5be62fcefb
Opcode Fuzzy Hash: 4584493868a946f9d4d24902545f2b5e49308a20ef0bf88174386b592064b257
Instruction Fuzzy Hash: 97518479B142059FEB11EBA8CC42BAEB7B9EF48700F508565F904E7291EB749D05CB70

Function 00D6643C Relevance: 10.6, APIs: 7, Instructions: 131threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00D666D8: GetCurrentThreadId.KERNEL32 ref: 00D666DB

GetTickCount.KERNEL32 ref: 00D66473
GetTickCount.KERNEL32 ref: 00D6648B
GetCurrentThreadId.KERNEL32 ref: 00D664BB
GetTickCount.KERNEL32 ref: 00D664E6
GetTickCount.KERNEL32 ref: 00D6651D
GetTickCount.KERNEL32 ref: 00D66547
GetCurrentThreadId.KERNEL32 ref: 00D665B7

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CountTick$CurrentThread
String ID:
API String ID: 3968769311-0
Opcode ID: d328b02d6bce57061e469c8d8857b36be9b563a1f54c24a95adb09106575b078
Instruction ID: 7caeef675b7668d17b0b2cc1757d956b9b6c9daf7c1d2e5bc644857e7945f87b
Opcode Fuzzy Hash: d328b02d6bce57061e469c8d8857b36be9b563a1f54c24a95adb09106575b078
Instruction Fuzzy Hash: F541AB706083419FD721EE7DC68532EBBD1AF91350F198A2CE4D98728AEB75D8848772

Function 00DB2E3C Relevance: 10.6, APIs: 7, Instructions: 120registryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DB2F8F), ref: 00DB2E67
RegCreateKeyExW.ADVAPI32(?,00000000,00000000,00000000,00000000,000F003F,00000000,?,?,00000000,00DB2F8F), ref: 00DB2E91
RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,00000000,-00000002,?,00000000,00000000,00000000,00000000,000F003F,00000000,?,?,00000000), ref: 00DB2EC6
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,-00000002,?,00000000,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 00DB2ED4
RegCreateKeyExA.ADVAPI32(?,00000000,00000000,00000000,00000000,000F003F,00000000,?,?,00000000,00DB2F8F), ref: 00DB2F0C
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000000,00000000,00000000,00000000,000F003F,00000000,?,?,00000000), ref: 00DB2F59
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000000,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 00DB2F67

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseCreateValue$Version
String ID:
API String ID: 1932684315-0
Opcode ID: e7d3454343a2da86ebbdbe6bda7700e346161de4a83c4afe0ea7fb9fc29eab4e
Instruction ID: b0f0f178c0a9eab30d497e70735b06fe53ef675790cdb4eb3bd30fe9bc5e97b7
Opcode Fuzzy Hash: e7d3454343a2da86ebbdbe6bda7700e346161de4a83c4afe0ea7fb9fc29eab4e
Instruction Fuzzy Hash: 87414D71B44209BBEB10EAA5DC82FBFB7BDEF09700F504165BA05E7681DA74AE018674

Function 00DB49DC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

SHGetMalloc.SHELL32(?), ref: 00DB4A18
SHGetSpecialFolderLocation.SHELL32(000000FF,00000010,?,00000000,00DB4B5F,?,?,?,00E44D0C,?,00DB4FA9,00000000,?,?,?,00000000), ref: 00DB4A2C
GetModuleHandleW.KERNEL32(shell32.dll,SHGetPathFromIDListW,000000FF,00000010,?,00000000,00DB4B5F,?,?,?,00E44D0C,?,00DB4FA9,00000000), ref: 00DB4A4C

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

SHGetPathFromIDListA.SHELL32(?,?,000000FF,00000010,?,00000000,00DB4B5F,?,?,?,00E44D0C,?,00DB4FA9,00000000), ref: 00DB4A99

Strings

SHGetPathFromIDListW, xrefs: 00DB4A42
shell32.dll, xrefs: 00DB4A47

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressFolderFromHandleListLocationMallocModulePathProcSpecial
String ID: SHGetPathFromIDListW$shell32.dll
API String ID: 509699003-4041819787
Opcode ID: 021ef07b03d7a3ec0f2a5efc33b682a5bf3cb3a2cd123bcf6f933ce3f43679f6
Instruction ID: 470dd98db070b77778d4246b694272f27b3dc48268240ef1a2d38bdf35de3e12
Opcode Fuzzy Hash: 021ef07b03d7a3ec0f2a5efc33b682a5bf3cb3a2cd123bcf6f933ce3f43679f6
Instruction Fuzzy Hash: 4741AC70A40218DFCB20EBA9C885BEEB3B9EF48314F5441A5B105D3296DB74DE848F70

Function 00E3C70C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 94fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E3C588: GetLastError.KERNEL32 ref: 00E3C597
Part of subcall function 00E3C588: GetFileSecurityW.ADVAPI32(00000000,00000007,00000000,00000000,?), ref: 00E3C5B1
Part of subcall function 00E3C588: GetLastError.KERNEL32(00000000,00000007,00000000,00000000,?), ref: 00E3C5BE
Part of subcall function 00E3C588: SetLastError.KERNEL32(00000000,00000000,00000007,00000000,00000000), ref: 00E3C5D8
Part of subcall function 00E3C588: LocalAlloc.KERNEL32(00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C5EC
Part of subcall function 00E3C588: GetFileSecurityW.ADVAPI32(00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C610
Part of subcall function 00E3C588: ImpersonateSelf.ADVAPI32(00000002,00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000,00000000), ref: 00E3C61F
Part of subcall function 00E3C588: GetCurrentThread.KERNEL32 ref: 00E3C635
Part of subcall function 00E3C588: OpenThreadToken.ADVAPI32(00000000,0000000E,00000000,00000000,00000002,00000000,00000007,00000000,00000000,00001000,00000040,00001000,00000000,00000000,00000007,00000000), ref: 00E3C63B
Part of subcall function 00E3C588: MapGenericMask.ADVAPI32(00000007,00120089,00000000,0000000E,00000000,00000000,00000002,00000000,00000007,00000000,00000000), ref: 00E3C68A
Part of subcall function 00E3C588: AccessCheck.ADVAPI32(00000000,001200A0,001200A0,00000000,00000000,00120089,00000014,00000000,00000007,00120089,00000000,0000000E,00000000,00000000,00000002,00000000), ref: 00E3C6D1

CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,?,00E3CB5D), ref: 00E3C798
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,?,?,?,00000000), ref: 00E3C7BB
CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,40000000,00000000,00000000,00000002,00000000,00000000,?,?,?), ref: 00E3C7C1
DeleteFileW.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,?,00E3CB5D,?,00000000,00E3CB74,?,?,00000000), ref: 00E3C7D1

Strings

Settings, xrefs: 00E3C7DA
Software\madshi\madVR, xrefs: 00E3C7DF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$ErrorLast$SecurityThread$AccessAllocCheckCloseCreateCurrentDeleteGenericHandleImpersonateLocalMaskOpenSelfTokenWrite
String ID: Settings$Software\madshi\madVR
API String ID: 3091862833-4143706345
Opcode ID: d83aafb06497738a5b365fea7c716e99b4f9dc370efa98c47a1da461bfc74f5a
Instruction ID: 9fbb481d6c5bdfba5662f9531ce09435e7bc112de661eaeedc28b3e5676d7b3e
Opcode Fuzzy Hash: d83aafb06497738a5b365fea7c716e99b4f9dc370efa98c47a1da461bfc74f5a
Instruction Fuzzy Hash: 5B3161B4640208AFDB04DF64CD8AB9A77E9EB88304F205655F804BB296DB70ED01CB74

Function 00DC2434 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000032,00000000,00DC2520), ref: 00DC246E
LocalSize.KERNEL32(?), ref: 00DC249F
ReleaseMutex.KERNEL32(?,00DC24D2,?,00000032,00000000,00DC2520), ref: 00DC24C5
FindResourceW.KERNEL32(?,EXCEPT,MAD), ref: 00DC24FD

Strings

EXCEPT, xrefs: 00DC24F4
MAD, xrefs: 00DC24EF

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FindLocalMutexObjectReleaseResourceSingleSizeWait
String ID: EXCEPT$MAD
API String ID: 3397237369-3983434983
Opcode ID: b384ab200c4451491b6ba1e8e8999fa103b026ff20814678f3c463ef51047707
Instruction ID: 28071810973ab12b9261644971256b2a9cdfc82e9b2f2e0dc0d50a4b28a4a2c6
Opcode Fuzzy Hash: b384ab200c4451491b6ba1e8e8999fa103b026ff20814678f3c463ef51047707
Instruction Fuzzy Hash: 8821A034A083069FDB15DFA5DD91F7A73F8EB29300F0988A9E90093691D674ED04CB30

Function 00DB2FA4 Relevance: 10.6, APIs: 7, Instructions: 84registryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DB308F), ref: 00DB2FCC
RegOpenKeyExW.ADVAPI32(?,00000000,00000000,000F003F,?,00000000,00DB308F), ref: 00DB2FEC
RegDeleteValueW.ADVAPI32(?,00000000,?,00000000,00000000,000F003F,?,00000000,00DB308F), ref: 00DB3002
RegCloseKey.ADVAPI32(?,?,00000000,?,00000000,00000000,000F003F,?,00000000,00DB308F), ref: 00DB3010
RegOpenKeyExA.ADVAPI32(?,00000000,00000000,000F003F,?,00000000,00DB308F), ref: 00DB303B
RegDeleteValueA.ADVAPI32(?,00000000,?,00000000,00000000,000F003F,?,00000000,00DB308F), ref: 00DB3061
RegCloseKey.ADVAPI32(?,?,00000000,?,00000000,00000000,000F003F,?,00000000,00DB308F), ref: 00DB306F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseDeleteOpenValue$Version
String ID:
API String ID: 2834704588-0
Opcode ID: a4e79e1c9b5df7e9a8c7c6d44eb1c170488db3d68557c840b66709d003e734ac
Instruction ID: ad55c6ae8e63a3d029b1ed7c81cff73221d770e6871bce760de1aecb3b366581
Opcode Fuzzy Hash: a4e79e1c9b5df7e9a8c7c6d44eb1c170488db3d68557c840b66709d003e734ac
Instruction Fuzzy Hash: 91214975B44208ABDB10EEB9DC42EEEB7ADEF49310F500169FA15E3681EB349A009671

Function 00DE4E64 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75libraryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DE4F16,?,?,?,00000000), ref: 00DE4E84
GetSystemMetrics.USER32(00001000), ref: 00DE4E95
LoadLibraryW.KERNEL32(wtsapi32.dll,00001000,00000000,00DE4F16,?,?,?,00000000), ref: 00DE4EA3

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,00000000), ref: 00D6D972

Strings

wtsapi32.dll, xrefs: 00DE4E9E
WTSFreeMemory, xrefs: 00DE4EB7
WTSQuerySessionInformationW, xrefs: 00DE4EAA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoadMetricsSystemVersion
String ID: WTSFreeMemory$WTSQuerySessionInformationW$wtsapi32.dll
API String ID: 3983389144-4263668296
Opcode ID: 5a5ea7475cbe47d78d1c175a27c4767472e5ea59e5da9ce3596bafef681e4f45
Instruction ID: 0236e1e42d6f1be94418910b0f13948657e15661d6606cf428c5e2fd6729c25a
Opcode Fuzzy Hash: 5a5ea7475cbe47d78d1c175a27c4767472e5ea59e5da9ce3596bafef681e4f45
Instruction Fuzzy Hash: 49119431B4C6846FE714B6FAAC42A6E73DDDF84B61F250265F905D22C2DE61DD0086B8

Function 00E15344 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E54318), ref: 00E15350
CloseHandle.KERNEL32(00000000,00000000,00E15441,?,00E54318), ref: 00E15413
LeaveCriticalSection.KERNEL32(00E54318,00E15448,00E54318), ref: 00E1543B

Strings

<C, xrefs: 00E153EE
0C, xrefs: 00E153C2
4C, xrefs: 00E153D2
@C, xrefs: 00E153F8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$CloseEnterHandleLeave
String ID: 0C$4C$<C$@C
API String ID: 2394387412-3923171195
Opcode ID: 3319a7550b61d73b08602ac7e6973da32a028a15038a7e1154be12486f5aa2a2
Instruction ID: b28ea31b199c08206b939a5ba52f5e6801466446b9e46521af9fe53602b22100
Opcode Fuzzy Hash: 3319a7550b61d73b08602ac7e6973da32a028a15038a7e1154be12486f5aa2a2
Instruction Fuzzy Hash: 8121F2B220D784CFD71597A6BC427A437E1D3A271EF102860F850B32F5D1A088C9D774

Function 00DF3C04 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,00DF3CF5), ref: 00DF3C32

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,00000000), ref: 00D6D972

CloseHandle.KERNEL32(00000000), ref: 00DF3CD7

Strings

Process32Next, xrefs: 00DF3C59
Process32First, xrefs: 00DF3C49
CreateToolhelp32Snapshot, xrefs: 00DF3C39
kernel32.dll, xrefs: 00DF3C2D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressHandleProc$CloseModule
String ID: CreateToolhelp32Snapshot$Process32First$Process32Next$kernel32.dll
API String ID: 133214361-4285911020
Opcode ID: b37a3462fb1665a47206800ff294a8711806d5ec3ea477ca53487475455d4284
Instruction ID: f0387aab27a4a6c5238998ad7703251a358ad9eb93ad993618caaed74633df1c
Opcode Fuzzy Hash: b37a3462fb1665a47206800ff294a8711806d5ec3ea477ca53487475455d4284
Instruction Fuzzy Hash: E921C0B471020C9FD7109B31ED82ABE73ADEB19710F4285A5F645A2191EA708A598E70

Function 00D92EFC Relevance: 10.6, APIs: 7, Instructions: 69threadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,?), ref: 00D92F0B
GetCurrentProcessId.KERNEL32(?,?), ref: 00D92F10

Part of subcall function 00D92E8C: IsWindowVisible.USER32 ref: 00D92E99
Part of subcall function 00D92E8C: IsIconic.USER32 ref: 00D92EA3
Part of subcall function 00D92E8C: GetWindowRect.USER32(?,?), ref: 00D92EB1
Part of subcall function 00D92E8C: OffsetRect.USER32(?,?,?), ref: 00D92EE1
Part of subcall function 00D92E8C: CreateRectRgnIndirect.GDI32(?), ref: 00D92EEA

GetWindow.USER32(?,00000003), ref: 00D92F3E
CombineRgn.GDI32(00000000,00000000,00000000,00000004), ref: 00D92F59
DeleteObject.GDI32(00000000), ref: 00D92F5F
CombineRgn.GDI32(?,?,00000000,00000002), ref: 00D92F77
DeleteObject.GDI32(00000000), ref: 00D92F7D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$Rect$CombineDeleteObjectProcess$CreateCurrentIconicIndirectOffsetThreadVisible
String ID:
API String ID: 1263393756-0
Opcode ID: 29ef6787583be3c71432bafefcf8db0975969d77e33e22c264e51abe0a4f1297
Instruction ID: 101e81dc29de5232af61773984b6feaafabb66fd1c2f7525a32c0862a85ada2a
Opcode Fuzzy Hash: 29ef6787583be3c71432bafefcf8db0975969d77e33e22c264e51abe0a4f1297
Instruction Fuzzy Hash: 3411616174430A7BDF20AE6AACC2E7BB3ACDF95760B154229FD159B242CA70DD058570

Function 00DB359C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 57windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB23D4: GetVersion.KERNEL32(00000000,00DB2479,?,?,00E44D0C,?,00DB4D56,00000000,00000000,00DB50CA,?,?,00000000,00000000,00000000,00000000), ref: 00DB23F9
Part of subcall function 00DB23D4: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00DB2479,?,?,00E44D0C,?,00DB4D56,00000000,00000000,00DB50CA,?,?,00000000), ref: 00DB2412

GetVersion.KERNEL32(00000000,00DB3652,?,00000000,00000000,00000000), ref: 00DB35E3
MessageBoxW.USER32(00000000,The import table is invalid.This way madExcept can't install the thread hooks.,00000000,00000000), ref: 00DB3601
MessageBoxA.USER32(00000000,The import table is invalid.This way madExcept can't install the thread hooks.,00000000,00000000), ref: 00DB362A

Strings

0@, xrefs: 00DB35C1
The import table is invalid.This way madExcept can't install the thread hooks., xrefs: 00DB35FA
The import table is invalid.This way madExcept can't install the thread hooks., xrefs: 00DB3623

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MessageVersion$FileModuleName
String ID: 0@$The import table is invalid.This way madExcept can't install the thread hooks.$The import table is invalid.This way madExcept can't install the thread hooks.
API String ID: 3755197804-4235468618
Opcode ID: a347b1c6516ac2faf3d0551fe2a60f193796dcedea53714971d4264bd7c5ac81
Instruction ID: c83d57229ff47460e6cb1a0652a45b0c965c8a432edaccd9d2633b19e4e45152
Opcode Fuzzy Hash: a347b1c6516ac2faf3d0551fe2a60f193796dcedea53714971d4264bd7c5ac81
Instruction Fuzzy Hash: A7111C74B88248FFEB00EB95EC52F9DB7A5EB05700F514060F501AA291DB74AE049A74

Function 00E439D8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00E54318,00000000,00E43A72,?,00000000,00000000), ref: 00E439FB
GetModuleFileNameW.KERNEL32(MZP,00E54348,00000104,00E54318,00000000,00E43A72,?,00000000,00000000), ref: 00E43A10
GetFileAttributesW.KERNEL32(00000000,MZP,00E54348,00000104,00E54318,00000000,00E43A72,?,00000000,00000000), ref: 00E43A48

Strings

MZP, xrefs: 00E43A0F
HC, xrefs: 00E43A18
lensMemoryHack, xrefs: 00E43A35

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$AttributesCritiusernitializeModuleNameSection
String ID: HC$MZP$lensMemoryHack
API String ID: 1652724919-759327418
Opcode ID: 2843093d9ba7d11e81c8d876b2f85ef68c4eca3d4e1194f3e51224665a5ced90
Instruction ID: 22643824edd8d8c3e45f6e301acb73dbd1e2b5361c2a334f90469f3693c8f3a7
Opcode Fuzzy Hash: 2843093d9ba7d11e81c8d876b2f85ef68c4eca3d4e1194f3e51224665a5ced90
Instruction Fuzzy Hash: A6012678684308AFDB04E7B0EC43A9DB3A9EB85714F910960F540B36E1DE709E48D630

Function 00DE4220 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42pipethreadCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(00E48E70,00E48E74,00000000,00000000,?,00DF1AAE,00000000,00000000,00000000), ref: 00DE4236
CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00E48E70,00E48E74,00000000,00000000,?,00DF1AAE,00000000,00000000,00000000), ref: 00DE4247
SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000,00000000,000000FF,00000000,00000000,00E48E70,00E48E74,00000000,00000000,?,00DF1AAE,00000000,00000000), ref: 00DE4267
CreateThread.KERNEL32(00000000,00000000,Function_000840B0,00000000,00000000,00E48E68), ref: 00DE427E

Part of subcall function 00DB3D68: RaiseException.KERNEL32(406D1388,00000000,00000004,00001000,00000000,00DB3DF5,?,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00DB3DE6

SetThreadPriority.KERNEL32(00000000,00000002,00000000,00000000,Function_000840B0,00000000,00000000,00E48E68,00000000,?,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00DE42A8

Strings

madExcept - HandleExceptionThread, xrefs: 00DE4291

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Create$PipeThread$EventExceptionHandleNamedPriorityRaiseState
String ID: madExcept - HandleExceptionThread
API String ID: 3773421069-3598177719
Opcode ID: 65e72cc2a912b109afbf17bef8eaecfbd25b56670f7dc15c6b36ae3ab2562d68
Instruction ID: ab68b1a5a6782f5c01036810ba6ae742e27f7217198fbedb0fd8770ee5715bdc
Opcode Fuzzy Hash: 65e72cc2a912b109afbf17bef8eaecfbd25b56670f7dc15c6b36ae3ab2562d68
Instruction Fuzzy Hash: C801E7757943407EE620BBAAEE07F0D32969746B05F640118B294BA1E5CEF0A446DB39

Function 00D7CDF0 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 464COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(msvcrt.dll,_CxxThrowException,00000000,00D7D39B,?,?,?,?,?,00D7D406,?), ref: 00D7CE6B
VirtualQuery.KERNEL32(?,?,0000001C,00000000,msvcrt.dll,_CxxThrowException,00000000,00D7D39B,?,?,?,?,?,00D7D406,?), ref: 00D7CEB4

Strings

(X, xrefs: 00D7CE97
msvcrt.dll, xrefs: 00D7CE66
_CxxThrowException, xrefs: 00D7CE61

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModuleQueryVirtual
String ID: (X$_CxxThrowException$msvcrt.dll
API String ID: 462625876-1655010853
Opcode ID: 4e0bcb1c1a49bf58c4cf2a38afa116c514a6c4dc170c6d16a1f8820e46969056
Instruction ID: 8270c15f44aa77ed5def8224e0509e330ec44dee9d996ed83f4b657c43a0aedb
Opcode Fuzzy Hash: 4e0bcb1c1a49bf58c4cf2a38afa116c514a6c4dc170c6d16a1f8820e46969056
Instruction Fuzzy Hash: A8121B34A002189FDB10DF58C984B9DBBB2FF48314F24D159E848AB356E774ED86CBA1

Function 00E3743C Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 00E03770: LocalAlloc.KERNEL32(00000040,00000068,?,?,?,?,00E04350,00000000,00E043F7,?,?), ref: 00E03786
Part of subcall function 00E03770: GetMonitorInfoW.USER32(?,00000000), ref: 00E03795
Part of subcall function 00E03770: LocalFree.KERNEL32(00000000,00000040,00000068,?,?,?,?,00E04350,00000000,00E043F7,?,?), ref: 00E037B6

CoInitialize.OLE32(00000000), ref: 00E37511
CoUninitialize.OLE32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E3752C

Strings

ven_10de, xrefs: 00E374B4
0M, xrefs: 00E374A4, 00E374F4, 00E37538
ven_1002, xrefs: 00E37548
ven_8086, xrefs: 00E37504

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$AllocFreeInfoInitializeMonitorUninitialize
String ID: 0M$ven_1002$ven_10de$ven_8086
API String ID: 3607687605-3649700688
Opcode ID: e30e82c1ae5715f8bdcc649c485f8c50ded2ec4c626583747aacae17eb1d469d
Instruction ID: a54bbc96c48e1d87a13ee6cbce94cb1f20d656185eb0796af04ff361ae9bba0a
Opcode Fuzzy Hash: e30e82c1ae5715f8bdcc649c485f8c50ded2ec4c626583747aacae17eb1d469d
Instruction Fuzzy Hash: 31416274A04109DFDB10EF54D982AAEB7B5EF48314F648661E854BB395DB30EE05CBB0

Function 00DC2944 Relevance: 9.1, APIs: 6, Instructions: 108synchronizationwindowCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DC2973
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00DC2A83,?,?,000000FF), ref: 00DC29AC
PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00DC29C1
WaitForSingleObject.KERNEL32(00000000,0000EA60,00000000,00000000,00000000,00000000,00000000,00DC2A83,?,?,000000FF), ref: 00DC29CD
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DC29FE
ReleaseMutex.KERNEL32(?,00DC2A8A,?,000000FF), ref: 00DC2A7D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ObjectSingleWait$Message$MutexPeekPostRelease
String ID:
API String ID: 346250542-0
Opcode ID: 69740bc2e371a4a80e4ee182efeec255a955bb21e75813c5e59d64a03829c987
Instruction ID: 77de8da712669fe964db5b19a855c5582ce4c0ea1b67dc750b8a1c2862f22908
Opcode Fuzzy Hash: 69740bc2e371a4a80e4ee182efeec255a955bb21e75813c5e59d64a03829c987
Instruction Fuzzy Hash: 50318434B41301AFEB60DB6ADD46F2633E9E75A710F144529F114E72D0DEB4AC4ADA34

Function 00D76164 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D76196
GetCurrentThreadId.KERNEL32 ref: 00D761BB
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00000000,00000000,?,?,00000000,00D763E2), ref: 00D76206
CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,00000000,00000000,?,?,00000000,00D763E2), ref: 00D7621D
ReleaseMutex.KERNEL32(00000000,00D76294,00000000,000000FF,?,?,00000000,00D763E2), ref: 00D76287

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread$CloseHandleMutexObjectReleaseSingleWait
String ID:
API String ID: 1876288839-0
Opcode ID: 7669320e7ed9b62479524f8a718a9dc4541e3c04bc6f434c71372cfbd7dc12ac
Instruction ID: 0208d7f77f02c5b3b6c01e0fc975531a00a484acb90a21d7977a6be20ff7daad
Opcode Fuzzy Hash: 7669320e7ed9b62479524f8a718a9dc4541e3c04bc6f434c71372cfbd7dc12ac
Instruction Fuzzy Hash: B3319075E00B08AFCB14DFA6DC91B59B7A9EB49300F10C529F008A72A2FB74D805CB74

Function 00DE5DDC Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E5416C,00000000,00DE5F0A), ref: 00DE5DFD
VirtualProtect.KERNEL32(00000000,00000000,00000040,?,00000000,00000000,00DE5EC5,?,00E5416C,00000000,00DE5F0A), ref: 00DE5E85
VirtualProtect.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000040,?,00000000,00000000,00DE5EC5,?,00E5416C,00000000,00DE5F0A), ref: 00DE5EB6
LeaveCriticalSection.KERNEL32(00E5416C,00E5416C,00000000,00DE5F0A), ref: 00DE5EE0
GetCurrentProcess.KERNEL32(00000000,00000000,00E5416C,00E5416C,00000000,00DE5F0A), ref: 00DE5EE9
FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00E5416C,00E5416C,00000000,00DE5F0A), ref: 00DE5EEF

Part of subcall function 00D779F0: VirtualQuery.KERNEL32(?,0000001C,0000001C), ref: 00D77A01

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Virtual$CriticalProtectSection$CacheCurrentEnterFlushInstructionLeaveProcessQuery
String ID:
API String ID: 2254175395-0
Opcode ID: 1a95f5c55f52bf768a271fc751baf6df64ef36343e86c71e2d9e57de8594152e
Instruction ID: 288eec4b6e93cb766f6139c31ff2257c0e7b1ea54dcc7866691e279f762f20b5
Opcode Fuzzy Hash: 1a95f5c55f52bf768a271fc751baf6df64ef36343e86c71e2d9e57de8594152e
Instruction Fuzzy Hash: 4B315E70A04648AFCB50EFA9DD92E5A77F8EF49708B1044A0F508DB256E770DE04CB70

Function 00DF4710 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000001C), ref: 00DF47C3
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF47DF
VirtualQuery.KERNEL32(?,?,0000001C), ref: 00DF4959

Strings

O, xrefs: 00DF485C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileModuleNameQueryVersionVirtual
String ID: O
API String ID: 574683361-3691759157
Opcode ID: 3a5663a4ee2782cee9af459a41decfe661d9b1b94044e55a8ea7a6f3708d4ddb
Instruction ID: eda43bdf874291bde00b573a18efe5ad3be435c0715b7a5768f7c2ca61a86939
Opcode Fuzzy Hash: 3a5663a4ee2782cee9af459a41decfe661d9b1b94044e55a8ea7a6f3708d4ddb
Instruction Fuzzy Hash: 32D12874E0420D9FCB10EFA8C885AAEB7F5EF48304F1581A5E559E7262DB70AE45CB70

Function 00DEBC58 Relevance: 9.1, APIs: 6, Instructions: 89synchronizationthreadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(?,00000000), ref: 00DEBC9F
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DEBCB4
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DEBCC4
CloseHandle.KERNEL32(?,?,000000FF), ref: 00DEBCD0
DeleteCriticalSection.KERNEL32(000003D4), ref: 00DEBD34
CloseHandle.KERNEL32(?,000003D4), ref: 00DEBD51

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseHandle$CriticalDeleteFreeLocalObjectSectionSingleTerminateThreadWait
String ID:
API String ID: 3994687310-0
Opcode ID: 0c11e8568dfb6ec8b04dc8191018b3d68b9117376e20399910f19ac8a1bcf1d5
Instruction ID: 97f7e0b4e1cc172042ba8b249b59f88c0c4abe1657c9503c9d02fd12f284f8ca
Opcode Fuzzy Hash: 0c11e8568dfb6ec8b04dc8191018b3d68b9117376e20399910f19ac8a1bcf1d5
Instruction Fuzzy Hash: 17319870A007459FC321EFB8C845BDBB3E9EF49310F50092AA59AD3281DB74BA44CB72

Function 00DF2BAC Relevance: 9.1, APIs: 6, Instructions: 82registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00020019,?), ref: 00DF2BDA
RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00020019,?), ref: 00DF2C05
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00020019,?), ref: 00DF2C1E
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DF2C35
LocalFree.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000040,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00DF2C63
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00020019,?), ref: 00DF2C6C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: LocalQueryValue$AllocCloseFreeOpen
String ID:
API String ID: 2658220197-0
Opcode ID: b757e6716b21bd4466d66629515ed283d134043a287d6cc7b4bc9764dbf225b9
Instruction ID: a6b1c78bc44a6c61edba5922cf6c2f8df36aabea9204bc3336a2318411d49e24
Opcode Fuzzy Hash: b757e6716b21bd4466d66629515ed283d134043a287d6cc7b4bc9764dbf225b9
Instruction Fuzzy Hash: 89212C71F042187BDB10EAA99C82FBEB3ACEF55714F044166FA14E7281EA749E0487B5

Function 00D77234 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000,?,00D86A74,?,00000000,00D86C91), ref: 00D77262
FindResourceW.KERNEL32(?,00000000,0000000A,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000,?,00D86A74,?), ref: 00D77278
FindResourceA.KERNEL32(?,00000000,0000000A), ref: 00D772A2
LoadResource.KERNEL32(?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000,00000000,00000000), ref: 00D772F4
SizeofResource.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4,00000000,00000000), ref: 00D77303
LockResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4), ref: 00D7730A
FreeResource.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000,00D77352,?,?,00000000,00E479E4), ref: 00D77322

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Resource$Find$FreeLoadLockSizeofVersion
String ID:
API String ID: 1950835217-0
Opcode ID: bdcc6c41fa3fad5b1f4b94eb2b9b0f91bf899a176a7781a935b56c90dbb9ed14
Instruction ID: 2d08952fb75f50ed82e2f4a95e7b2ca383c1a1c33403c33879405fc0b03975cb
Opcode Fuzzy Hash: bdcc6c41fa3fad5b1f4b94eb2b9b0f91bf899a176a7781a935b56c90dbb9ed14
Instruction Fuzzy Hash: 9311E13474C6083FE312B6B8DC82F7E77ADDF89710F654828F904E2282EA64DC059279

Function 00DB30E4 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

OpenProcessToken.ADVAPI32(00000000,00000008,?,00000000,?,00DC7BF0), ref: 00DB30FA
GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,00000000,00000008,?,00000000,?,00DC7BF0), ref: 00DB3116
LocalAlloc.KERNEL32(00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008,?,00000000,?,00DC7BF0), ref: 00DB3123
GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,?,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008,?,00000000), ref: 00DB313D
LocalFree.KERNEL32(00000000,?,TokenIntegrityLevel,?,?,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008,?), ref: 00DB314D
CloseHandle.KERNEL32(?,00000000,?,TokenIntegrityLevel,?,?,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00DB3156

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Token$InformationLocal$AllocCloseFreeHandleOpenProcess
String ID:
API String ID: 169919644-0
Opcode ID: 8016ae76f4c3fdfe2ceacd1b6262f6f26de52a4f8b6992165f4b37ec5c2c1808
Instruction ID: f08c4672d08407f31e0c64e8e8a0c3424c7f5796fe76ed4474c5dbbdfbf4bb94
Opcode Fuzzy Hash: 8016ae76f4c3fdfe2ceacd1b6262f6f26de52a4f8b6992165f4b37ec5c2c1808
Instruction Fuzzy Hash: C1015E72B04204BFE710DAED9C82FAEB3ECDB05714F240466BA45D7281EA71EA404774

Function 00DEEDD4 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(00000000,00000004,00000040,?,?,00DF25DE), ref: 00DEEDF0
VirtualProtect.KERNEL32(00000000,00000004,?,?,00000000,00000004,00000040,?,?,00DF25DE), ref: 00DEEE14
VirtualProtect.KERNEL32(00000000,00000004,00000040,?,?,00DF25DE), ref: 00DEEE2F
VirtualProtect.KERNEL32(00000000,00000004,?,?,00000000,00000004,00000040,?,?,00DF25DE), ref: 00DEEE53
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,?,00DF25DE), ref: 00DEEE89
FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00DF25DE), ref: 00DEEE8F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
String ID:
API String ID: 4115577372-0
Opcode ID: e91d89b98cc9bac790b8b5a4bd1357c130966a867916e0d446a7234dd2fc8098
Instruction ID: 1bb08f2bcbd4e8d72753f35e592f3480a636a8672550bea7b0485dcaa00dca97
Opcode Fuzzy Hash: e91d89b98cc9bac790b8b5a4bd1357c130966a867916e0d446a7234dd2fc8098
Instruction Fuzzy Hash: B411FEB8750341AFE750BB67EE56F1B33A9E745B00F054410F700AB2A1CAB5AC09D771

Function 00E061BC Relevance: 9.1, APIs: 6, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

OpenProcessToken.ADVAPI32(00000000,00000008), ref: 00E061CC
GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,00000000,00000008), ref: 00E061EB
LocalAlloc.KERNEL32(00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E061F9
GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000008,00000008,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E06216
LocalFree.KERNEL32(00000000,?,TokenIntegrityLevel,00000008,00000008,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E06226
CloseHandle.KERNEL32(00000000,00000000,?,TokenIntegrityLevel,00000008,00000008,?,00000040,?,?,TokenIntegrityLevel,00000000,00000000,?,00000000,00000008), ref: 00E0622F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Token$InformationLocal$AllocCloseFreeHandleOpenProcess
String ID:
API String ID: 169919644-0
Opcode ID: 8153c2b801849153520c0b0baada4cd7e318d703555e6373bed8f58ee29a9956
Instruction ID: 57b1a9aa462bd9f719ad50e366dc82dc45f987832490bfda025851c911936e68
Opcode Fuzzy Hash: 8153c2b801849153520c0b0baada4cd7e318d703555e6373bed8f58ee29a9956
Instruction Fuzzy Hash: 7D0100717082007FE310DAA9EC42F6B73DCEF95754F144829FA94D7181E661DC444771

Function 00DDB5D0 Relevance: 9.1, APIs: 6, Instructions: 57COMMON

Download Yara Rule

APIs

CreatePen.GDI32(00000000,00000001), ref: 00DDB5E1
SelectObject.GDI32(?,00000000), ref: 00DDB5F3
MoveToEx.GDI32(?,?,?,00000000), ref: 00DDB60D
LineTo.GDI32(?,?,?), ref: 00DDB62C
SelectObject.GDI32(?,00000000), ref: 00DDB63C
DeleteObject.GDI32(00000000), ref: 00DDB642

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Object$Select$CreateDeleteLineMove
String ID:
API String ID: 3907703346-0
Opcode ID: 5037e7fb7f5a50bfc54abcb98998b75fcc3539b80dd307134ba3a0180674be20
Instruction ID: 41dc7ffda7941b238baa305f3721279c2d9ac19dee154b5effa39d8e5f44d3d2
Opcode Fuzzy Hash: 5037e7fb7f5a50bfc54abcb98998b75fcc3539b80dd307134ba3a0180674be20
Instruction Fuzzy Hash: E711C575700208AFE700EEA9D989E6AF7EDEF48750F058456BE04CB351D670ED008A70

Function 00D7E92C Relevance: 9.1, APIs: 6, Instructions: 52threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D7E951
GetCurrentThreadId.KERNEL32 ref: 00D7E960

Part of subcall function 00D7ED00: VirtualProtect.KERNEL32(?,?,00000020,00DB23C0,?,?,00000000,0000001C,00100040,00000000,00000000), ref: 00D7EDCE
Part of subcall function 00D7ED00: VirtualProtect.KERNEL32(?,?,00DB23C0,00DB23C0,?,?,00000020,00DB23C0,?,?,00000000,0000001C,00100040,00000000,00000000), ref: 00D7EE00

GetCurrentProcessId.KERNEL32(00000000,?,00000000,00D7EA02,00DB231A,00000000,00DB23AF,?,00000000,00000000,00000000,00DB3D59,00000000,00000000,00000002,00000000), ref: 00D7E980
GetCurrentProcessId.KERNEL32(00000000,?,00000000,00D7EA02,00DB231A,00000000,00DB23AF,?,00000000,00000000,00000000,00DB3D59,00000000,00000000,00000002,00000000), ref: 00D7E99C
GetCurrentThreadId.KERNEL32 ref: 00D7E9AB
GetCurrentProcessId.KERNEL32(00000000,00000000,?,00000000,00D7EA02,00DB231A,00000000,00DB23AF,?,00000000,00000000,00000000,00DB3D59,00000000,00000000,00000002), ref: 00D7E9CB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Current$ProcessThread$ProtectVirtual
String ID:
API String ID: 3863720423-0
Opcode ID: f35ebd20c2439fbd0a21a14ac450b7cc350a666eee3eb3622fad82e2025ef33a
Instruction ID: 7dcc6960a8bec5a5895c8805c4c02b01b2461fec779dd8b2047dc8ed580fbded
Opcode Fuzzy Hash: f35ebd20c2439fbd0a21a14ac450b7cc350a666eee3eb3622fad82e2025ef33a
Instruction Fuzzy Hash: F5111C776146009FE794EBB9EC8675937D1EF4E304F444968E28897253EB60D90ACA31

Function 00D63C98 Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,00D62E04,00000000,?,00000000,?,?,00000000,00D64631), ref: 00D63CBA
WriteFile.KERNEL32(00000000,000000F4,00D62E04,00000000,?,00000000,?,?,00000000,00D64631), ref: 00D63CC0
GetStdHandle.KERNEL32(000000F4,00D62E00,00000000,?,00000000,00000000,000000F4,00D62E04,00000000,?,00000000,?,?,00000000,00D64631), ref: 00D63CDF
WriteFile.KERNEL32(00000000,000000F4,00D62E00,00000000,?,00000000,00000000,000000F4,00D62E04,00000000,?,00000000,?,?,00000000,00D64631), ref: 00D63CE5
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00D62E00,00000000,?,00000000,00000000,000000F4,00D62E04,00000000,?), ref: 00D63CFC
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00D62E00,00000000,?,00000000,00000000,000000F4,00D62E04,00000000), ref: 00D63D02

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileHandleWrite
String ID:
API String ID: 3320372497-0
Opcode ID: 0a3cc249bbe3ce52ce17af494e73af3b11179dfd3eca4b12c0ab9452e00885e6
Instruction ID: 242fd59be9be2c83d9b5470317106b1805d828973dea2be89c693090883896c2
Opcode Fuzzy Hash: 0a3cc249bbe3ce52ce17af494e73af3b11179dfd3eca4b12c0ab9452e00885e6
Instruction Fuzzy Hash: 810162B52596143FE210F7F9DC86FBB268CDB0A764F200611B258E20D2CAA89D05D7B6

Function 00D633D0 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000,FFFFFFDC,00D6339C), ref: 00D63487
Sleep.KERNEL32(0000000A,00000000,FFFFFFDC,00D6339C), ref: 00D6349D
Sleep.KERNEL32(00000000,?,?,FFFFFFDC,00D6339C), ref: 00D634CB
Sleep.KERNEL32(0000000A,00000000,?,?,FFFFFFDC,00D6339C), ref: 00D634E1

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 20e591bbf7b98ec81c414906ce0ae3777043d1f6a9b67f9ac3e618fcfc4b38db
Instruction ID: b06bde214209805ad4b02ff63d010c07767d4284fee6bf64305e7a658b5027ff
Opcode Fuzzy Hash: 20e591bbf7b98ec81c414906ce0ae3777043d1f6a9b67f9ac3e618fcfc4b38db
Instruction Fuzzy Hash: 2AC13A766017508FD716CF69D884325BBE0FB86310F1882ADD4499B395D770EA4AC7B1

Function 00DC2C48 Relevance: 9.0, APIs: 6, Instructions: 40threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DC2C54
InterlockedIncrement.KERNEL32(00E48D90), ref: 00DC2C71
CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00E48D90,00000000,00DE49B9,00000000,000000FF,00000000,00000000,?,00000000,00DE4B20,?,00000000), ref: 00DC2C82
InterlockedDecrement.KERNEL32(00E48D90), ref: 00DC2C93
SetEvent.KERNEL32(00000000,00E48D90,00000000,00DE49B9,00000000,000000FF,00000000,00000000,?,00000000,00DE4B20,?,00000000,00DE4B50,?,0000EA60), ref: 00DC2CAB
CloseHandle.KERNEL32(00000000,00000000,00E48D90,00000000,00DE49B9,00000000,000000FF,00000000,00000000,?,00000000,00DE4B20,?,00000000,00DE4B50), ref: 00DC2CB6

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: EventInterlocked$CloseCreateCurrentDecrementHandleIncrementThread
String ID:
API String ID: 1434811812-0
Opcode ID: 459126c75c7fd99981105650c7680b5db35b7612b4d5d0ff6105b4c3ff5d1443
Instruction ID: 6b38bc16fbb1b342791777f4a9c5efb08000c12fe3fc16df49930da5b190c35a
Opcode Fuzzy Hash: 459126c75c7fd99981105650c7680b5db35b7612b4d5d0ff6105b4c3ff5d1443
Instruction Fuzzy Hash: E1013178F422029FEB50EBBAEF46B3D33D99766300F180415A518E72E6DA704849C731

Function 00E1C338 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 175COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(MZP,?,00000104), ref: 00E1C3F9
GetFileAttributesW.KERNEL32(00000000,MZP,?,00000104), ref: 00E1C441

Strings

devices, xrefs: 00E1C456, 00E1C4AA
MZP, xrefs: 00E1C3F8
dontSaveDisplays, xrefs: 00E1C42B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$AttributesModuleName
String ID: MZP$devices$dontSaveDisplays
API String ID: 3022333737-3740816072
Opcode ID: 6a20f72385d9f77cff08fd515578b68be50394580281a84ee7e9e1d1d67941bf
Instruction ID: f7e7291ef92edc9426d8f9ba63c07b814613a508e4457d2536762c800300d8af
Opcode Fuzzy Hash: 6a20f72385d9f77cff08fd515578b68be50394580281a84ee7e9e1d1d67941bf
Instruction Fuzzy Hash: 52613C75A00619DFCB10EF68C885A9DB7F5EF88310F2055A5E818EB356DB30EE81CB91

Function 00E0B59C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,00000000,00E0B78B,?,?,?,?,00000000,00000000), ref: 00E0B5E2
closesocket.WSOCK32(00000000,00000000,00E0B78B,?,?,?,?,00000000,00000000), ref: 00E0B750

Part of subcall function 00E0B43C: select.WSOCK32(00000000,?,00000000,00000000,?,00000000,00000003,00000000,00E0B529,00000000,00E0B57E), ref: 00E0B47C
Part of subcall function 00E0B43C: recv.WSOCK32(?,?,00000400,00000000,00000000,?,00000000,00000000,?,00000000,00000003,00000000,00E0B529,00000000,00E0B57E), ref: 00E0B492

Strings

PJREQ, xrefs: 00E0B62E
PJACK, xrefs: 00E0B645
PJ_OK, xrefs: 00E0B610

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Sleepclosesocketrecvselect
String ID: PJACK$PJREQ$PJ_OK
API String ID: 134876180-3192611336
Opcode ID: 28e17d3619a20034573c9fee292c9d600714f7ee07bb8e592b1e3c2e5880beb1
Instruction ID: 7b610f120231ef95de81262408329a26964510d9a01aff7deb3e9d3a579b53a6
Opcode Fuzzy Hash: 28e17d3619a20034573c9fee292c9d600714f7ee07bb8e592b1e3c2e5880beb1
Instruction Fuzzy Hash: DE51A434A00209ABDB01EB94C842BAEB7B6FFC5714F2451A5F914BB3D2D7359E468B70

Function 00E0B818 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 124sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,00000000,00E0B9B2,?,?,?,?,00000000,00000000), ref: 00E0B85C
closesocket.WSOCK32(00000000,00000000,00E0B9B2,?,?,?,?,00000000,00000000), ref: 00E0B973

Strings

PJREQ, xrefs: 00E0B8A8
PJACK, xrefs: 00E0B8BF
PJ_OK, xrefs: 00E0B88A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Sleepclosesocket
String ID: PJACK$PJREQ$PJ_OK
API String ID: 4215846050-3192611336
Opcode ID: 7d2d2a63120fc427c0351a2cdaef8e22dc9db30e1e04635eed5a1613b68694ef
Instruction ID: 4998163a8f3ab14b3b823f0cc30da2fbfe227a308e0c331f1ab77f0a0ba6e5d8
Opcode Fuzzy Hash: 7d2d2a63120fc427c0351a2cdaef8e22dc9db30e1e04635eed5a1613b68694ef
Instruction Fuzzy Hash: C1418230B042099BDB11EB94C842BEEB7BAFF89714F505065F644B73D2DB359E828A70

Function 00D72318 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 119COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,madExcept - TraceProcessThread,00DB3DB1,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00D72342
GetModuleHandleW.KERNEL32(kernel32.dll,WideCharToMultiByte,00000000,madExcept - TraceProcessThread,00DB3DB1,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00D72358

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Strings

WideCharToMultiByte, xrefs: 00D7234E
kernel32.dll, xrefs: 00D72353
madExcept - TraceProcessThread, xrefs: 00D72318

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID: WideCharToMultiByte$kernel32.dll$madExcept - TraceProcessThread
API String ID: 3310240892-2892328848
Opcode ID: 1229780348f160330569b2cbac8ba3dc41550493ad7c11587b7b9da49370c187
Instruction ID: e2dbd1311e3a723b71cef362366157280e588265e8a2f6892084ce7d468e8de8
Opcode Fuzzy Hash: 1229780348f160330569b2cbac8ba3dc41550493ad7c11587b7b9da49370c187
Instruction Fuzzy Hash: B2319E30A482A58FD721F77CD882B3D3294DF15308F0581A9F449DB2A7EAA5DC498776

Function 00DA9B6C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00DA9D18), ref: 00DA9B9F
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00DA9BC3
GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 00DA9BDE
LoadStringW.USER32(00000000,0000FFEB,?,00000100), ref: 00DA9C79

Strings

MZP, xrefs: 00DA9BDD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID: MZP
API String ID: 3990497365-2889622443
Opcode ID: e3b3f86e318a27013601ab95517e4b59a3cd127ace68cb5907f5083f4709cb77
Instruction ID: 88c3a84c91942280dd842c048ad3769794c22c3ebe67984fae05a9310ab04ff8
Opcode Fuzzy Hash: e3b3f86e318a27013601ab95517e4b59a3cd127ace68cb5907f5083f4709cb77
Instruction Fuzzy Hash: B7411870A007189FDB20EF69DC91B8AB7BAEB59310F4044E5E508E7252D6769E94CF70

Function 00DE23A4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000130C,?,00000000), ref: 00DE2421
SendMessageA.USER32(?,0000130C,?,00000000), ref: 00DE2435
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 00DE2447
SendMessageA.USER32(?,0000130C,00000000,00000000), ref: 00DE2462

Strings

allocation number, xrefs: 00DE2409

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MessageSend
String ID: allocation number
API String ID: 3850602802-3017672652
Opcode ID: 8053dcda1d9efe2e0ab67af24bf3b618fd3cbc97ae12c2e757ec9ff849c4afd2
Instruction ID: fcb3242d42149246feefa5c4a0372feddd1f3c568e5ee0b4aa38e4d98d38768a
Opcode Fuzzy Hash: 8053dcda1d9efe2e0ab67af24bf3b618fd3cbc97ae12c2e757ec9ff849c4afd2
Instruction Fuzzy Hash: 26219D34700744ABDB20FFA9CC86F9A77ACEF59710F5005A0B901AB2D2D670AD40C675

Function 00DEF490 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69threadCOMMON

Download Yara Rule

APIs

FindWindowA.USER32(TAppBuilder,00000000), ref: 00DEF4C5
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00DEF4D7

Part of subcall function 00D72318: GetVersion.KERNEL32(00000000,madExcept - TraceProcessThread,00DB3DB1,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00D72342
Part of subcall function 00D72318: GetModuleHandleW.KERNEL32(kernel32.dll,WideCharToMultiByte,00000000,madExcept - TraceProcessThread,00DB3DB1,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00D72358

EnumWindows.USER32(00DEF398,?), ref: 00DEF541

Strings

TAppBuilder, xrefs: 00DEF4C0
madToolsMsgHandlerWindow, xrefs: 00DEF4EE

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$EnumFindHandleModuleProcessThreadVersionWindows
String ID: TAppBuilder$madToolsMsgHandlerWindow
API String ID: 176477234-3019852503
Opcode ID: c0b0dcfdaf45fc822c7337fb331d9d399ef90c3f104432da8ccdf9f867d45f40
Instruction ID: 6fbf24bff502c0a8f7f9f4b0f8d8bbc5c64c9cb07b2bb0b94e82597ac20ba5f8
Opcode Fuzzy Hash: c0b0dcfdaf45fc822c7337fb331d9d399ef90c3f104432da8ccdf9f867d45f40
Instruction Fuzzy Hash: E1218775A0424D9FD700FBD1DC82A9EB3B9EF48710F504571E404A7251DA749B058A71

Function 00D66258 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00D6626E
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00D66274
GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 00D66290

Strings

kernel32.dll, xrefs: 00D66269
GetLogicalProcessorInformation, xrefs: 00D66264

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-812649623
Opcode ID: ee91a9d4f7234004c7ecd0e8ce449da061ac352a2a0a391480ea36080d057c93
Instruction ID: 0d68abcc810f664f0c3cb60d6c9be6f34a0bbaa1c0ae72f953eda024336da679
Opcode Fuzzy Hash: ee91a9d4f7234004c7ecd0e8ce449da061ac352a2a0a391480ea36080d057c93
Instruction Fuzzy Hash: 8811C471E08304AFEB10EBA4DC82A6DB7E8EB05314F284166E404D7292DB35DE84C674

Function 00D9694C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D94F58: GetVersion.KERNEL32(00000000,00D9500E,?,?,?,?,00000000,00000000,00000000), ref: 00D94F7C
Part of subcall function 00D94F58: GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00D94F9A

GetSystemMetrics.USER32(00000047), ref: 00D9697E
GetSystemMetrics.USER32(00000048), ref: 00D9698B
GetSystemMetrics.USER32(00000047), ref: 00D96997
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00D969CD

Strings

Button, xrefs: 00D9699F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MetricsSystem$ExtentMessagePoint32SendTextVersion
String ID: Button
API String ID: 1699212238-1034594571
Opcode ID: 406471512d38448236aa149508afeb04ae08f4f3e865b7a66395dd521b34728b
Instruction ID: 2a56896eb52625bd1030b601704372a1b5a88b8db433f2077ec35bc7eb553c18
Opcode Fuzzy Hash: 406471512d38448236aa149508afeb04ae08f4f3e865b7a66395dd521b34728b
Instruction Fuzzy Hash: 571151B17443006FEF14EE58D8C2F6A77A9DF44710F104166BA05DB2C6DAB1DD808BB4

Function 00E06D4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E06C4C: GetCurrentProcessId.KERNEL32(?,00E06D38,?,00000000,00E06D1E,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06C93

MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,00E06E10,?,00000000,00E06DF3,?,?,?,?,00000000,00000000), ref: 00E06DBD
UnmapViewOfFile.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,?,00E06E10,?,00000000,00E06DF3,?,?,?,?,00000000), ref: 00E06DCB
CloseHandle.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,?,00E06E10,?,00000000,00E06DF3,?,?,?,?,00000000), ref: 00E06DD3

Strings

P_, xrefs: 00E06D6D
h_, xrefs: 00E06D84

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileView$CloseCurrentHandleProcessUnmap
String ID: P_$h_
API String ID: 2880109160-587176927
Opcode ID: 7dbf964c6c6e59d34901a8c51a7765c3168d2538f41351b9f1ce25b23f0cd7a8
Instruction ID: 4d6ed294d34087d503bb988d3ace3f062ecef514a983ad08eec9e338aa5a0d9c
Opcode Fuzzy Hash: 7dbf964c6c6e59d34901a8c51a7765c3168d2538f41351b9f1ce25b23f0cd7a8
Instruction Fuzzy Hash: 6511AC38744308BFEB21BBA4CC42F5AB7AAEB95B14F614064F600772D1DA70AA129630

Function 00DEF398 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowregistrytimeCOMMON

Download Yara Rule

APIs

GetClassNameA.USER32(?,00000000,00000104), ref: 00DEF3D4
GetCurrentProcessId.KERNEL32(?,00000002,000003E8,?), ref: 00DEF41C
RegisterWindowMessageW.USER32(madExceptIdeJumpCommand,00000000,?,00000002,000003E8,?), ref: 00DEF427
SendMessageTimeoutA.USER32(?,00000000,madExceptIdeJumpCommand,00000000,?,00000002,000003E8), ref: 00DEF42E

Strings

madExceptIdeJumpCommand, xrefs: 00DEF422

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Message$ClassCurrentNameProcessRegisterSendTimeoutWindow
String ID: madExceptIdeJumpCommand
API String ID: 987495770-349813124
Opcode ID: 977f6a7d48cca4943577aff5f3e17e8a3604dc4a5ad48fcb5af60c3c32207f9c
Instruction ID: 5d8842b23a6096468bb490e70ae8503f58f3876e4d66567355b980e4019cb8c0
Opcode Fuzzy Hash: 977f6a7d48cca4943577aff5f3e17e8a3604dc4a5ad48fcb5af60c3c32207f9c
Instruction Fuzzy Hash: B511CA74A0075CAFE711EB64CC92FDB73ADEB49700F4145B1FA0497281E7B06E488A70

Function 00D88410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00D8809C: GetVersion.KERNEL32(00000000,00D882C2,?,00000000), ref: 00D880D5
Part of subcall function 00D8809C: GetModuleFileNameW.KERNEL32(00D60000,?,00000104,00000000,00D882C2,?,00000000), ref: 00D880F3
Part of subcall function 00D8809C: LoadLibraryW.KERNEL32(00000000,?,00000000), ref: 00D88153

Part of subcall function 00D6D698: CreateMutexW.KERNEL32(?,?,?,?,00D8843B,00000000,00000000,madExceptDbgHelp,?,00D89737,?,00000000,?,?,?,00000000), ref: 00D6D6AE

WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,madExceptDbgHelp,?,00D89737,?,00000000,?,?,?,00000000,00000000,00000000), ref: 00D88444
SetErrorMode.KERNEL32(00000001,00000000,00D88649,?,?,000000FF,00000000,00000000,madExceptDbgHelp,?,00D89737,?,00000000,?,?,?), ref: 00D88459
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00D8849F,?,00000001,00000000,00D88649,?,?,000000FF,00000000,00000000,madExceptDbgHelp,?,00D89737), ref: 00D88473
SetErrorMode.KERNEL32(?,00D884A6,00D88649,?,?,000000FF,00000000,00000000,madExceptDbgHelp,?,00D89737,?,00000000,?,?,?), ref: 00D88499

Strings

madExceptDbgHelp, xrefs: 00D8842D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorMode$CreateCurrentFileLibraryLoadModuleMutexNameObjectProcessSingleVersionWait
String ID: madExceptDbgHelp
API String ID: 3944108362-1094374490
Opcode ID: 00bb735a234a8e97e9e22318dce8b7a9ef5501e8ef2f954aefb009a334971afb
Instruction ID: 973ea3e4388054c35cea757c93014c3e006184a7ee530e7e2256ae62d9cf437d
Opcode Fuzzy Hash: 00bb735a234a8e97e9e22318dce8b7a9ef5501e8ef2f954aefb009a334971afb
Instruction Fuzzy Hash: 9A014530E84388BFDB11AFB59C13F2E7BA9DB06B10F8108A5F914E76D1DAB144149775

Function 00D66256 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00D6626E
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00D66274
GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 00D66290

Strings

kernel32.dll, xrefs: 00D66269
GetLogicalProcessorInformation, xrefs: 00D66264

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-812649623
Opcode ID: b178c47064fd33684fbb3c3e127aaac664b8e54918bdacc4b4a1766a2c0cb9db
Instruction ID: 23fcb2ac95856dc762db516fae4244992f04d2b2ce06d8046ba1f37a0567e0ef
Opcode Fuzzy Hash: b178c47064fd33684fbb3c3e127aaac664b8e54918bdacc4b4a1766a2c0cb9db
Instruction Fuzzy Hash: 9301B170E08308BFEB10EBA4CD86A6EB7A8EB05314F184566F404E7291EB31DE84C674

Function 00E09274 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49memorysynchronizationCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(0000000A,00000004,00000040,?,?,00000000,?,?,00E09736,?,?,00000008,00000000,00000000,?,00000008), ref: 00E092A6
VirtualProtect.KERNEL32(0000000A,00000004,?,?,0000000A,00000004,00000040,?,?,00000000,?,?,00E09736,?,?,00000008), ref: 00E092C6
ReleaseMutex.KERNEL32(00000000,0000000A,00000004,00000040,?,?,00000000,?,?,00E09736,?,?,00000008,00000000,00000000,?), ref: 00E092DB
CloseHandle.KERNEL32(00000000,00000000,0000000A,00000004,00000040,?,?,00000000,?,?,00E09736,?,?,00000008,00000000,00000000), ref: 00E092E7

Strings

`X, xrefs: 00E0928E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$CloseHandleMutexRelease
String ID: `X
API String ID: 356749969-630869446
Opcode ID: 10568e210f0015efa9d2be5371e40f17c6cdac9847b3db0fd53ebaa02a834ebd
Instruction ID: 895f993295fc11b9537c7326160ef6e8c39d2030d0f2117651ab511af02aa9af
Opcode Fuzzy Hash: 10568e210f0015efa9d2be5371e40f17c6cdac9847b3db0fd53ebaa02a834ebd
Instruction Fuzzy Hash: FA015EB5605208BFDB00EFA9FD85A9A73ECEB08319F010511F604EB1A2D670E984DB74

Function 00E155C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43threadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E54318), ref: 00E155D6
CreateThread.KERNEL32(00000000,00000000,Function_000B5344,00000000,00000000,?), ref: 00E15621
LeaveCriticalSection.KERNEL32(00E54318,00E1564A,00E54318), ref: 00E1563D

Strings

<C, xrefs: 00E155E9
@C, xrefs: 00E155F5

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$CreateEnterLeaveThread
String ID: <C$@C
API String ID: 3248002076-2933748388
Opcode ID: 36c069b1fe2a06f8530ae6a902f6974a41ec7c47aa6b47e1946cd2d21617fc61
Instruction ID: 09e4f5f3f708d7d0777fc670f3be27b9f0b0fbab273411ad16fffb2e2a466707
Opcode Fuzzy Hash: 36c069b1fe2a06f8530ae6a902f6974a41ec7c47aa6b47e1946cd2d21617fc61
Instruction Fuzzy Hash: 84F022B5348704BFE31197556C03B2A3699C7C5B48F911470F800B72F0D5B05D4581B9

Function 00DC2A98 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00D76164: GetCurrentThreadId.KERNEL32 ref: 00D76196
Part of subcall function 00D76164: GetCurrentThreadId.KERNEL32 ref: 00D761BB
Part of subcall function 00D76164: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00000000,00000000,?,?,00000000,00D763E2), ref: 00D76206
Part of subcall function 00D76164: ReleaseMutex.KERNEL32(00000000,00D76294,00000000,000000FF,?,?,00000000,00D763E2), ref: 00D76287

CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00DF1B4A), ref: 00DC2AD5
CreateThread.KERNEL32(00000000,00000000,Function_00062944,00000000,00000004,00E48D7C), ref: 00DC2AF1

Part of subcall function 00DB3D68: RaiseException.KERNEL32(406D1388,00000000,00000004,00001000,00000000,00DB3DF5,?,00000000,00000000,00000000,00000000,00DB3E15,?,?,00000000), ref: 00DB3DE6

SetThreadPriority.KERNEL32(00000000,00000002,00000000,00000000,Function_00062944,00000000,00000004,00E48D7C,00000000,000000FF,00000000,00000000,00DF1B4A), ref: 00DC2B1B
ResumeThread.KERNEL32(00000000,00000000,00000002,00000000,00000000,Function_00062944,00000000,00000004,00E48D7C,00000000,000000FF,00000000,00000000,00DF1B4A), ref: 00DC2B26

Strings

madExcept - AntiFreezeThread, xrefs: 00DC2B04

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Thread$CreateCurrent$EventExceptionMutexObjectPriorityRaiseReleaseResumeSingleWait
String ID: madExcept - AntiFreezeThread
API String ID: 1128334371-1231643230
Opcode ID: f3e9f8a5c33c790305e6496011f792d3b53e60d90cb8f82384a2b61cd50a4dff
Instruction ID: dc09ac7cde0bc46115cb189daff762a6c3725daaa42eae91b3584265ec3225fe
Opcode Fuzzy Hash: f3e9f8a5c33c790305e6496011f792d3b53e60d90cb8f82384a2b61cd50a4dff
Instruction Fuzzy Hash: 1E01FF78F423019ED711BB75ED46F2D336AA7A2700F584528B2217B1E5DEB4584AD730

Function 00DB48C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00000008,00000008,?), ref: 00DB4900
ReadProcessMemory.KERNEL32(00000000,00000000,00000008,00000008,?), ref: 00DB4906

Strings

4tpx, xrefs: 00DB4919
Edam, xrefs: 00DB490F
Exception, xrefs: 00DB48CE

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Process$CurrentMemoryRead
String ID: 4tpx$Edam$Exception
API String ID: 267060218-1887312579
Opcode ID: 6619199880c187aefd175869c7b75fa91137fdc910c3f5706b9468f3aac85788
Instruction ID: 25ddb2e36ff51b6ba6ddece96e0508f8a95abeac12b99edcae63f3558dc3f729
Opcode Fuzzy Hash: 6619199880c187aefd175869c7b75fa91137fdc910c3f5706b9468f3aac85788
Instruction Fuzzy Hash: D0F06D65600201D7CF20DEA89885BEB33D8AB04352F48082CBA96CB257D730C8458B33

Function 00D763F8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,?,00000000,00D7662F), ref: 00D76408

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,00000000,user32.dll,ChangeWindowMessageFilterEx,?,00000000,00D7662F), ref: 00D7642C

Strings

ChangeWindowMessageFilter, xrefs: 00D76422
ChangeWindowMessageFilterEx, xrefs: 00D763FE
user32.dll, xrefs: 00D76403, 00D76427

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModule$AddressProc
String ID: ChangeWindowMessageFilter$ChangeWindowMessageFilterEx$user32.dll
API String ID: 1883125708-1782194287
Opcode ID: a44816b54fcc5609b1c1bf614ce48cf541d37df3fb361b1b679ee09b086ac933
Instruction ID: 8d0cd756d27c996ff1fcdc2d3db8c53a82d91abc1e1ad0d91bb19ab5b1e4394f
Opcode Fuzzy Hash: a44816b54fcc5609b1c1bf614ce48cf541d37df3fb361b1b679ee09b086ac933
Instruction Fuzzy Hash: C3E0ECA1B99B153EEA2072F53C83FAA114ECF48BADF14C012B548E10C6FAC5CC140871

Function 00E3D3D8 Relevance: 7.7, APIs: 6, Instructions: 211COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,00E3D630,?,00000000,00E3D678,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E3D417

Part of subcall function 00E3AEC8: SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3D46B,?,?), ref: 00E3AFA4

SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D61F,?,?,00000000,00E3D630,?,00000000), ref: 00E3D47A
SetLastError.KERNEL32(000000EA,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D61F,?,?,00000000,00E3D630), ref: 00E3D4E9
SetLastError.KERNEL32(000000EA,000000EA,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D61F,?,?,00000000,00E3D630), ref: 00E3D558
SetLastError.KERNEL32(000000EA,000000EA,000000EA,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D61F,?,?,00000000), ref: 00E3D5D3
LeaveCriticalSection.KERNEL32(?,00E3D626,?,00000000,00000000,00000000,00000000,00E3D61F,?,?,00000000,00E3D630,?,00000000,00E3D678), ref: 00E3D619

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CriticalSection$EnterLeave
String ID:
API String ID: 2269797833-0
Opcode ID: 7dfa092ba66ddc980d3fc0ec343d439a36a15ae3414dc17b54cd7300564a2e08
Instruction ID: c3f2ac3179c9ebe153ad733792c9905b7a697bbb3666b9b2223e44ae12121b5f
Opcode Fuzzy Hash: 7dfa092ba66ddc980d3fc0ec343d439a36a15ae3414dc17b54cd7300564a2e08
Instruction Fuzzy Hash: D071387170410AEFDB14DFA8D896AAE7BF5EF49308F214568E415E7251DB30ED01CBA0

Function 00E3D68C Relevance: 7.7, APIs: 6, Instructions: 211COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,00E3D8E4,?,00000000,00E3D92C,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E3D6CB

Part of subcall function 00E3B018: SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3D71F,?,?), ref: 00E3B0F4

SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D8D3,?,?,00000000,00E3D8E4,?,00000000), ref: 00E3D72E
SetLastError.KERNEL32(000000EA,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D8D3,?,?,00000000,00E3D8E4), ref: 00E3D79D
SetLastError.KERNEL32(000000EA,000000EA,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D8D3,?,?,00000000,00E3D8E4), ref: 00E3D80C
SetLastError.KERNEL32(000000EA,000000EA,000000EA,00000000,?,?,?,?,00000000,00000000,00000000,00000000,00E3D8D3,?,?,00000000), ref: 00E3D887
LeaveCriticalSection.KERNEL32(?,00E3D8DA,?,00000000,00000000,00000000,00000000,00E3D8D3,?,?,00000000,00E3D8E4,?,00000000,00E3D92C), ref: 00E3D8CD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CriticalSection$EnterLeave
String ID:
API String ID: 2269797833-0
Opcode ID: 50fcad72a1285bff4a9a5d98c6f436e586505e334893d57c3814a9e82a0bece7
Instruction ID: 8c65e17914f74ef4f63063b05bec000be95c5dc0d1d25970278204ae96d9f38f
Opcode Fuzzy Hash: 50fcad72a1285bff4a9a5d98c6f436e586505e334893d57c3814a9e82a0bece7
Instruction Fuzzy Hash: 0F714A71B0410A9FDB08DFA8D896AAEBBF5EF49304F214569E415EB355DB30ED01CBA0

Function 00DD7618 Relevance: 7.6, APIs: 5, Instructions: 108COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DD775B,?,00000018,00000000,00000000,00000000,00000000,?,00DD7BC5,?,00000000,00DD8313,?,?,?), ref: 00DD7685
GetFileAttributesW.KERNEL32(00000000,00000000,00DD775B,?,00000018,00000000,00000000,00000000,00000000,?,00DD7BC5,?,00000000,00DD8313,?,?), ref: 00DD769A
CreateDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,00DD775B,?,00000018,00000000,00000000,00000000,00000000,?,00DD7BC5,?,00000000,00DD8313), ref: 00DD76C0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AttributesCreateDirectoryFileVersion
String ID:
API String ID: 3113577747-0
Opcode ID: d06deb6648e876bba2e21da4cab1c4f700998d851e19ca8fd0591c2be4a6abff
Instruction ID: 350f7bc1b5b877147364994e8dd5ff824a3d791c1f8d3561888a6441efdfb264
Opcode Fuzzy Hash: d06deb6648e876bba2e21da4cab1c4f700998d851e19ca8fd0591c2be4a6abff
Instruction Fuzzy Hash: B4318534A08109EFDF50EBE8C992BAEB3B9EF04314F6045A6F41097391EB70DE009670

Function 00D75F98 Relevance: 7.6, APIs: 5, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

IsWindowUnicode.USER32(?), ref: 00D75FC6
DefWindowProcW.USER32(?,?,?,?,?,00000000,00D76124), ref: 00D75FDF
DefWindowProcA.USER32(?,?,?,?,?,00000000,00D76124), ref: 00D75FF9
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,00000000,00D76124), ref: 00D7602B
ReleaseMutex.KERNEL32(00000000,00D760A0,00000000,000000FF,?,?,?,?,?,00000000,00D76124), ref: 00D76093

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$Proc$MutexObjectReleaseSingleUnicodeWait
String ID:
API String ID: 777920220-0
Opcode ID: cefb4e2be923d445a1e2d85181e85981bd2fdbd2b96e4173d21f40a884e18ab3
Instruction ID: ddbbeab73b1f45f7f00e552af1dce15c256183b6dc1fc2585437de7d13cc52c0
Opcode Fuzzy Hash: cefb4e2be923d445a1e2d85181e85981bd2fdbd2b96e4173d21f40a884e18ab3
Instruction Fuzzy Hash: CC318A75600A08AFCB11DFA9EC91D5A77ECEB49320BA18965F81CC7251FA30ED44CB70

Function 00D768B8 Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00D769B2), ref: 00D768E7
GetVersion.KERNEL32(?,?,0000001C,00000000,00D769B2), ref: 00D76910
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,0000001C,00000000,00D769B2), ref: 00D7692C
GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,0000001C,00000000,00D769B2), ref: 00D76948
GetVersion.KERNEL32(?,?,00000104,?,?,0000001C,00000000,00D769B2), ref: 00D7695B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileModuleNameVersion$QueryVirtual
String ID:
API String ID: 3263203797-0
Opcode ID: 4f600d08ddbfaa9566c1dcd940be88899f60a7d3321322d1910c5a414bd70244
Instruction ID: dd2a6da61507fc9280d09cfd31004d062fbdc6701c6d6d870053c1575f3feeb7
Opcode Fuzzy Hash: 4f600d08ddbfaa9566c1dcd940be88899f60a7d3321322d1910c5a414bd70244
Instruction Fuzzy Hash: 7321A171A0471AAFDB20DAA5DC86BAEB3ACEB48300F548465FA4CD3241F774DD848E70

Function 00D9669C Relevance: 7.6, APIs: 5, Instructions: 79windowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00D96774,?,?,?,00000000,?,00D96648), ref: 00D966BF
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D966D5
SendMessageW.USER32(00000000,0000000D,00000000,?), ref: 00D966F8
SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 00D96713
SendMessageA.USER32(00000000,0000000D,00000000,?), ref: 00D96738

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MessageSend$Version
String ID:
API String ID: 1470452508-0
Opcode ID: 27b619a773f644045043311ceceac42e5c3b39655f760089e0266ad4b2f395f0
Instruction ID: fb72b879355fc0e712cef998683a7682f909d8e91f74bbdc7316c0b5b56f7041
Opcode Fuzzy Hash: 27b619a773f644045043311ceceac42e5c3b39655f760089e0266ad4b2f395f0
Instruction Fuzzy Hash: 0D210E75744204ABDB14EFA8CD92F5F33ECEB48704F5109A2B901DB196DAB5ED0497B0

Function 00D647A4 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(02C40000,00000000,00008000), ref: 00D647C2
VirtualFree.KERNEL32(00E50AF8,00000000,00008000), ref: 00D6483E

Strings

x@, xrefs: 00D647D2
t, xrefs: 00D64816
T, xrefs: 00D647A8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID: T$t$x@
API String ID: 1263568516-1988746906
Opcode ID: 3be4870b38265e7e7603f2def46b2d6be002c0d6a69701d6a93e55c2423a7c9e
Instruction ID: e3f249f6d61ff65f068d5e666e1483aa88aaafcd87f5d3b9f8a0cea65e34c012
Opcode Fuzzy Hash: 3be4870b38265e7e7603f2def46b2d6be002c0d6a69701d6a93e55c2423a7c9e
Instruction Fuzzy Hash: AF119EB16006509FC7A8CF18A841B26BBE0FB89710F1584BDE649EF741DB74EC01CBA4

Function 00DE4440 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E54154), ref: 00DE444A
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000001,00000000,00DE44C0,?,00E54154), ref: 00DE447E
VirtualAlloc.KERNEL32(00000000,00080000,00001000,00000001,00000000,00400000,00002000,00000001,00000000,00DE44C0,?,00E54154), ref: 00DE4493
LeaveCriticalSection.KERNEL32(00E54154,00DE44C7,00E54154), ref: 00DE44BA

Strings

4A, xrefs: 00DE446B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AllocCriticalSectionVirtual$EnterLeave
String ID: 4A
API String ID: 441332069-3306699992
Opcode ID: 6a93b6cdd0c27f7318304d91be316d03be383c8a49212e74a880bc57bdc526a1
Instruction ID: dd1f28c1bf2975da8788f858de80c8f476216da92d7ec18edf21850009b2dcc3
Opcode Fuzzy Hash: 6a93b6cdd0c27f7318304d91be316d03be383c8a49212e74a880bc57bdc526a1
Instruction Fuzzy Hash: 49F050B07847C03FF72237526D03F553985D311F54F550460FE00391D1C6F518889275

Function 00D7324C Relevance: 7.5, APIs: 5, Instructions: 28windowthreadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 00D73258
GetCurrentThreadId.KERNEL32 ref: 00D7325F
TranslateMessage.USER32 ref: 00D7326B
DispatchMessageW.USER32 ref: 00D73271
PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 00D73283

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Message$Thread$CurrentDispatchPeekProcessTranslateWindow
String ID:
API String ID: 2485617765-0
Opcode ID: 967897088729052375da5935eae45e42491aa351a1e8edb630ec24cf129fb61b
Instruction ID: 343cde5408fb840cba52b6dfe5fd4b023c32947e84db494518f3c05d8c063c0e
Opcode Fuzzy Hash: 967897088729052375da5935eae45e42491aa351a1e8edb630ec24cf129fb61b
Instruction Fuzzy Hash: 7EE08661F4034077DF10B6B45CC3F9A314D9F54700F544915BA48DF1C3F69AD51452B6

Function 00E0AC20 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00E063BC: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00E066A8), ref: 00E0645E
Part of subcall function 00E063BC: GetProcAddress.KERNEL32(00000000,00000000), ref: 00E06464
Part of subcall function 00E063BC: GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E064C6

Part of subcall function 00E063BC: InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06605
Part of subcall function 00E063BC: SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06613
Part of subcall function 00E063BC: FreeSid.ADVAPI32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06622
Part of subcall function 00E063BC: FreeSid.ADVAPI32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06631
Part of subcall function 00E063BC: FreeSid.ADVAPI32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E06640
Part of subcall function 00E063BC: LocalFree.KERNEL32(00000000,?,000000FF,?,00000000,?,00000001,00000000,00000000,00000000,00000000,00E066A8), ref: 00E0664F

InitializeCriticalSection.KERNEL32(00E541FC,00000001,00000001,00E43937,00000000,00E43945), ref: 00E0AC86
SetLastError.KERNEL32(00000000,00E541FC,00000001,00000001,00E43937,00000000,00E43945), ref: 00E0AC8D

Strings

PY, xrefs: 00E0AC3A
U, xrefs: 00E0AC20
A, xrefs: 00E0AC70

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Free$DescriptorInitializeSecurity$AddressCriticalCurrentDaclErrorHandleLastLocalModuleProcProcessSection
String ID: PY$U$A
API String ID: 461147599-942117885
Opcode ID: db9c3c9cfc3acefcb2b313b14f77aa7cf9dd3814e121ddaa57b96a79b9108b63
Instruction ID: 3d5ea6f7a7267771ce92ab8f96bab86a76f06f5752ea1109b2510a84d8bb513f
Opcode Fuzzy Hash: db9c3c9cfc3acefcb2b313b14f77aa7cf9dd3814e121ddaa57b96a79b9108b63
Instruction Fuzzy Hash: 3FF09A683093804FD301AB6AAD036093AA19B97706F056890BD40BB3E3DA6198D98332

Function 00DCAE54 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 248networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00DCAF44
WSACleanup.WSOCK32(?,00000002,?,00000101,?), ref: 00DCB131

Strings

K.ROOT-SERVERS.NET, xrefs: 00DCB007
A.ROOT-SERVERS.NET, xrefs: 00DCAFFC

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CleanupStartup
String ID: A.ROOT-SERVERS.NET$K.ROOT-SERVERS.NET
API String ID: 915672949-2832217723
Opcode ID: 767d12cb2161fd2565d218fc49df6449050ef3126f6dab420686955532abbda2
Instruction ID: ed6ed27eadd4d4b7d5634384e873e5e7bee82761dbf305bde005647999be8bad
Opcode Fuzzy Hash: 767d12cb2161fd2565d218fc49df6449050ef3126f6dab420686955532abbda2
Instruction Fuzzy Hash: CBA12B74A0020E9FCB10DB98C892FEFB7B9EF48314F14416AE515A7291DB74AE45CBB1

Function 00DEA846 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237synchronizationthreadCOMMON

Download Yara Rule

APIs

SetThreadPriority.KERNEL32(00000000,00000002), ref: 00DEA93E
WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00000002), ref: 00DEA95F
WaitForSingleObject.KERNEL32(00000000,?), ref: 00DEA997

Strings

LM, xrefs: 00DEAA47

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ObjectSingleWait$PriorityThread
String ID: LM
API String ID: 3532073056-1181493358
Opcode ID: a57f9282833918e1276c15ee2a1ce0300dc45858a3f06d058c7588088df5d0fd
Instruction ID: 3e24471fdcda690f19abb84d0fdae84f3940a51ef18102bd5bdc92526ff9c264
Opcode Fuzzy Hash: a57f9282833918e1276c15ee2a1ce0300dc45858a3f06d058c7588088df5d0fd
Instruction Fuzzy Hash: FEA11C74A0024A9FDB01EF99C985AAE77F5FF49300F5540A0EA04AB356DB30AD85CBB1

Function 00DE8178 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 233COMMON

Download Yara Rule

APIs

Part of subcall function 00DE962C: GetCurrentThreadId.KERNEL32 ref: 00DE9644
Part of subcall function 00DE962C: VirtualAlloc.KERNEL32(00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,00000000), ref: 00DE96B5
Part of subcall function 00DE962C: GetThreadContext.KERNEL32(?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,00000000), ref: 00DE96C7
Part of subcall function 00DE962C: VirtualQuery.KERNEL32(?,?,0000001C,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 00DE96DD
Part of subcall function 00DE962C: VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 00DE9731
Part of subcall function 00DE962C: GetThreadPriority.KERNEL32(?,00000000,00000000,00008000,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000,00000000), ref: 00DE973A
Part of subcall function 00DE962C: CloseHandle.KERNEL32(?,?,00000000,00000000,00008000,?,00000000,00000000,000002CC,00001000,00000004,00000000,00000000,00000000,?,00000000), ref: 00DE9760

VirtualQuery.KERNEL32(?,?,0000001C,?,00000000,?,0000001C,?,00000000,00DE8410,?,00000000,00DE8460,?,?,?), ref: 00DE8262

Strings

>> , xrefs: 00DE8342
at:, xrefs: 00DE83DA
>> created by , xrefs: 00DE83B7

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Virtual$Thread$Query$AllocCloseContextCurrentFreeHandlePriority
String ID: >> created by $ at:$>>
API String ID: 3151973228-564896474
Opcode ID: 9d4a53a9f03560381f0c95830ec464102dd93d42df7c315d95616cfdf56ec0a4
Instruction ID: 4963c90a280b374a09ee37fee0b3da5834853086ff882fdb6b5107d112ee6633
Opcode Fuzzy Hash: 9d4a53a9f03560381f0c95830ec464102dd93d42df7c315d95616cfdf56ec0a4
Instruction Fuzzy Hash: 519117B5600259AFCB11DF59C884E9AB7F9FB08300F0581A5F909DB262D734EE95DBB0

Function 00D7E3D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00D7E5D4), ref: 00D7E422

Strings

sub_, xrefs: 00D7E46C
Internal error in ParseFunction while composing the disassembling string... :-(, xrefs: 00D7E552
public , xrefs: 00D7E47E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: QueryVirtual
String ID: Internal error in ParseFunction while composing the disassembling string... :-($public $sub_
API String ID: 1804819252-1785495281
Opcode ID: e78bf31a6c9eacd942142e14798c53be21b1b3e85e73fa6b88e57c3ef769dea1
Instruction ID: 2aa7336fe24bf550733b3a3c70bf9e56509b8142fb9f652d51e1f299c92d9273
Opcode Fuzzy Hash: e78bf31a6c9eacd942142e14798c53be21b1b3e85e73fa6b88e57c3ef769dea1
Instruction Fuzzy Hash: 1E61F57190020C9FCB10DFA8D881ADEB7F5FF4C318F548565E409A7291EB74AA45CB71

Function 00DC78BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00DB72AC: FindResourceA.KERNEL32(00000000,TMADEXCEPT,0000000A), ref: 00DB72B4

GetModuleHandleW.KERNEL32(madExceptIde_.bpl,00000000,00DC7A29,?,?,?,?), ref: 00DC792B
GetModuleFileNameA.KERNEL32(00DC7BF0,?,00000004,00000000,?,0000001C,madExceptIde_.bpl,00000000,00DC7A29,?,?,?,?), ref: 00DC7990
VirtualQuery.KERNEL32(00000000,?,0000001C,madExceptIde_.bpl,00000000,00DC7A29,?,?,?,?), ref: 00DC7A05

Strings

madExceptIde_.bpl, xrefs: 00DC7926

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Module$FileFindHandleNameQueryResourceVirtual
String ID: madExceptIde_.bpl
API String ID: 4047953117-1018132612
Opcode ID: 3bb4cc83893289b7fa308f78cf73ed9f79e2eaf7823c60fe66044e0c2219ed9e
Instruction ID: fce14ee1fd3b25797c16c9632d5887dab278787a37b1053395bbe3aa15c2140b
Opcode Fuzzy Hash: 3bb4cc83893289b7fa308f78cf73ed9f79e2eaf7823c60fe66044e0c2219ed9e
Instruction Fuzzy Hash: 3D415E30A086069BDB25EA69CD82F9DB3B6EB45300F184169F800AB295DF31EE45CF71

Function 00D95828 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?), ref: 00D9584F
GetVersion.KERNEL32(?,?,?,00000000,00D95952,?,?,?,?,00000000,00000000), ref: 00D95864
EnableWindow.USER32(?,00000000), ref: 00D95932

Part of subcall function 00D6E214: CreateWindowExA.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00D6E251

Strings

MZP, xrefs: 00D95892, 00D958DC

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Window$CreateEnableOffsetRectVersion
String ID: MZP
API String ID: 2089193182-2889622443
Opcode ID: 922fc01765a68b7fc13e95631867a6693e4d208466004e603b06370756e466af
Instruction ID: 80f1ce2193636a8db7f0223fb860c6bf6a22fd2e11d841a81405f4d8b1a969c7
Opcode Fuzzy Hash: 922fc01765a68b7fc13e95631867a6693e4d208466004e603b06370756e466af
Instruction Fuzzy Hash: 09415871200244AFEB10DFA8D892F6AB7ECEF48710F108569F949DB296CA30ED00CB70

Function 00D7ED00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,00000000,0000001C,00100040,00000000,00000000), ref: 00D7ED30
VirtualProtect.KERNEL32(?,?,00000020,00DB23C0,?,?,00000000,0000001C,00100040,00000000,00000000), ref: 00D7EDCE
VirtualProtect.KERNEL32(?,?,00DB23C0,00DB23C0,?,?,00000020,00DB23C0,?,?,00000000,0000001C,00100040,00000000,00000000), ref: 00D7EE00

Strings

n, xrefs: 00D7ED4F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Virtual$Protect$Query
String ID: n
API String ID: 3618607426-2013832146
Opcode ID: 6d81cd7927756fb23d913841cf4f76fca8bb493267fd8954d50e3de39d3b74e7
Instruction ID: e925d76b81db720726abf97053673faf161fb03ce04755b922afe8994bf3b6cb
Opcode Fuzzy Hash: 6d81cd7927756fb23d913841cf4f76fca8bb493267fd8954d50e3de39d3b74e7
Instruction Fuzzy Hash: 2A316C34E04248AFDB21DAE8D841BEEBBB9EB0D314F1484D5E458E3291E7749E44DB70

Function 00D67318 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D6734C
FreeLibrary.KERNEL32(00D60000,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread,00D64A3F), ref: 00D673FE
ExitProcess.KERNEL32(00000000,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread,00D64A3F), ref: 00D6743A

Part of subcall function 00D67288: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread), ref: 00D672C1
Part of subcall function 00D67288: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?,?,00D67462,00D649DF,00D64A26,00000000), ref: 00D672C7
Part of subcall function 00D67288: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?), ref: 00D672E2
Part of subcall function 00D67288: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C), ref: 00D672E8

Strings

MZP, xrefs: 00D673FD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: a433e4287391511ee2810f12b165586fbc3f8eae7f069b4146ccfed6d6f2e70b
Instruction ID: 474a16da3444d8667b0a0d76605a074afba57b1dbe464516b7b2dc96a8eda858
Opcode Fuzzy Hash: a433e4287391511ee2810f12b165586fbc3f8eae7f069b4146ccfed6d6f2e70b
Instruction Fuzzy Hash: 9131B6345087498FDB32EF79D84931A7BE1BB0531CF180929E86593292DBB4A8C9C772

Function 00D67320 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D6734C
FreeLibrary.KERNEL32(00D60000,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread,00D64A3F), ref: 00D673FE
ExitProcess.KERNEL32(00000000,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread,00D64A3F), ref: 00D6743A

Part of subcall function 00D67288: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?,?,00D67462,00D649DF,00D64A26,00000000,madExcept - TraceProcessThread), ref: 00D672C1
Part of subcall function 00D67288: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?,?,00D67462,00D649DF,00D64A26,00000000), ref: 00D672C7
Part of subcall function 00D67288: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C,?,?,?), ref: 00D672E2
Part of subcall function 00D67288: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00D6733C), ref: 00D672E8

Strings

MZP, xrefs: 00D673FD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: 030393e9022b37a7529d0ee1268a3f005b5b2552f6a7c1a4f8d0160503394fe1
Instruction ID: 7f286974890db040cd5407dd8799e2b33158bcb9acc05d2c22b452bf1e9bacd4
Opcode Fuzzy Hash: 030393e9022b37a7529d0ee1268a3f005b5b2552f6a7c1a4f8d0160503394fe1
Instruction Fuzzy Hash: C431A6345087498FDB31EF79D84932A7BE1FB0531CF180929E86592292DBB4A8C9C772

Function 00DA7340 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,00DA7423), ref: 00DA73C6
GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,00DA7423), ref: 00DA73CC

Strings

yyyy, xrefs: 00DA73A1
, xrefs: 00DA7392

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: DateFormatLocaleThread
String ID: $yyyy
API String ID: 3303714858-404527807
Opcode ID: f0aa1fe05e39e3463bce64c3ece8047d8cd3eab5594f1a9665a0596a9801657e
Instruction ID: 5c8f0711874c3bac8477fe793357f5a2508aff949383342fce51a2f99b92cf48
Opcode Fuzzy Hash: f0aa1fe05e39e3463bce64c3ece8047d8cd3eab5594f1a9665a0596a9801657e
Instruction Fuzzy Hash: 5B219035A086189FDB11EF98CC46AAEB7F8EF09700F5504A5FC04E7251EA749E04DBB1

Function 00E0727C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E541FC,?,?,?,?,00E07322), ref: 00E07287
GetCurrentThreadId.KERNEL32 ref: 00E072A2
GetCurrentThreadId.KERNEL32 ref: 00E072F0

Strings

Tr, xrefs: 00E072E2

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread$CriticalEnterSection
String ID: Tr
API String ID: 1114456710-3199474906
Opcode ID: b643d7a15cbe3065bb283208f3b220d6925b9db92bdace33096218a162435e02
Instruction ID: 0b25bbfd0471e4677e808bb3d81b4c69f49492d1cdb40e69c64b14ea9a462363
Opcode Fuzzy Hash: b643d7a15cbe3065bb283208f3b220d6925b9db92bdace33096218a162435e02
Instruction Fuzzy Hash: 490147F6F441151BC214D76ADC5159A738BEBC432AB242220F894E73F1DD31AC8693B0

Function 00DE4DA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(advapi32.dll,CheckTokenMembership), ref: 00DE4DB1

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Part of subcall function 00D6D4FC: AllocateAndInitializeSid.ADVAPI32(00E48558,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00DC7BF0,?,00DB31C5,00000000,00000000), ref: 00D6D523

FreeSid.ADVAPI32(00000000), ref: 00DE4E10

Strings

CheckTokenMembership, xrefs: 00DE4DA7
advapi32.dll, xrefs: 00DE4DAC

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressAllocateFreeInitializeLibraryLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 3139836957-1888249752
Opcode ID: 59a4918bb6f7d35d7865cc6e3c2e886f82071533421b7a23cd57b6b62072e3ad
Instruction ID: 92c7ad3cb6c2e4e0db70a9e6f19b77f43855447f4b8d1aad9ffae8b458f4cf8a
Opcode Fuzzy Hash: 59a4918bb6f7d35d7865cc6e3c2e886f82071533421b7a23cd57b6b62072e3ad
Instruction Fuzzy Hash: 26F09071B493556FE210F9EAAC86B6B728CEB84F54F080529B950D72C1DA60DC0497B1

Function 00DB4288 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00D7141C,00DEA609), ref: 00DB42AC
GetCurrentProcessId.KERNEL32(?,00D7141C,00DEA609), ref: 00DB42E6
Sleep.KERNEL32(0000000A,?,00D7141C,00DEA609), ref: 00DB430A

Strings

D, xrefs: 00DB428C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcessSleepVersion
String ID: D
API String ID: 2673758733-3280389146
Opcode ID: 5de3a8afb04f7f4826f50976d2afc3c0307c545625ae2bea22ae0d184e47de58
Instruction ID: 9d9f9951b71cdacc3854f384781e803b8a1c131ada835ad457af91e35a88f962
Opcode Fuzzy Hash: 5de3a8afb04f7f4826f50976d2afc3c0307c545625ae2bea22ae0d184e47de58
Instruction Fuzzy Hash: F801A421B89351DFEF21E2F9A9413E922809F57348F5C0161FD839B653DA548C44B23E

Function 00DEBDB4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46threadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,?), ref: 00DEBDE0
GetCurrentProcessId.KERNEL32(?,?,00000000,00DEBE49), ref: 00DEBDE5
GetClassNameA.USER32(?,?,00000104), ref: 00DEBDFC

Strings

madExceptWndClass, xrefs: 00DEBE1D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Process$ClassCurrentNameThreadWindow
String ID: madExceptWndClass
API String ID: 1921375019-182246700
Opcode ID: 8f24523a0129488bd791cca790b2fa06243802a2b576a8b6d0662980724a7963
Instruction ID: ef40e52d72ef712d748d516826dcad425802155d033dc59eaa8f6d2b46327606
Opcode Fuzzy Hash: 8f24523a0129488bd791cca790b2fa06243802a2b576a8b6d0662980724a7963
Instruction Fuzzy Hash: 6901797590055C5FD721EF64CC529DBB3ADEB48720F5105A2F614D7692D7706E408AB0

Function 00DC9710 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wininet.dll,?,?,00DC97CF,?,00DD9507), ref: 00DC9725

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

FreeLibrary.KERNEL32(00000000), ref: 00DC9755

Strings

InternetAttemptConnect, xrefs: 00DC972C
wininet.dll, xrefs: 00DC9720

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Library$AddressFreeLoadProc
String ID: InternetAttemptConnect$wininet.dll
API String ID: 145871493-978457503
Opcode ID: d08a1fc07af7b2271a9202cc45aec529f79d152ebfd7e8355f2f3bd7deecdfa1
Instruction ID: 910548d993d2a45377b3b1a04486c1da61e5da70697b0c11a9133c30150dd214
Opcode Fuzzy Hash: d08a1fc07af7b2271a9202cc45aec529f79d152ebfd7e8355f2f3bd7deecdfa1
Instruction Fuzzy Hash: DFE04F1073B3136AAE903DF42DAAFBA9388CF19395B180439B946D71C3D5818C062276

Function 00E3BE78 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 24COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00E54318,00000000,00E3BEC9), ref: 00E3BE96

Strings

<C, xrefs: 00E3BEAB
0C, xrefs: 00E3BE9B
R, xrefs: 00E3BEB0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalDeleteSection
String ID: 0C$<C$R
API String ID: 166494926-264959654
Opcode ID: 1a9f0f6b62588d57783d26adf552b5e6f1d7c94bb311ee884942932dc0e75945
Instruction ID: 84268e591b81eb3f781416c7332ed20ecc228261cf482d2941bf9a5bc8f1d620
Opcode Fuzzy Hash: 1a9f0f6b62588d57783d26adf552b5e6f1d7c94bb311ee884942932dc0e75945
Instruction Fuzzy Hash: 14E0D8B52047048F93015B56EC1381637A8D3C5B067916D71FE02736B1C6705C56D6B5

Function 00E3CBFC Relevance: 6.4, APIs: 5, Instructions: 111COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,00E3CD46,?,00000000,00E3CD89), ref: 00E3CC3B
SetLastError.KERNEL32(00000000,00000000,00000000,00E3CD35,?,?,00000000,00E3CD46,?,00000000,00E3CD89), ref: 00E3CCCB
SetLastError.KERNEL32(000000EA,00000000,00000000,00E3CD35,?,?,00000000,00E3CD46,?,00000000,00E3CD89), ref: 00E3CD01
SetLastError.KERNEL32(00000002,00000000,00000000,00E3CD35,?,?,00000000,00E3CD46,?,00000000,00E3CD89), ref: 00E3CD19
LeaveCriticalSection.KERNEL32(?,00E3CD3C,00E3CD35,?,?,00000000,00E3CD46,?,00000000,00E3CD89), ref: 00E3CD2F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CriticalSection$EnterLeave
String ID:
API String ID: 2269797833-0
Opcode ID: aae50c378d429f9bca5161f77b93ccc10d9fe04d18c728569cfc435f2a808194
Instruction ID: 1247d818812a545f0338c047802d7d532af2d0e8e2fdffc833bff00b714c2c02
Opcode Fuzzy Hash: aae50c378d429f9bca5161f77b93ccc10d9fe04d18c728569cfc435f2a808194
Instruction Fuzzy Hash: 37414F70A00219AFDB15DFA8D89AA9EBBB5EF49704F6045B4F805F7251D730EE01CB61

Function 00DC1FE0 Relevance: 6.3, APIs: 4, Instructions: 316windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(00000000,00000000,00000001,?,00000000,000005DC,?), ref: 00DC21CC
SendMessageTimeoutA.USER32(00000000,00000000,00000000,?,00000000,7FFFFFFE,00000309), ref: 00DC21FB
SetWindowPos.USER32(00000000,000000FE,00000000,00000000,00000000,00000000,00000003), ref: 00DC22F7
SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003,?), ref: 00DC231F

Part of subcall function 00DE4BBC: EnterCriticalSection.KERNEL32(00000000,?,?,?,00DC2052), ref: 00DE4BD8
Part of subcall function 00DE4BBC: LeaveCriticalSection.KERNEL32(00000000,00DE4C65,00000000,?,?,?,00DC2052), ref: 00DE4C58

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalMessageSectionSendTimeoutWindow$EnterLeave
String ID:
API String ID: 878304210-0
Opcode ID: 5b19838d7ab38c43beb432bb9edd7bada7c5f90dd4d4b6ca668870ceadf2a86b
Instruction ID: 68645fbc02da8571a25bab09e29888e9f3f7f8aae31f290133adc5616cf355c3
Opcode Fuzzy Hash: 5b19838d7ab38c43beb432bb9edd7bada7c5f90dd4d4b6ca668870ceadf2a86b
Instruction Fuzzy Hash: E8D1913490428A9FDF11DBA4C844FFDBBB5AF06314F18415EE940AB292C7749A8ACB75

Function 00DCB1E8 Relevance: 6.2, APIs: 4, Instructions: 221fileCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00DCB338
CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00DCB35F
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00DCB3BB

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: File$CreateSizeVersion
String ID:
API String ID: 375777597-0
Opcode ID: d903440dab5ae5e647aa08e646ab0f1ceea4ff013b34586d084de54955b50715
Instruction ID: 351628249eb6c9f88f7791d0110d83297a0f3ee0bd3d966942de2efc3bee0abc
Opcode Fuzzy Hash: d903440dab5ae5e647aa08e646ab0f1ceea4ff013b34586d084de54955b50715
Instruction Fuzzy Hash: 8991D774A00209AFDB14DF58C896F9EB7B5FF49710F2041A4E901AB3A1CB70AD46CB60

Function 00D82E90 Relevance: 6.2, APIs: 4, Instructions: 157fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,-0000000C,00000000,-0000000C), ref: 00D83007
UnmapViewOfFile.KERNEL32(?,-0000000C,00000000,-0000000C), ref: 00D8301C

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileUnmapView
String ID:
API String ID: 2564024751-0
Opcode ID: 2b409476361a17c6dbf7925a3dbc6e690b8bec42c008cdb6de3fd8ecc701adda
Instruction ID: 1a69e2dee1f4eec1f236d9402c7640b856739a107c80306d2f534f9b63d5636c
Opcode Fuzzy Hash: 2b409476361a17c6dbf7925a3dbc6e690b8bec42c008cdb6de3fd8ecc701adda
Instruction Fuzzy Hash: 56510475A002099FCB14EF99D885BEEBBF4EF48314F148225F908AB291D774A985CF70

Function 00D76674 Relevance: 6.2, APIs: 4, Instructions: 155synchronizationthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D7669C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D766B7
IsWindow.USER32(?), ref: 00D767AF
ReleaseMutex.KERNEL32(00000000,00D76848,00000000,000000FF), ref: 00D7683B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentMutexObjectReleaseSingleThreadWaitWindow
String ID:
API String ID: 3208048871-0
Opcode ID: ffd0a5edd0f337c92e83cca9d14945e4b312ff2af2d211a3baf8ba699559ac91
Instruction ID: 28f537160ce27e1241b9023dad5e5a554050a6c1c52bad0a4900eaf196c5c7ee
Opcode Fuzzy Hash: ffd0a5edd0f337c92e83cca9d14945e4b312ff2af2d211a3baf8ba699559ac91
Instruction Fuzzy Hash: 6B518B35A006088FCB14DF2DD891A6AB7A9EF49314B1885A5E848DB266F730ED55CBB0

Function 00DEE9F4 Relevance: 6.1, APIs: 4, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,00000004,00000040,?,00000000,00DEEB64), ref: 00DEEA9B
VirtualProtect.KERNEL32(?,00000004,?,?,?,00000004,00000040,?,00000000,00DEEB64), ref: 00DEEACF
VirtualProtect.KERNEL32(?,00000004,00000040,?,00000000,00DEEB64), ref: 00DEEAFE
VirtualProtect.KERNEL32(?,00000004,?,?,?,00000004,00000040,?,00000000,00DEEB64), ref: 00DEEB2D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2a6201bd4e7dc1fa3c52e2c3fe57a42086a642ba13fc3de3dca0d4cfc4329d95
Instruction ID: ad21b509e7e6922796f7c676922cf86132975ff62b330d38db3a9b920611cfcc
Opcode Fuzzy Hash: 2a6201bd4e7dc1fa3c52e2c3fe57a42086a642ba13fc3de3dca0d4cfc4329d95
Instruction Fuzzy Hash: E8512A74A006499FDB05DF99C880A9AB7F6FF8D310F5981A5E9059B368E770EC41CBB0

Function 00D8ADE4 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(00000000,?,0000001C,00000000,00D8AF6D,?,00000000,00D8AFB2,?,?,?,?,?,00DB670D,00000000,00DB6767), ref: 00D8AE2D
GetVersion.KERNEL32 ref: 00D8AE58
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00D8AE77
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00D8AEAD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileModuleName$QueryVersionVirtual
String ID:
API String ID: 3729666671-0
Opcode ID: e98bfec81edad7fa69a908fbf676d6829c0fa68759662ae1a1d9123f14f6df2f
Instruction ID: 5af555eb729ceb0ca6a07f6516c0e5b385cda4eccf4a474c40059dcd90da6a95
Opcode Fuzzy Hash: e98bfec81edad7fa69a908fbf676d6829c0fa68759662ae1a1d9123f14f6df2f
Instruction Fuzzy Hash: B0419270704309ABEB20EB68DC96B9973A8EF48310F0545A2FA04D7291EB71DE849B71

Function 00DB33C4 Relevance: 6.1, APIs: 4, Instructions: 131COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,?,?,?,?,00000000,?,0000001C), ref: 00DB3444
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,00000000,?,0000001C), ref: 00DB3460
VirtualQuery.KERNEL32(00000000,?,0000001C), ref: 00DB3539

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileModuleNameQueryVersionVirtual
String ID:
API String ID: 574683361-0
Opcode ID: 69166c8bfef92473168e25799f3b94e9f356f7bccd6bb156c9f2a17d0db9a6d0
Instruction ID: 4cb4380e509a1eaf92bc5b98b1afcef6cb829f7298762d9ed051e64dc8312109
Opcode Fuzzy Hash: 69166c8bfef92473168e25799f3b94e9f356f7bccd6bb156c9f2a17d0db9a6d0
Instruction Fuzzy Hash: 7251F871E00208EFDB20DBA8C885ADEB7F9EF48310F1481A5E945A7251DB34AF84DB71

Function 00DDBB18 Relevance: 6.1, APIs: 4, Instructions: 121sleepCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00DDBB33
GetDeviceCaps.GDI32(?,0000000C), ref: 00DDBB3E
Sleep.KERNEL32(0000000A,?,0000000C,?,?), ref: 00DDBBDE
GetTickCount.KERNEL32 ref: 00DDBC6F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CapsClientCountDeviceRectSleepTick
String ID:
API String ID: 3523088245-0
Opcode ID: c8b404f6bf2a148bba58f2d59c106a58f905b6eaf3de0017ea7a8d30143376b0
Instruction ID: a8e8e894a5528da972243bdb02791cd821a79cc52f5ce3ab7c57f24eac1ea5e4
Opcode Fuzzy Hash: c8b404f6bf2a148bba58f2d59c106a58f905b6eaf3de0017ea7a8d30143376b0
Instruction Fuzzy Hash: EE41A272F0060E9BCB04DF58C892BAEB7B5EF85314F15813BE515EB396DB3499008BA0

Function 00DE5C64 Relevance: 6.1, APIs: 4, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E5416C,00000000,00DE5DC8,?,-00000001,?,00000000), ref: 00DE5C9A
VirtualProtect.KERNEL32(00000000,00000005,00000040,?,00000000,00000000,00000000,00DE5D99,?,00E5416C,00000000,00DE5DC8,?,-00000001,?,00000000), ref: 00DE5D02
VirtualProtect.KERNEL32(00000000,00000005,?,?,00000000,00000005,00000040,?,00000000,00000000,00000000,00DE5D99,?,00E5416C,00000000,00DE5DC8), ref: 00DE5D24
LeaveCriticalSection.KERNEL32(00E5416C,00DE5D99,?,00E5416C,00000000,00DE5DC8,?,-00000001,?,00000000), ref: 00DE5DA8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalProtectSectionVirtual$EnterLeave
String ID:
API String ID: 130458602-0
Opcode ID: 6a2896dc8054c79d4b6c1b9290864c4cc7f87ba80110c9e8a2567e3da25a7dbe
Instruction ID: 121067b2d85e1ad9acb1a58aa4940fc024d855c41308da052c55d9d5bc781a55
Opcode Fuzzy Hash: 6a2896dc8054c79d4b6c1b9290864c4cc7f87ba80110c9e8a2567e3da25a7dbe
Instruction Fuzzy Hash: CA419274704649AFCB00EF99DD829AEB7E9EB48358F1540B5F804D7391EA709E458770

Function 00E3B168 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 105COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3D9C1,?,?), ref: 00E3B226
SetLastError.KERNEL32(00000103,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3D9C1,?,?), ref: 00E3B23F
SetLastError.KERNEL32(00000002,00000000,00000000,00E3B283,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E3B248

Strings

profileRoot, xrefs: 00E3B1E6

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID: profileRoot
API String ID: 1452528299-1427105440
Opcode ID: 7dd93156038575838cd90feea8a96ad7b37c08e542ba627fffc0749608ff8956
Instruction ID: 5424f97ccf7fd470bade63fd5c99396264f99053901d1989e2a4f37ec3465701
Opcode Fuzzy Hash: 7dd93156038575838cd90feea8a96ad7b37c08e542ba627fffc0749608ff8956
Instruction Fuzzy Hash: C6313D74A0020ADFCB04DFA4D9859AFBBB5FF44314F205165E912E7261DB70AE46CAB1

Function 00E3B2B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 105COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3DB55,?,?), ref: 00E3B36E
SetLastError.KERNEL32(00000103,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3DB55,?,?), ref: 00E3B387
SetLastError.KERNEL32(00000002,00000000,00000000,00E3B3CB,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E3B390

Strings

profile, xrefs: 00E3B32E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID: profile
API String ID: 1452528299-2170006031
Opcode ID: 231b4722fe7b258202c7002bc34d3488dbc4ef0a253043c7db50796219f4f388
Instruction ID: 4a308b0e42e874ca76a48e7f71f57520896862cae290509dc9bf23c33494d252
Opcode Fuzzy Hash: 231b4722fe7b258202c7002bc34d3488dbc4ef0a253043c7db50796219f4f388
Instruction Fuzzy Hash: C4315274A00219DFCB04DFA4C9869AEBBF5FF48310F605165E912E7251DB70AE46CBB1

Function 00DEDFC8 Relevance: 6.1, APIs: 4, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00DEE0D8), ref: 00DEDFFF

Part of subcall function 00D76CB0: lstrcmpA.KERNEL32(00000000,?,00000000,00000000,00000002), ref: 00D76D51
Part of subcall function 00D76CB0: GetProcAddress.KERNEL32(00000000,00000000), ref: 00D76EE4

GetModuleHandleW.KERNEL32(00000000,00000000,00000000,00DEE0D8), ref: 00DEE030
VirtualProtect.KERNEL32(00000000,00000004,00000040,00DC27AA,00000000,00000000,00DEE0D8), ref: 00DEE098
VirtualProtect.KERNEL32(00000000,00000004,00DC27AA,00DC27AA,00000000,00000004,00000040,00DC27AA,00000000,00000000,00DEE0D8), ref: 00DEE0B1

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: HandleModuleProtectVirtual$AddressProclstrcmp
String ID:
API String ID: 3124961077-0
Opcode ID: 2e1e8614034d175caf7d27df5234616fb8d962e5fbce7964057cbdcd2eef4a98
Instruction ID: 6f6a0e43804a06ea3b2538e0d328905515730528c7abf9e2728115a26a611aba
Opcode Fuzzy Hash: 2e1e8614034d175caf7d27df5234616fb8d962e5fbce7964057cbdcd2eef4a98
Instruction Fuzzy Hash: 4E31AF74A00288EFDB20EF66D8C2BAAB7F9EF09300F144465E94597391DBB1AD04DB71

Function 00D69D50 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON

Download Yara Rule

APIs

GetThreadUILanguage.KERNEL32(?,00000000), ref: 00D69D61
SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 00D69DBF
SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 00D69E1C
SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 00D69E4F

Part of subcall function 00D69D0C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,00D69DCD), ref: 00D69D23
Part of subcall function 00D69D0C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,00D69DCD), ref: 00D69D40

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Thread$LanguagesPreferred$Language
String ID:
API String ID: 2255706666-0
Opcode ID: 5ef322c686c45a004c4234731a085d0504be6d3d0b6d01cb747adb7cfd82244d
Instruction ID: 9bee4e8dbed98c905c06536f314123070435062430926b0e9b3128effec03c11
Opcode Fuzzy Hash: 5ef322c686c45a004c4234731a085d0504be6d3d0b6d01cb747adb7cfd82244d
Instruction Fuzzy Hash: 5B315A30E0021A9BDB10DFE8C895AEEB3B8FF04314F044575E515E7296EB749A088B70

Function 00DDC61C Relevance: 6.1, APIs: 4, Instructions: 85keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000011), ref: 00DDC64C

Part of subcall function 00DB5644: OpenClipboard.USER32(00000000), ref: 00DB564B
Part of subcall function 00DB5644: EmptyClipboard.USER32 ref: 00DB5654
Part of subcall function 00DB5644: CloseClipboard.USER32 ref: 00DB5659
Part of subcall function 00DB5644: OpenClipboard.USER32(00000000), ref: 00DB5660
Part of subcall function 00DB5644: GlobalAlloc.KERNEL32(00002002,-00000002,00000000,?,00000000,?,00DEF241,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DB567B
Part of subcall function 00DB5644: GlobalLock.KERNEL32(00000000,00002002,-00000002,00000000,?,00000000,?,00DEF241,00000000,00DEF26B,?,?,?,?,00000000,00000000), ref: 00DB5683
Part of subcall function 00DB5644: GlobalUnlock.KERNEL32(00000000,00000000,00002002,-00000002,00000000,?,00000000,?,00DEF241,00000000,00DEF26B,?,?,?,?,00000000), ref: 00DB56AB
Part of subcall function 00DB5644: SetClipboardData.USER32(0000000D,00000000), ref: 00DB56B3
Part of subcall function 00DB5644: CloseClipboard.USER32 ref: 00DB56B8

IsWindowUnicode.USER32(?), ref: 00DDC6AC
CallWindowProcW.USER32(?,?,?,?,?), ref: 00DDC6C3
CallWindowProcA.USER32(?,?,?,?,?), ref: 00DDC6DA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Clipboard$GlobalWindow$CallCloseOpenProc$AllocDataEmptyLockStateUnicodeUnlock
String ID:
API String ID: 3557040120-0
Opcode ID: 158417854f616482c15230ebdf99590d2c4fc85109acfc9c650e06e724009428
Instruction ID: 07fdfa227921a969cbb73e25aca897e0519c82392dfd9fa99cb78866537a3fdc
Opcode Fuzzy Hash: 158417854f616482c15230ebdf99590d2c4fc85109acfc9c650e06e724009428
Instruction Fuzzy Hash: A7212C75610205AFDB60EEA8C885F9A77E8EF4D310F54A162F915DB3A2C670ED05CB70

Function 00E1C974 Relevance: 6.1, APIs: 4, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,00000000,00000000,00000001,?), ref: 00E1C9AB
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,00000104,?,00000000,00000000,00000001,?), ref: 00E1C9CD
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000104,?,00000000,00000000,00000001), ref: 00E1C9FE
RegCloseKey.ADVAPI32(?,?,?,00000000,00000000,00000000,00000104,?,00000000,00000000,00000001,?), ref: 00E1CA2E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID:
API String ID: 1586453840-0
Opcode ID: 46cfdf8edfd829cb6a020d5a9fc5e880cc42c3e7de6cfbb6291d4cbaa47496f7
Instruction ID: d885207087630411defb528366e9e0adbbf93794566774bd66ff1b42c0fd6c13
Opcode Fuzzy Hash: 46cfdf8edfd829cb6a020d5a9fc5e880cc42c3e7de6cfbb6291d4cbaa47496f7
Instruction Fuzzy Hash: 88215B71B80219AFDB10EAA8DC92BEEB3ECEF08754F205525F611E7280DB709D4187B5

Function 00DDB08C Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00DDB16B), ref: 00DDB0BE
GetTextExtentPoint32W.GDI32(?,00000000,00000000,00000000), ref: 00DDB0E2
GetVersion.KERNEL32(00000000,00DDB16B), ref: 00DDB0EB
GetTextExtentPoint32A.GDI32(?,00000000,00000000,00000000), ref: 00DDB12F

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ExtentPoint32TextVersion
String ID:
API String ID: 1062511252-0
Opcode ID: 37edd97f9caaa001bfc1ebe991f2de9e14e8f3d153c83a0a3f7a0a99955f19d9
Instruction ID: b9a09fe4ac0d934d9deb8df02b8d77484340dff63d2157788fe7f945a91e79fd
Opcode Fuzzy Hash: 37edd97f9caaa001bfc1ebe991f2de9e14e8f3d153c83a0a3f7a0a99955f19d9
Instruction Fuzzy Hash: 7E213B71A04709ABDB11EFA9C851AAFB7E9EB09314F55442AF818E3341DB34DE048BB0

Function 00E3C018 Relevance: 6.1, APIs: 4, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00000001,?,?,?,?), ref: 00E3C04F
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000104,80000001,00000000,00000000,00000001,?,?,?,?), ref: 00E3C071
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000104,80000001,00000000,00000000,00000001), ref: 00E3C09F
RegCloseKey.ADVAPI32(?,?,?,00000000,00000000,00000000,00000104,80000001,00000000,00000000,00000001,?,?,?,?), ref: 00E3C0BD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID:
API String ID: 1586453840-0
Opcode ID: 9fc0a0f581c4c088b7f44867b03d013219cee5a3caef64e5dfb7f09e3cdf2310
Instruction ID: 76024c24c012ea2d6fe47c2c3bb6a9ebb97edebaa17de1baab6180cb0d3de610
Opcode Fuzzy Hash: 9fc0a0f581c4c088b7f44867b03d013219cee5a3caef64e5dfb7f09e3cdf2310
Instruction Fuzzy Hash: 9B211A71B40218ABDB10EAE99C85BAEB7A8EF04714F201566BA54F7280E771D9008BA0

Function 00D90988 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32(00000000), ref: 00D909D7
CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 00D909F7
SelectObject.GDI32(?,?), ref: 00D90A24
DeleteDC.GDI32(?), ref: 00D90A33

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Create$CompatibleDeleteObjectSectionSelect
String ID:
API String ID: 4257765504-0
Opcode ID: 76f8a9ae3a298a4f6f066b07957bef08c5afaf82ba3722363dc4cf506d073286
Instruction ID: 46d9ee62d3602751931ee6137b9ab526799f1f17a6e42c98003d33045a2b82ba
Opcode Fuzzy Hash: 76f8a9ae3a298a4f6f066b07957bef08c5afaf82ba3722363dc4cf506d073286
Instruction Fuzzy Hash: E2210971644309AFDB50DF69E841B9ABBE9EF49310F648025F844DB390D7B4AD90CBB0

Function 00D73294 Relevance: 6.1, APIs: 4, Instructions: 64threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 00D732FE
GetCurrentThreadId.KERNEL32 ref: 00D73305
SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00D7331A
PostMessageA.USER32(?,00000402,00000000,00000000), ref: 00D73334

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: MessageThread$CurrentPostProcessSendWindow
String ID:
API String ID: 2746892448-0
Opcode ID: 96550d7054e8e9b7b392d740f1e263720e52bc7c725567551e088652f24e95b1
Instruction ID: d095833fdb9025f974c1e8dcf43e7ad8d5143dcc7dbfc3ba66c237e991dfa0d9
Opcode Fuzzy Hash: 96550d7054e8e9b7b392d740f1e263720e52bc7c725567551e088652f24e95b1
Instruction Fuzzy Hash: C3119171640210ABDB60AF68CCC6F597369EF84710F248251FA08DF297EBB2ED4197B4

Function 00E05314 Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(00000000,00000004,00000040,?,?,00E053CA,00000000,00E0561C), ref: 00E05329
VirtualProtect.KERNEL32(00000000,00000004,?,?,00000000,00000004,00000040,?,?,00E053CA,00000000,00E0561C), ref: 00E0534D
VirtualProtect.KERNEL32(00000000,00000004,00000040,?,?,00E053CA,00000000,00E0561C), ref: 00E0536D
VirtualProtect.KERNEL32(00000000,00000004,?,?,00000000,00000004,00000040,?,?,00E053CA,00000000,00E0561C), ref: 00E05391

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 70448386d9356c1690bc0c148b6da577f1bdd8844bc36e1792b462f12bbb6719
Instruction ID: ba97564c526679df0633f58309a65bd9ef5dc2169a16a8ff0394fdcdde6bf5b0
Opcode Fuzzy Hash: 70448386d9356c1690bc0c148b6da577f1bdd8844bc36e1792b462f12bbb6719
Instruction Fuzzy Hash: 7511B3B9A00304EFE710DB7AED46B5773A8A74A702F014414F624E72A0E3B5D889DB20

Function 00DB7C08 Relevance: 6.0, APIs: 4, Instructions: 46fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB7918: GetCurrentProcessId.KERNEL32(?,00000000,00DB799E,?,00000000), ref: 00DB7944
Part of subcall function 00DB7918: WaitForSingleObject.KERNEL32(00000000,000000FF,00DC7BF0,00000000,00000000,?,00000000,00DB799E,?,00000000), ref: 00DB797E

DeleteCriticalSection.KERNEL32(-00000008,00000000,00DB7C89), ref: 00DB7C4F
VirtualFree.KERNEL32(00000000,00000000,00008000,-00000008,00000000,00DB7C89), ref: 00DB7C5E
UnmapViewOfFile.KERNEL32(00000000,00000000,00000000,00008000,-00000008,00000000,00DB7C89), ref: 00DB7C64
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00008000,-00000008,00000000,00DB7C89), ref: 00DB7C6A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseCriticalCurrentDeleteFileFreeHandleObjectProcessSectionSingleUnmapViewVirtualWait
String ID:
API String ID: 1770878889-0
Opcode ID: d5efe5bacbfdc762a0b80cab918ef56f0aa9108fee8eb08addb034613bd31c41
Instruction ID: 1d544b2b363ce922e211fd6fe0f2c9371fa2ee6e988f00a2dafc5a2eeac622f6
Opcode Fuzzy Hash: d5efe5bacbfdc762a0b80cab918ef56f0aa9108fee8eb08addb034613bd31c41
Instruction Fuzzy Hash: 7601AD74A09640EFD701EF29DD82F5A37EDEF8A300F410866F001AB2A1CA34AC44DBB1

Function 00DE44CC Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00E54154,?,00DC2A83,00000000,?,?,00DE47BB,00000000,00DE4B20,?,00000000,00DE4B50,?,0000EA60,?,00000001), ref: 00DE44D8
VirtualFree.KERNEL32(4A,00000000,00008000,00000000,00DE454B,?,00E54154,?,00DC2A83,00000000,?,?,00DE47BB,00000000,00DE4B20), ref: 00DE4515
LeaveCriticalSection.KERNEL32(00E54154,00DE4552,00E54154,?,00DC2A83,00000000,?,?,00DE47BB,00000000,00DE4B20,?,00000000,00DE4B50,?,0000EA60), ref: 00DE4545

Strings

4A, xrefs: 00DE4502, 00DE4514

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterFreeLeaveVirtual
String ID: 4A
API String ID: 1320683145-3306699992
Opcode ID: 5ed8fc17cc62b15e94f92d3d65b329dc2978e146743218f4d53f186a2035cbb6
Instruction ID: 006a0877e7dd87ef2eb9f4929aa11ad506a6c86014aa82653e3825c3f6526b54
Opcode Fuzzy Hash: 5ed8fc17cc62b15e94f92d3d65b329dc2978e146743218f4d53f186a2035cbb6
Instruction Fuzzy Hash: 3E01F9B0A457C06FE711AB669D02B5A7BD9E751710FA94464F400A3280D6B59D44D630

Function 00D95020 Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

InflateRect.USER32(?), ref: 00D9503E
CreateSolidBrush.GDI32(?), ref: 00D95047
FillRect.USER32(?,?,00000000), ref: 00D95054
DeleteObject.GDI32(00000000), ref: 00D9505A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Rect$BrushCreateDeleteFillInflateObjectSolid
String ID:
API String ID: 2337690274-0
Opcode ID: 3db53a69311896f73b5b4ddf7a749ed21fcb6563864bb2e6eac20ff57eb4c810
Instruction ID: 5416b0508730443ca3ec93b82546e2007a3fcceaf002b19359102aafdb155051
Opcode Fuzzy Hash: 3db53a69311896f73b5b4ddf7a749ed21fcb6563864bb2e6eac20ff57eb4c810
Instruction Fuzzy Hash: 64E09BB3E0051D278712EAE9AC41CFFB35EDD463207040636BD15EB101E5B2AD0482F4

Function 00E07CC0 Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000,?,?,00E07F00,00E08CE4,?,000000FF,00000000,00E08BAF,?,00000000,00E08C3A), ref: 00E07CD7
CloseHandle.KERNEL32(00000000,?,000F001F,00000000,00000000,00000000,?,?,00E07F00,00E08CE4,?,000000FF,00000000,00E08BAF,?,00000000), ref: 00E07CEA
UnmapViewOfFile.KERNEL32(00000000,?,000F001F,00000000,00000000,00000000,?,?,00E07F00,00E08CE4,?,000000FF,00000000,00E08BAF,?,00000000), ref: 00E07CF4
CloseHandle.KERNEL32(00000000,?,000F001F,00000000,00000000,00000000,?,?,00E07F00,00E08CE4,?,000000FF,00000000,00E08BAF,?,00000000), ref: 00E07CFE

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CloseFileHandleView$Unmap
String ID:
API String ID: 1018311036-0
Opcode ID: b1d22cef9335c94d44d7b62ec812311274de9428b3975f2ad5ec9439198e820d
Instruction ID: 1a46989599441d0e3ef32a99ab845a9c2c17ecc5bfbb6233b6e860a0b7621ee2
Opcode Fuzzy Hash: b1d22cef9335c94d44d7b62ec812311274de9428b3975f2ad5ec9439198e820d
Instruction Fuzzy Hash: 10F08C70F05630AFEB226AB8DC86B6633D9DF0A310F101860F540EF185D6B4A880C7A2

Function 00DB4208 Relevance: 6.0, APIs: 4, Instructions: 21COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 00DB4215
EnterCriticalSection.KERNEL32 ref: 00DB421B
LeaveCriticalSection.KERNEL32 ref: 00DB423B
DeleteCriticalSection.KERNEL32 ref: 00DB4241

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$DeleteEnterInitializeLeave
String ID:
API String ID: 1090962914-0
Opcode ID: 847488d220b73d5dd40bc3ab1225ebad7053e6e9ac116ab26fae310858cd12af
Instruction ID: 9c70b886823823fc7e3483320fce6e8318ab77aa99609f8575b2d7b686c083de
Opcode Fuzzy Hash: 847488d220b73d5dd40bc3ab1225ebad7053e6e9ac116ab26fae310858cd12af
Instruction Fuzzy Hash: C6E08638D0A701DED690FB356F0679931A1E791325F840315B01E711F2CA3D004AD6B7

Function 00DC15A8 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 454threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DC1623
GetCurrentThreadId.KERNEL32 ref: 00DC1B4D

Strings

@, xrefs: 00DC1628, 00DC1B52

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID: @
API String ID: 2882836952-935976969
Opcode ID: 2d81754bc7d8f29cd3f7dd32a941256cbb022876a0966c678b23564dcc1bc07b
Instruction ID: eb8efe89d0318d23ee467b664c71ae5ee75c8fa30cc945fe3bd953673f552616
Opcode Fuzzy Hash: 2d81754bc7d8f29cd3f7dd32a941256cbb022876a0966c678b23564dcc1bc07b
Instruction Fuzzy Hash: 88124878A0425ADFDB11CB58C594FADFBF6FB4A310F688194D440A72A2C734AD86CB74

Function 00D975BC Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 337COMMON

Download Yara Rule

Strings

madExcept, xrefs: 00D97988
Internal error: Invalid assistant resource (, xrefs: 00D9798D

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID: Internal error: Invalid assistant resource ($madExcept
API String ID: 0-1727790496
Opcode ID: c48e4aac7e355dd60fa733323a1836b4934e6a3000b331d18c0db835c03c3340
Instruction ID: b7e245f6b73c7196590687b45aba7703983dbd9b01c6cfc0d21db69b4a99f619
Opcode Fuzzy Hash: c48e4aac7e355dd60fa733323a1836b4934e6a3000b331d18c0db835c03c3340
Instruction Fuzzy Hash: C2E11C3461410A9FCB04DF58D481EAEB7F5FF48314B248595F8859B396D735ED82CBA0

Function 00DEDD6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00DEDE29

Part of subcall function 00DB3ADC: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3B22
Part of subcall function 00DB3ADC: LocalSize.KERNEL32(00000000), ref: 00DB3B8F
Part of subcall function 00DB3ADC: LocalSize.KERNEL32(00000000), ref: 00DB3BC3
Part of subcall function 00DB3ADC: LocalFree.KERNEL32(00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BDD
Part of subcall function 00DB3ADC: LocalSize.KERNEL32(00000000), ref: 00DB3BE9
Part of subcall function 00DB3ADC: LocalFree.KERNEL32(00000000,00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BF7
Part of subcall function 00DB3ADC: LocalFree.KERNEL32(00000000,00000000,00000000,00DB3D34,?,?,000000FF,00000000,00DB3D59,?,00000000,madExcept - TraceProcessThread), ref: 00DB3BFD

GetCurrentThreadId.KERNEL32 ref: 00DEDE8B

Part of subcall function 00D720DC: GetVersion.KERNEL32(?,00000001,00D6F784,-00000006,00DB75D2,00000000,00000000,00000000,00000000,00000000,00000000,00D6F784,00000001,00000000,00000000,00000000), ref: 00D72109
Part of subcall function 00D720DC: GetModuleHandleW.KERNEL32(kernel32.dll,MultiByteToWideChar,?,00000001,00D6F784,-00000006,00DB75D2,00000000,00000000,00000000,00000000,00000000,00000000,00D6F784,00000001,00000000), ref: 00D7211F

Strings

EExternalException, xrefs: 00DEDDB8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Local$FreeSize$CurrentThread$HandleModuleObjectSingleVersionWait
String ID: EExternalException
API String ID: 1013286825-3805603536
Opcode ID: 3d21b199425f709ef17af0d3e60da0291493cacc1b402d88b91ec7222ad1d7a0
Instruction ID: 498ed0e10e1da93605a55e9ae262bf494f4286b0d2219cf881ab8e41e40f4abc
Opcode Fuzzy Hash: 3d21b199425f709ef17af0d3e60da0291493cacc1b402d88b91ec7222ad1d7a0
Instruction Fuzzy Hash: 1851B130A04288DFEB14FF95C886BAEB3B6EF44704F248065F501AB6D1DB74AD44CA71

Function 00E3858C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON

Download Yara Rule

APIs

EnumDisplayMonitors.USER32(00000000,00000000,00E376F8,?,?,?,?,?,00000007,00000000,00000000,?,00E38785,?,00E3C40F,00000000), ref: 00E386F7

Strings

O, xrefs: 00E3870C, 00E38727
devices, xrefs: 00E385E8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: DisplayEnumMonitors
String ID: devices$O
API String ID: 2950131505-3012067865
Opcode ID: 8245bfbf1e668f4e7e3a5134d8d618cc2debb48fbc4bef8be5a70e09e32a60e0
Instruction ID: 73854a47e380c7a13bb45acd201300d8db6b72e96db967a89c6bc54e3d970a82
Opcode Fuzzy Hash: 8245bfbf1e668f4e7e3a5134d8d618cc2debb48fbc4bef8be5a70e09e32a60e0
Instruction Fuzzy Hash: 5F51A438A00209DFCB44DF94C599A9DBBB5FF48311F605095E802B7755DB30AE46CFA1

Function 00DED6E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00DED91F,?,?,00000029,00000000,00000000), ref: 00DED71A
GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,0000001C,00000000,00DED91F,?,?,00000029,00000000,00000000), ref: 00DED746

Part of subcall function 00D6AE5C: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00D6AEA1

Strings

Access Violation, xrefs: 00DED7DD

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: Access Violation
API String ID: 902310565-612726482
Opcode ID: f41cabcd97781081cd5f1245f49b5a47fe30670f8686083a013937953910507b
Instruction ID: 6481ea9b600e1719b1c5a5aa8e2129053f1302f2360ae07eda55e335d189d645
Opcode Fuzzy Hash: f41cabcd97781081cd5f1245f49b5a47fe30670f8686083a013937953910507b
Instruction Fuzzy Hash: 12511B34A0015D8BDB60FB55DC81BDDB3BAEB88304F1085A5E50DAB256DA74AE85CFB0

Function 00DCD23C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

250, xrefs: 00DCD23E

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID:
String ID: 250
API String ID: 0-1548098294
Opcode ID: 18dd6171d7f33c51a4b16b686635a28d4669926556be3fc5afa7a5d8557951b1
Instruction ID: 73337fce095f8ac5f148dc4db08b425c4f4020a2db466c040af41ae355b990a5
Opcode Fuzzy Hash: 18dd6171d7f33c51a4b16b686635a28d4669926556be3fc5afa7a5d8557951b1
Instruction Fuzzy Hash: FF41F271608349AFD710DF68CD81F9EBBE9AB89744F04482DF988C7251D370E940CBA2

Function 00E05200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00E05216
GetCurrentProcess.KERNEL32 ref: 00E0525F

Strings

lN, xrefs: 00E05233

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcessVersion
String ID: lN
API String ID: 2809935031-2501421188
Opcode ID: bb437f92f54c214965ec8510dfaf484d1a408262152546072c6e189237b6c59a
Instruction ID: 4a2d6189b61f3ae87af4e792ccc9e80b863ea43ed36d0ca9ff809a5b9bfcaaee
Opcode Fuzzy Hash: bb437f92f54c214965ec8510dfaf484d1a408262152546072c6e189237b6c59a
Instruction Fuzzy Hash: A231C436A00704EFE710CBAADC45BAF77B9EB4A791F045011FA14B72A1D7749C859BA0

Function 00DE53F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,00DE54D5,?,00000000), ref: 00DE542E
QueryPerformanceFrequency.KERNEL32(?,?,00000000,00DE54D5,?,00000000), ref: 00DE543F

Strings

milliseconds, xrefs: 00DE54B5

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: PerformanceQuery$CounterFrequency
String ID: milliseconds
API String ID: 774501991-771502954
Opcode ID: ac3c3ec425a1fe4d9d9398ecdaec7e157b2c830228f27404e32def1bbd84fcbc
Instruction ID: 237a332d40cd249918a90806c18541da944d4dfef050d11ffac5f5f77c445d6b
Opcode Fuzzy Hash: ac3c3ec425a1fe4d9d9398ecdaec7e157b2c830228f27404e32def1bbd84fcbc
Instruction Fuzzy Hash: F2219F34A00648AFDF54EFA9DD41BAEB7F9EB48308F504125F504A22D5DB359E84CA30

Function 00DF064C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000000,00DF0716,?,?,?,?,00000000,00000000,00000000), ref: 00DF0668

Part of subcall function 00DF049C: VirtualProtect.KERNEL32(00000018,000000F0,00000040,?,?,00000000,00DF0615), ref: 00DF051A
Part of subcall function 00DF049C: VirtualProtect.KERNEL32(00000018,000000F0,?,?,00000018,000000F0,00000040,?,?,00000000,00DF0615), ref: 00DF056B
Part of subcall function 00DF049C: GetCurrentProcess.KERNEL32(00000000,00000000,00000018,000000E0,?,?,00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF05F4
Part of subcall function 00DF049C: FlushInstructionCache.KERNEL32(00000000,00000000,00000000,00000018,000000E0,?,?,00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF05FA

Part of subcall function 00DF049C: VirtualProtect.KERNEL32(00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF0581
Part of subcall function 00DF049C: VirtualProtect.KERNEL32(00000018,000000E0,?,?,00000018,000000E0,00000040,?,?,00000000,00DF0615), ref: 00DF05EB

Strings

$M, xrefs: 00DF06D0
.bpl, xrefs: 00DF06D8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$CacheCurrentFlushHandleInstructionModuleProcess
String ID: $M$.bpl
API String ID: 3182098243-4105977249
Opcode ID: b3b69674b76f28bfd6fd73ab74b48c71adb45227029d0c87e18a5e56505f64b9
Instruction ID: 37e206721ff2be072618f081b73f49ad97af1b1a54374314850e4df87206bb72
Opcode Fuzzy Hash: b3b69674b76f28bfd6fd73ab74b48c71adb45227029d0c87e18a5e56505f64b9
Instruction Fuzzy Hash: 7A214F35A0010CAFDB10EF95D892B6DBBB5EB48710F6280A1E600E7362CB70BE15CE74

Function 00E06C4C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00E06D38,?,00000000,00E06D1E,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E06C93

Strings

,_, xrefs: 00E06C7D
@_, xrefs: 00E06CD0

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcess
String ID: ,_$@_
API String ID: 2050909247-662060846
Opcode ID: fa31d7c8c928c534d6090da61dd0bf04300112e0c9f13fd209a155a2d4c5d8a4
Instruction ID: 8a7cf391740d7d21bbaadc746a57c7110b5b66d7043b019a8c1574a0bceca1af
Opcode Fuzzy Hash: fa31d7c8c928c534d6090da61dd0bf04300112e0c9f13fd209a155a2d4c5d8a4
Instruction Fuzzy Hash: 19116079B14209AFDB01FB98CC42A9EBBBAEF88300F508461F404B7292D7759E159770

Function 00D94EDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateFontA.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00D94F18
CreateFontA.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,MS Sans Serif), ref: 00D94F3E

Strings

MS Sans Serif, xrefs: 00D94F21

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CreateFont
String ID: MS Sans Serif
API String ID: 1830492434-168460110
Opcode ID: 84399252273daa151d6ac65af7c05ce54e971083a646af0d25729029c9d267a7
Instruction ID: d93d1961c02beef07b92488505f5d4460b43a640336a6bb3b9a61d777313b035
Opcode Fuzzy Hash: 84399252273daa151d6ac65af7c05ce54e971083a646af0d25729029c9d267a7
Instruction Fuzzy Hash: A1F0C2B13C43193AFA3021166C87F77224DCB85F95E350065BB00BE2C2EAC6BC0651BC

Function 00E05158 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51libraryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,00E051F2,?,?,?,?,00000000), ref: 00E0517B
LoadLibraryA.KERNEL32(00000000,00000000,00E051F2,?,?,?,?,00000000), ref: 00E0519D

Part of subcall function 00D76EF4: GetProcAddress.KERNEL32(00000000,00000023), ref: 00D76F3A

Strings

@M, xrefs: 00E0518A

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProcVersion
String ID: @M
API String ID: 2685220120-2208089455
Opcode ID: db622c86bb96622557f13d25021a5d8f6610a49cb548410ca5a1753fc84e7a00
Instruction ID: e3c9653c52c09d18a09ed227d93395160ea0dba002b98f80ef60ad801d58f7db
Opcode Fuzzy Hash: db622c86bb96622557f13d25021a5d8f6610a49cb548410ca5a1753fc84e7a00
Instruction Fuzzy Hash: B001AD79604F04DFD311EB7ADC01B1AB6A9EB86300F518134F808A36A1E734DC45CB70

Function 00DB7918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00DB3164: GetModuleHandleA.KERNEL32(advapi32.dll,SetEntriesInAclA), ref: 00DB318F
Part of subcall function 00DB3164: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DB31F9
Part of subcall function 00DB3164: InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,advapi32.dll,SetEntriesInAclA), ref: 00DB32B8

GetCurrentProcessId.KERNEL32(?,00000000,00DB799E,?,00000000), ref: 00DB7944

Part of subcall function 00D6D6C0: CreateMutexA.KERNEL32(?,00000001,00000000,?,00DB7979,00DC7BF0,00000000,00000000,?,00000000), ref: 00D6D6D6

WaitForSingleObject.KERNEL32(00000000,000000FF,00DC7BF0,00000000,00000000,?,00000000,00DB799E,?,00000000), ref: 00DB797E

Strings

madExceptSettingsMtx, xrefs: 00DB795B

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CurrentProcess$CreateDescriptorHandleInitializeModuleMutexObjectSecuritySingleWait
String ID: madExceptSettingsMtx
API String ID: 4049993468-1171596302
Opcode ID: 721719283e0bcc8d1163a5a13afd8d56c79462d80b20e8e0c5e635be3abce48e
Instruction ID: ba6f4f74639ac89fa3188cccc25afe6558758c107a88a9474c45268090b63355
Opcode Fuzzy Hash: 721719283e0bcc8d1163a5a13afd8d56c79462d80b20e8e0c5e635be3abce48e
Instruction Fuzzy Hash: 79011A71A1820C9FDF01EBA4DC42ADEB7FDEB8C320F614561E414A3691EA749A058A70

Function 00DCD960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?,00000000,00DCD9D6), ref: 00DCD980
SystemTimeToFileTime.KERNEL32(?,?,?,00000000,00DCD9D6), ref: 00DCD98D

Strings

@madExcept>, xrefs: 00DCD9AC

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: Time$System$File
String ID: @madExcept>
API String ID: 2838179519-2072251058
Opcode ID: d28a93c141f4bcd6bc47f87f88ad841f72a2ab5a469febbb826aba6830982198
Instruction ID: 3dc6a1803477af134698a2a2de8d31b567851604c0e7213bb75e9bbf3c102058
Opcode Fuzzy Hash: d28a93c141f4bcd6bc47f87f88ad841f72a2ab5a469febbb826aba6830982198
Instruction Fuzzy Hash: 5E014F75A042099FDB01DAA5DC52DAEB7BEEB49300B414476F504A3291EA3495058B70

Function 00D6D92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950
GetProcAddress.KERNEL32(00000000,00000000), ref: 00D6D972

Strings

madExcept - TraceProcessThread, xrefs: 00D6D932

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: madExcept - TraceProcessThread
API String ID: 190572456-2631385117
Opcode ID: 3362f6bc05f960629823d93ca72055564dcd62e8eb6ad9784163d0727d85c984
Instruction ID: 0d29f4ec409331e905d08d9d4c52cb924c27a45d94e68ffa7834c26d8b45c930
Opcode Fuzzy Hash: 3362f6bc05f960629823d93ca72055564dcd62e8eb6ad9784163d0727d85c984
Instruction Fuzzy Hash: 26F09074B18608BFEB01DA64EC42E6E73DDDB4D710F910472F90097281D630AE04C9B0

Function 00E119C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(nvapi.dll,?,00E11A6D,?,?,00000000,?,00E11AE9,Function_0000F714,?,00E374DF,?,?,?,00000000,00000000), ref: 00E119CF

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Strings

nvapi.dll, xrefs: 00E119CA
nvapi_QueryInterface, xrefs: 00E119DA

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: nvapi.dll$nvapi_QueryInterface
API String ID: 2574300362-2940450303
Opcode ID: e90d81bc9176cf20e1b75069134c1e50a857849b28634d446bfcf16063f6ff05
Instruction ID: c5ad612f71e247ad4c09cfdf1b5f1863a04afd093b2a6df4ea102911794c821c
Opcode Fuzzy Hash: e90d81bc9176cf20e1b75069134c1e50a857849b28634d446bfcf16063f6ff05
Instruction Fuzzy Hash: 6CF030F86063128FD704AFB77C857962AD8AF1430EF942969B601B11A2E7E4C8C8D611

Function 00DABAD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00E4356B,00000000,00E435A2), ref: 00DABAD6

Part of subcall function 00D6D92C: GetProcAddress.KERNEL32(00000000,?), ref: 00D6D950

Strings

kernel32.dll, xrefs: 00DABAD1
GetDiskFreeSpaceExW, xrefs: 00DABAE1

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1646373207-1127948838
Opcode ID: 846bd5a2657237c29be993e4f557b1a160f92ca4a7abf0e52aab1b4bc448a7cf
Instruction ID: 2450336c75f7642cbb4ea4e0dd0be8bd9cc15a1068f5c5a74d845c42d26156bf
Opcode Fuzzy Hash: 846bd5a2657237c29be993e4f557b1a160f92ca4a7abf0e52aab1b4bc448a7cf
Instruction Fuzzy Hash: D7D05EE86453054FEB009BB17CC26223594C30A320B040067A08055106CBA08D0ACAB0

Function 00E3D940 Relevance: 5.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,00E3DA7B,?,00000000,00E3DABE), ref: 00E3D97F

Part of subcall function 00E3B168: SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3D9C1,?,?), ref: 00E3B226
Part of subcall function 00E3B168: SetLastError.KERNEL32(00000103,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3D9C1,?,?), ref: 00E3B23F

SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00E3DA6A,?,?,00000000,00E3DA7B,?,00000000,00E3DABE), ref: 00E3D9D0
SetLastError.KERNEL32(000000EA,00000000,?,?,?,?,00000000,00000000,00E3DA6A,?,?,00000000,00E3DA7B,?,00000000,00E3DABE), ref: 00E3DA3F
LeaveCriticalSection.KERNEL32(?,00E3DA71,?,00000000,00000000,00E3DA6A,?,?,00000000,00E3DA7B,?,00000000,00E3DABE), ref: 00E3DA64

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CriticalSection$EnterLeave
String ID:
API String ID: 2269797833-0
Opcode ID: 3106ffc1f3dad5a4f5f1a6d351aac49f97dbaa80315e4313f94421db3baca208
Instruction ID: e4124fb1bf4bfac370a3a22c9260cfa6d23cc4422a50fdbcbae9680b5cba3ee7
Opcode Fuzzy Hash: 3106ffc1f3dad5a4f5f1a6d351aac49f97dbaa80315e4313f94421db3baca208
Instruction Fuzzy Hash: B8414B70A08209AFDB11DFA8DD96A9EBBF9EF49704F1145A4F805E7250D730EE11CBA0

Function 00E3DAD4 Relevance: 5.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,00E3DC0F,?,00000000,00E3DC52), ref: 00E3DB13

Part of subcall function 00E3B2B0: SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3DB55,?,?), ref: 00E3B36E
Part of subcall function 00E3B2B0: SetLastError.KERNEL32(00000103,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00E3DB55,?,?), ref: 00E3B387

SetLastError.KERNEL32(00000000,?,?,?,?,00000000,00000000,00E3DBFE,?,?,00000000,00E3DC0F,?,00000000,00E3DC52), ref: 00E3DB64
SetLastError.KERNEL32(000000EA,00000000,?,?,?,?,00000000,00000000,00E3DBFE,?,?,00000000,00E3DC0F,?,00000000,00E3DC52), ref: 00E3DBD3
LeaveCriticalSection.KERNEL32(?,00E3DC05,?,00000000,00000000,00E3DBFE,?,?,00000000,00E3DC0F,?,00000000,00E3DC52), ref: 00E3DBF8

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: ErrorLast$CriticalSection$EnterLeave
String ID:
API String ID: 2269797833-0
Opcode ID: 5969e431fb5af819cb07dbf5e5ddfe7697e26a4321bd17d7bd7c84aae21ef8a7
Instruction ID: 1caabb4d7a9a62558afde5fbb5620c868800d38ccc522d365881977faed1128a
Opcode Fuzzy Hash: 5969e431fb5af819cb07dbf5e5ddfe7697e26a4321bd17d7bd7c84aae21ef8a7
Instruction Fuzzy Hash: E9411B71A04209AFDB11DFA8DC96A9EBBF9EF09714F1145A4F505E7250DB30EE10CBA1

Function 00E3CF80 Relevance: 5.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,00E3D077,?,00000000,00E3D0BA), ref: 00E3CFBF
LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00E3D066,?,?,00000000,00E3D077,?,00000000,00E3D0BA), ref: 00E3D01F
SetLastError.KERNEL32(00000002,00000000,00000000,00E3D066,?,?,00000000,00E3D077,?,00000000,00E3D0BA), ref: 00E3D04A
LeaveCriticalSection.KERNEL32(?,00E3D06D,00E3D066,?,?,00000000,00E3D077,?,00000000,00E3D0BA), ref: 00E3D060

Memory Dump Source

Source File: 0000001A.00000002.2080402949.0000000000D61000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00D60000, based on PE: true

Associated: 0000001A.00000002.2080384932.0000000000D60000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080851640.0000000000E44000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080895540.0000000000E55000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080915534.0000000000E57000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080934077.0000000000E58000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E59000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000001A.00000002.2080953569.0000000000E5B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_d60000_1 DEMANADA LABORAL.jbxd

Yara matches

Similarity

API ID: CriticalSection$AllocEnterErrorLastLeaveLocal
String ID:
API String ID: 3910011525-0
Opcode ID: 0f56803bab723b9ceb372d1c70e7044aca61665c083425cf7c91f7f05ee982d3
Instruction ID: 0edd30e39bdf4bf9efda2b5c0b09e64725afa55d2d0f5264bf7f2397c85653a1
Opcode Fuzzy Hash: 0f56803bab723b9ceb372d1c70e7044aca61665c083425cf7c91f7f05ee982d3
Instruction Fuzzy Hash: 10315A74A04208AFDB15DFA4DC95A9EBBBAFB89B00F1085A4F810E7251D630AA01CF60

Analysis Process: MSBuild.exePID: 3816, Parent PID: 3016COMMON

Execution Graph

Execution Coverage:	18.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 00D85130 Relevance: 1.6, APIs: 1, Instructions: 89
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 00D87D72

Memory Dump Source

Source File: 0000001D.00000002.2428822606.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_d80000_MSBuild.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ba6b2a6047bda64d642c7f882dcfb550ec6eda20f27ad94172114d8a0d3c302e
Instruction ID: 846fbf7bc3c4b18dd62d725c94591f2638dd49742cb4281ea5007cf8a6b2c489
Opcode Fuzzy Hash: ba6b2a6047bda64d642c7f882dcfb550ec6eda20f27ad94172114d8a0d3c302e
Instruction Fuzzy Hash: 8F31F2B0D04249DFDB14EFA9C885BADBBF1AF08714F248529E819A7280D7749885CFA5

Function 00D87C9D Relevance: 1.6, APIs: 1, Instructions: 88
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 00D87D72

Memory Dump Source

Source File: 0000001D.00000002.2428822606.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_d80000_MSBuild.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 825da0538eb8ed9575e75f780067bcdc17898aeb399f9f81705045aeffcedc8a
Instruction ID: e0f784699c35a7a650aee654194c99deb32358092cb12242644e43ab2caa1a83
Opcode Fuzzy Hash: 825da0538eb8ed9575e75f780067bcdc17898aeb399f9f81705045aeffcedc8a
Instruction Fuzzy Hash: 2B3112B0D04249DFDB14EFA9C885BADFBF1BF08714F248529E819A7280D7749881CFA5

Function 008AD4A0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2424923659.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_8ad000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae651babf669afaf38ffb1164d680bfc86be52b52a83386298713c97e0019e4
Instruction ID: fcbde40214a6565850fadc8089d3ff6b24735819a7ad59f6134ecb574e4938c2
Opcode Fuzzy Hash: bae651babf669afaf38ffb1164d680bfc86be52b52a83386298713c97e0019e4
Instruction Fuzzy Hash: F82148B1904344DFEB15DF04D9C0B26BF61FB98318F20C569E906CBA56C336D856CBA2

Function 008AD49B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2424923659.00000000008AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_8ad000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eeef5218b486746d9d977ed8f290ce031770864af54224cc3c559f8a35fd6c7
Instruction ID: 571aaec700df161e673e935de006506b3fab543187587223162f513d9cd443eb
Opcode Fuzzy Hash: 7eeef5218b486746d9d977ed8f290ce031770864af54224cc3c559f8a35fd6c7
Instruction Fuzzy Hash: 7011E1B6804340CFDB12CF04D5C0B56BF72FB84324F24C5A9D80A8BA56C336D856CBA2

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: AsyncRAT

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\078acd2f-4ca0-44f6-9306-ef681b6a8c38.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b42c71a-673c-4ca7-b99e-b7d2e18f1538.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3e861bf2-932e-4afe-b02d-9f259f75f4ae.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\479d5865-8b75-4e4a-bdc2-40d2ee113bc3.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7a96f0ca-d19b-48ca-9235-0707ae93d779.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\84e290c0-7a4a-4c1e-b3c9-e86704366835.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\ca1c38ef-f2b8-434f-b532-40ebf606e0ae.tmp

Windows Analysis Report
140-DEMNADA LABORAL- JUZGADO 03 CIVIL DEL CIRCUITO RAMA JUDICIAL.svg

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre